Secure Cloud - Comparison of Vendor Lock-In
Cloud Comparison and Vendor Lock-in: What am I getting into and how can I avoid cloud vendor lock-in?
Cloud Security Part 3
Andy
Andy is a founder of Lenotra AG, which launched myLeny® in 2025. He lives in Switzerland and has been grappling with the question "How can I move comfortably in the digital space without having to give up my digital self-determination?" for years.
Comparison of Vendor-Locked-In Clouds vs. Open-Source Clouds
Vendor-locked-in (manufacturer-dependent) clouds like AWS, Azure, Google Cloud, and iCloud offer scalable, feature-rich services with global infrastructure, but are vulnerable to lock-in, vendor access, and government requests and access due to proprietary systems and US-centric laws (e.g., CLOUD Act). Open-source solutions (like Nextcloud) enable self-hosted (or operated by a secure Swiss🇨🇭 provider) Digital Sovereignty, especially in CH🇨🇭/EU🇪🇺, with full transparency and end-to-end options. Regional data storage (USA🇺🇸/UK🇬🇧 vs. CH🇨🇭/EU🇪🇺) is crucial: USA🇺🇸/UK🇬🇧 pose very high access risks, CH🇨🇭/EU🇪🇺 ensure nDSG/GDPR compliance and minimal foreign dependencies.
Sources: Nextcloud - Encryption and hardening, d3-Werk - Raus aus der US-Cloud?, DataCamp - 5 Top Cloud Service Providers in 2025 Compared, Northflank - AWS vs Azure vs Google Cloud
Detailed comparison
Sources: Nextcloud - Encryption and hardening, d3-Werk - Raus aus der US-Cloud?, Northflank - AWS vs Azure vs Google Cloud, Kuketz - Verschlüsselung der Nextcloud: Eine grundlegende Entscheidung – Nextcloud, Heise - Schweiz: Datenschützer empfehlen breites Cloud-Verbot für Behörden, Nextcloud - Encrypting your Nextcloud files on the server, others
Regional differences and advantages
🇺🇸 USA/ 🇬🇧 UK data retention:
🔹Highest scalability/innovation (e.g. AWS Global Network), but CLOUD Act/FISA allow extraterritorial access without notification.
🔹Disadvantage for sensitive data (e.g. health/finances)
🇪🇺 EU data retention:
🔹Sovereign regions (AWS Frankfurt, Azure Warsaw, Google Finland, etc.) partially block US transfers via GDPR/Schrems II
🔹Advantage: Compliance, lower latency for Europe, dedicated keys
🇨🇭 Swiss data retention:
🔹The DGSG is stricter than the DSGVO (Federal Data Protection Act)
🔹Ideal for Nextcloud (e.g., NesCHt)
🔹Advantage: Neutral politics, no Five Eyes, physical isolation
Sources: d3-Werk - Raus aus der US-Cloud?, DataCamp - 5 Top Cloud Service Providers in 2025 Compared, Northflank - AWS vs Azure vs Google Cloud, Heise - Schweiz: Datenschützer empfehlen breites Cloud-Verbot für Behörden, others
Checklist: Suitable for high
Data Sovereignty?
🔲 Nextcloud CH/EU self-hosted: Fully open source, end-to-end encrypted, no vendor access, compliant with nDSG/DSGVO
🔲 EU Sovereign Clouds (Azure Warsaw, AWS Frankfurt): Reduced US risks, local keys
🔲 iCloud with Advanced Data Protection: Only in the Apple ecosystem, limited E2EE
🔲 AWS/Azure/Google USA/UK: High scalability, but avoid CLOUD Act risks
Checklist: For Enterprise-Scalability and Integration?
🔲 AWS/Azure/Google Cloud: Global data centers, AI/ML, IoT support, multi-cloud options
🔲 Nextcloud: Scalable via clustering, collaboration via apps
🔲 iCloud: Simple for Apple users, limited cross-platform
Conclusion for Enterprise users
For maximum transparency and sovereignty, Nextcloud in CH/EU hosting is ideal, as it avoids lock-in and enables end-to-end encryption, while proprietary clouds like AWS/Azure/Google are superior in terms of scalability – prioritize based on security/data protection vs. performance.
Conclusion for private users
Vendor-Lock-In Clouds like AWS, Azure, Google Cloud, or iCloud are convenient, powerful, and seamlessly integrated into many devices and apps – but you give up a lot of control and have to rely on the provider's security and legal situation (often USA/UK).
Nextcloud-based open-source clouds give you significantly more Data Sovereignty and transparency: You or a trusted provider decide where the data is located (e.g., Switzerland/EU), which security mechanisms are active, and who can theoretically access it. Just because of topics like the CLOUD Act and governmental access in the USA/UK, regional data storage in the EU and even better in Switzerland is a big plus for data-sensitive users and families because GDPR or nDSG apply here and foreign access is more limited.
Practically speaking, this means:
If comfort, automation, and "it just works" are most important to you, providers like iCloud, Google Drive, and the like are the (poor) choice.
If you value privacy, Data Protection, Digital Self-Determination, provider independence, and long-term control, a well-configured Nextcloud (self-hosted or with a CH/EU provider) is the more sovereign solution—ideally with end-to-end encryption and a location in Switzerland🇨🇭.
Have fun switching to secure solutions and expanding your Digital Self-Determination.