European Cloud can makes ISO 27001 easier
Goodbye AWS: How We Kept ISO 27001, Slashed Costs by 90%
The European CTO’s Dilemma: Keeping Compliance outside AWS Datapult Follow 4 min read · 2 hours ago 2 hours ago -- Listen Share
Earlier this year, I faced a dilemma many tech leaders know well. Our entire infrastructure was built on AWS. We loved their powerful, ISO 27001-certified services. Yet, two critical issues kept me up at night:
The Compliance Black Hole: It was clear that American cloud providers couldn’t fully shield us from US government jurisdiction. Under the CLOUD Act and FISA, our European customer data was potentially exposed, regardless of the server’s physical location. This undermined our GDPR promises. The $2,000/Month Question: While not a fortune for every company, our $24,000 annual bill felt disproportionate to our actual needs. I asked myself: how often does a well-maintained Linux server actually crash? Isn’t RDS just a managed Postgres instance with scripts I could write myself? That $2,000 a month could buy a phenomenal amount of resilient, dedicated hardware in Europe.
This wasn’t just about cost or compliance; it was a strategic risk. Was tying our company’s future to a single US-based provider a responsible choice?
Our story
We are a Danish workforce management company doing employee scheduling. Beyond our ISO 27001 certificate, we have a few legal requirements on our operation as well as we perform overtime compensation salary adjustments and are source of truth for time-and-attendance data. Maintaining the tech side of this, is just like maintaining a bank software: Things must be accounted for, always add up and never be lost.
Born and raised in AWS, many aspects of our legal requirement was architected as AWS native workflows and migrating that to independent alternatives always had to go along with legal requirements.
What You Fear Losing (And What You Actually Lose)
... continue reading