Table of Contents
The Ubiquity of Cloud Infrastructure
Cloud infrastructure is everywhere. From the public sector to banking, insurance, and startups, most companies are leveraging some form of this technology.
The wide range of offerings available make it incredibly compelling and easy for a business to get started in or migrate to the cloud. By taking advantage of the agility and scalability of the cloud, companies can significantly boost their possibilities.
The major global players are undoubtedly Google Cloud Services, Microsoft Azure and Amazon Web Services. All of these offer a large variety of services and tools in their Cloud Suite designated to meet any company’s needs.
But there are rising stars in Europe that want to compete with these major players. They are currently significantly less common and thus I want to use this series of posts to map out the European cloud landscape. We will conduct comparisons of service offerings, analyze unique features and benchmark the providers against a global player. Finally we will also walk through practical experiences with some promising providers. Stay tuned for more to come.
Let’s first take a look, why a company would prefer a European Cloud Provider over an US Hyperscaler.
Regulatory Complexities: The CLOUD Act vs. GDPR
A significant and still ongoing debate in the cloud sphere is based on the fact, that the major cloud players Google, Microsoft and Amazon are US-located companies. This builds the foundation for the opposition of the US CLOUD Act and the GDPR, which do not conform to one-another and make simultaneous compliance challenging.
The US CLOUD Act grants US government agencies the right to request and disclose any data stored by US companies, disregarding the storage location. In contrast GDPR strictly prohibits the disclosure (or other use) or personally identifiable information (PII) belonging to EU citizens to third countries.
US CLOUD Act § 2713
A provider of electronic communication service […] shall comply with the obligations of this chapter to preserve, backup, or disclose […] any record or other information pertaining to a customer or subscriber within such provider’s possession, custody, or control, regardless of whether such communication, record, or other information is located within or outside of the United States.
GDPR – Article 48
Any judgment of a court […] of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty, in force between the requesting third country and the Union or a Member State, without prejudice to other grounds for transfer pursuant to this Chapter
These laws and the applicability of both them for PII stored at a US provider in Europe present companies with circumstances that may make it legally impossible to adhere to both regulations.
The Rise of Sovereign Cloud: A European Solution
In the current data-driven times, the debate about US CLOUD Act and GDPR is more prominent than ever. For customers who are unwilling to assume the risk of possibly violating either regulation, it is crucial to find possible solutions that prioritize sovereignty and data protection. This currently fuels the the offer and rise of European Cloud Providers.
This rise is strong, although some of them are still under radar and are not as commonly known as they should be. They offer compelling alternatives to US Cloud companies while operating completely in Europe and under European jurisdiction without applicability of the US CLOUD act. Thus making it far easier to comply with the GDPR.
The service offering and the Quality of Service from European providers are continuously improving. This allows companies to build business solutions on robust infrastructure, ever growing features and with a special focus on data residency, open-sourceness and privacy.
Providers under Comparison
We picked five providers for initial comparison and compared their Origin, Certifications, IaC Offering, Technical Base, Service Offering and Regionality.
| Provider | Origin | Certifications | Technical Base | IaC Support |
| IONOS | Germany | ISO 27001 & 50001 | VMWare & Proprietary | Terraform / OpenTofu |
| OVH | France | ISO 27001 & 27017 & 27018 & 27701 & 50001 | OpenStack (incl. API) | Terraform / OpenTofu Pulumi |
| Scaleway | France | ISO 27001 | Proprietary | Terraform / OpenTofu |
| StackIT | Germany | ISO 27001 & 50001 | OpenStack (incl. API) | Terraform / OpenTofu |
| Open Telekom Cloud (OTC) | Germany | TISAX ISO 27001 & 27017 & 27018 & 27701 & 50001 | OpenStack (incl. API) | Terraform / OpenTofu |
Service Offering
All providers offer the following services:
- Managed Kubernetes
- Private Container Registry
- S3 Compatible Object Storage
- Managed Database (Relational & NoSQL)
| IONOS | OVH | Scaleway | StackIT | OTC | |
| WAF | ✅ (only with CDN) | ✅ (3rd party integration) | ✅ | ❌ | ✅ |
| CDN | ✅ | ✅ | ✅ (LB & S3) | ✅ | ❌ |
| Managed Kafka | ✅ | ✅ | ❌ | ❌ | ✅ |
| Managed Messaging | ❌ | ❌ | ✅ | ✅ | ❌ |
| Serverless | ❌ | ❌ | ✅ | ❌ | ✅ |
| Network Peering | ✅ (only Frankfurt) | ❌ (Multi-Region Networks are available) | ❌ | ✅ | ✅ |
| Subnet Security | ✅ | ✅ | ✅ (Public Beta) | ❌ | ✅ |
| Instance Level Security | ✅ | ✅ | ✅ | ✅ | ✅ |
| S2S VPN | ✅ | ❌ | ❌ (only Private Beta) | ✅ | ✅ |
| Physical Data Center Availability | ❌ | ✅ | ✅ | ❌ | ✅ |
Remark: Multiple Services may have a green checkmark in the same category. This only means, that some sort of offer is available. This does not mean, that these offers are identical or interchangeable. For example Scaleway offers SQS-compatible managed messaging, while StackIT offers RabbitMQ.
Regionality
Availability Zones
All providers offer redundancy by offering multiple Availability Zones in one Region. For OVH this is only the case in Paris, all other Regions are Single-AZ Regions with redundant Powersupplies. The other providers offer at least three AZs per Region.
Regions
- Ionos: 6x Europe, 3x US
- OVH: 10x Europe, 4x NA, 3x Asia Pacific (only Paris is 3-AZ)
- Scaleway: 3x Europe (Warsaw, Amsterdam, Paris)
- StackIT: 2x Europe (Germany, Austria)
- OTC: 2x Europe (Germany, Netherlands)
Conclusion
There is already a large offer of European Cloud Providers, that provide the required services to get started in the “Sovereign Cloud made in Europe”. Currently one has to pick the offer that best suites the requirements but most architectures will be able to be deployed on a European Cloud. In the upcoming parts of this series we will take a deeper look into some of these providers and gain practical experience with their toolings and their specifics.
