Secure Cloud - Cloud Migration for SMEs
You store data with Google, Microsoft, AWS, or Apple. Now you want to exercise data protection rights - The switch for enlightened SMEs.
Cloud Security Part 5
Andy
Andy is a founder of Lenotra AG, which launched myLeny® in 2025. He lives in Switzerland and has been grappling with the question "How can I move comfortably in the digital space without having to give up my digital self-determination?" for years.
Cloud Migration for Small and Medium-Sized Enterprises (SMEs)
Introduction
More and more companies are using cloud services to store their operational data, such as customer files, invoices, contracts, contacts, and calendars, online. Major providers like Google, Microsoft, and Amazon make this very easy and convenient.
However, their legal requirements in the countries of their headquarters pose significant risks for SMEs: Without your consent and without a legal basis in your country of residence, foreign government agencies can view and share sensitive company data without restriction – a high risk for data protection, competitive advantages, and compliance with nDSG respectively GDRP.
Therefore, it is worth considering a secure open-source cloud environment like Nextcloud for smaller and medium-sized businesses. This solution gives them full control over their data, protects their privacy, helps them apply the important Digital Principles, and offers many practical functions for daily business operations.
Benefits of an open-source cloud environment like Nextcloud
✅ Full control over your own data through trusted providers or self-hosting
✅ Highest security thanks to regular updates and transparency of the code
✅ Data protection according to Swiss or European standards
✅ No hidden ads or unwanted data usage
✅ Future-proofing and support from a large developer and user community
☺️ With the help of a secure open-source cloud, you can exercise your Digital Self-Determination and protect your data
Disadvantages of Google, Microsoft, and AWS clouds
❌ Data is stored on foreign servers, with foreign legislation that supports the release and forwarding of your data even if your data is in a data center in your home country
❌ No full control over one's own data and their use
❌ Privacy settings are complicated and opaque
❌ Apps and services can use personal data for advertising
❌ Risk of dependence due to lack of open exchange standards
☹️ No digital sovereignty, nontransparent data usage, high dependence on providers
Migration paths for small and medium-sized enterprises
Situation 1: We have a Windows file server and employees use OneDrive privately
Your challenge:
🔹 Files are scattered (file server, OneDrive, private Google Drive of employees)
🔹 No central control over who has access
🔹Data protection nightmare: Who has what customer data where?
Your migration path:
Sources: Nextcloud Migration Guide, 2025, Help.nextcloud.com – SMB-Migration, 2021. Nextcloud Doku – External Storage SMB, Migration – Massendaten, 2020
Your benefit:
✅ Central data control, clear permissions
✅ No more private cloud accounts for employees (less security risk)
✅ nDSG/GDPR-compliant, no CLOUD Act issues (see also Part 3 of our Secure Cloud Blog)
✅ Costs are decreasing
Situation 2: We use Microsoft 365 / Google Workspace, but sensitive data don't belong there
Your challenge:
🔹Customer data, contracts, and financial data are held by US companies
🔹Compliance requirements (data protection, industry guidelines) are becoming more stringent
🔹Management says: "We need digital self-determination"
Your migration path (hybrid):
Sources: Nextcloud Blog – Migration, 2025, Wire – European Alternatives Guide, 2025, Chino.io – AWS/Azure/GCP in EU Healthcare, 2023, Kroll – SMB Guide to Cloud Security, 2022
Your benefit:
✅ Sensitive data away from US government access (CLOUD Act)
✅ nDSG/GDPR compliance can be proven
✅ Additionally, practical: M365/Google for Office/Mail (no cold turkey)
✅ Better negotiating position with auditors & customers
Situation 3: We use AWS/Azure/Google Cloud and now have data protection issues
Your challenge:
🔹Applications, files, and databases are all located at a US hyperscaler
🔹Financial dependence (vendor lock-in): switching would be expensive
🔹Compliance auditors ask: "Why US cloud for customer data?"
Your migration path (Separation: App vs. Data Storage)
Sources: Nextcloud REST-API, Exoscale – CLOUD Act vs. GDPR, 2025, activemind.legal – CLOUD Act, 2024
Your benefit:
✅ Critical data protected from US government access (CLOUD Act)
✅ Less hyperscaler lock-in (data is no longer there)
✅ Better cost structure (separate data level = lower expenses)
✅ Applications can continue to run on hyperscalers
Checklist: Should we switch to Open Source Cloud (Nextcloud)?
🔲 We have compliance requirements (data protection, industry guidelines) → YES, Nextcloud
🔲 We use a mix of file servers and cloud (Spaghetti-IT) → YES, Nextcloud centralizes
🔲 Our employees use private cloud accounts → YES, Nextcloud reduces the risk
🔲 We value Digital Self-Determination → YES Nextcloud
🔲 We need tight control over permissions → YES, Nextcloud offers granularity
🔲 We operate in/for a regulated industry (health, finance) → YES, Nextcloud is more secure
🔲 We want to use AI in a controlled and transparent way → YES, Nextcloud
🔲 We prioritize speed and opaque AI features over data protection → NO, hyperscalers are better
🤓 If 3+ of the above mentioned points apply → Nextcloud is probably right for you
Conclusion: Your next steps
- This week: Decide if Nextcloud is a good fit (checklist above)
- Next week: Choose a CH/EU provider and book a test instance
- Next month: Start a controlled pilot with one department; migrate data
- After 3 months: Full rollout; turn off old file server/old cloud solution
Benefits:
✅ Lower costs
✅ Better data protection
✅ Lower compliance risk
Good luck in switching to secure solutions and expanding Digital Self-Determination.