Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN

Microsoft Cloud Azure in Switzerland: Opportunities, Limitations & Alternatives

Microsoft Cloud Azure in Switzerland: Opportunities, Limitations & Alternatives

Auteur n°2 – Jonathan

Microsoft Azure is closely examined by Swiss companies as part of their digital transformation strategies. It raises important issues related to data sovereignty and technological independence. The opening of local Azure regions in Switzerland marked a turning point for mid-sized and large Swiss enterprises, attracted by Microsoft’s strong ecosystem and the ability to store some of their data within Swiss borders.

This article explores everything you need to know about Azure in Switzerland: from its launch and local footprint to the implications for digital sovereignty, the concrete benefits for businesses, ways to integrate Azure into existing infrastructures, and finally, the potential limitations of this solution and the sovereign alternatives to consider.

Azure’s Launch in Switzerland: Local Context and Datacenters

Microsoft officially launched Azure in Switzerland at the end of 2019 with the opening of two cloud regions: Switzerland North (Zurich area) and Switzerland West (Geneva area). The initial announcement came in March 2018, when Microsoft revealed plans to open datacenters in Zurich and Geneva to deliver Azure, Office 365, and Dynamics 365 from Switzerland, with availability expected in 2019. This rollout made Microsoft the first global hyperscale cloud provider to operate datacenters in Switzerland, aiming to meet local requirements for data residency and regulatory compliance.

Today, Azure Switzerland has become mainstream. In August 2024, Microsoft announced that five years after launch, the number of local clients had grown from 30 early adopters to over 50,000 companies using Microsoft cloud services in Switzerland. Microsoft now operates four datacenters in Switzerland (across the two Azure regions), ensuring high availability and local service resilience. The local cloud offering has also expanded: fewer than 50 Azure services were available at launch, compared to over 500 now, including advanced AI tools such as Azure OpenAI and Microsoft 365 Copilot with data stored in Switzerland. In short, Azure Switzerland has become a full-fledged hyperscale cloud platform operated on Swiss soil, offering the same reliability and scale as other Azure regions worldwide.

Data Sovereignty and Compliance: A Cloud on Swiss Soil

One of the main drivers for this local deployment was digital sovereignty. For many Swiss organizations – especially in finance, healthcare, and the public or semi-public sectors – it is crucial that sensitive data remains hosted in Switzerland and under Swiss jurisdiction. By opening Azure regions in Zurich and Geneva datacenters, Microsoft enables companies to keep their data within Swiss borders while leveraging the cloud. Data stored in Azure Switzerland is subject to Swiss data protection standards (such as the revised FADP). The Swiss Azure regions also comply with FINMA requirements for financial services.

Data sovereignty also means legal control. Hosting workloads on Swiss territory helps satisfy local regulators. It’s worth recalling that the Swiss Confederation only agreed to migrate to Microsoft 365 under strict conditions: data must be hosted in Switzerland (or at least within the EU/EEA), the service must comply with Swiss laws (revised FADP, OPC, etc.), and no third-party foreign access is allowed without going through Swiss authorities. In other words, Switzerland wants to ensure that adopting the cloud does not compromise either confidentiality or data sovereignty. Azure Switzerland aligns with these expectations by guaranteeing local data residency for Azure, Microsoft 365, Dynamics 365, and Power Platform – meaning customer data stored in Swiss regions remains physically and legally in Switzerland.

However, it’s important to note that despite these local guarantees, Azure remains a service operated by a U.S. company. This raises the issue of the extraterritorial reach of certain foreign laws (such as the U.S. CLOUD Act). Microsoft has taken steps to reassure its clients – for example by publishing legal opinions from Swiss experts on the use of U.S. cloud services in compliance with Swiss law – and asserts that its Swiss cloud services allow clients to meet their compliance obligations without compromise. Still, data jurisdiction remains a real concern, which we will return to in the section on limitations and alternatives.

{CTA_BANNER_BLOG_POST}

Planning Azure Integration into Your Existing Infrastructure

If you’ve decided to entrust Microsoft Cloud with hosting and processing your data, proper planning is essential to fully leverage Azure while controlling risks and costs. Below are key areas and best practices to help you prepare for integrating Azure into your existing infrastructure:

Assessing Needs and Data

Start with an internal audit of your application landscape and data assets. Identify workloads that could benefit from the cloud (e.g., scalable applications, flexible storage needs, new AI-driven projects) and those that may need to remain on-premise due to strict compliance or legacy constraints. Classify your data by sensitivity to determine what can be moved to Azure (for instance, start with public or low-sensitivity data; highly confidential data may follow later or be hosted on a private cloud). This assessment allows you to prioritize migration by targeting quick wins while avoiding major pitfalls (such as migrating a critical application without a fallback plan).

Hybrid Architecture and Connectivity

Azure Switzerland integrates with your IT ecosystem through a hybrid approach. It is often recommended to establish a secure, dedicated connection between your enterprise network and Azure—typically via an encrypted site-to-site VPN or Azure ExpressRoute if you require high bandwidth and reliability. This enables seamless communication between cloud applications and your on-premise systems, as if they were part of the same internal network. Also consider integrating your directory service (e.g., Active Directory) with Azure AD to unify identity and access management across cloud and on-premise environments. A well-designed hybrid architecture ensures smooth Azure adoption for users while maintaining your IT security standards (e.g., firewall extensions, access control policies).

Progressive Migration and Testing

Instead of moving your entire infrastructure to the cloud at once, opt for a phased migration. For instance, you could start by migrating development or testing environments to Azure to familiarize your teams with the platform, or launch a new cloud-native project alongside your existing stack. For legacy applications, select an appropriate migration strategy—from basic lift-and-shift (moving a VM to Azure without changes) to partial refactoring (adapting the app to benefit from Azure PaaS services), including intermediate options. Each application can follow one of the classic “5 Rs” of migration (Rehost, Refactor, Replatform, Rebuild, Replace) depending on its business value and the effort involved. Carefully test each step within Azure (performance, security, compatibility) before going live. The goal is to minimize risk—e.g., start with a non-critical service to detect potential issues without disrupting core operations. Once trust is established, you can accelerate migration of other components.

Governance, Cost Management, and Skills

Integrating Azure also requires adapting your processes and teams. Clear cloud governance must be established: define who is authorized to create Azure resources (to avoid shadow IT), what cost-control mechanisms to implement (budgets, spending alerts, resource tagging by project for billing), and how to maintain operational security (centralized monitoring with Azure Monitor, automated backups with Azure Backup, disaster recovery with Site Recovery, etc.). Financially, leverage tools like Azure Cost Management to optimize expenses and consider commitment-based pricing models (reserved instances, Azure Hybrid Benefit to reuse existing licenses) to improve ROI. Also invest in training your IT staff on cloud platforms—Azure certifications and workshops are key to operating efficiently in the cloud. You can rely on a local Azure partner or an experienced DevOps team to support upskilling and ensure knowledge transfer. In short, successful Azure integration is as much about people and processes as it is about technology.

Limitations and Risks of Azure Cloud in Switzerland

While the outlook is promising, it’s important to take a clear-eyed view of the limitations and challenges tied to adopting Azure—even in its “Swiss” version. No cloud solution is perfect or magical. Here are key areas of caution for CIOs and technical decision-makers.

Vendor Lock-In and Dependency

Using Azure means becoming partially dependent on Microsoft for your infrastructure. Even with a solid contract, switching providers later can be complex and costly—especially if you rely heavily on proprietary PaaS services (such as Azure databases, serverless functions, etc.). Application portability is not guaranteed: migrating again to another cloud or back on-premise could require significant refactoring. To avoid lock-in, design your applications as cloud-agnostic as possible—using open standards, Docker containers that can run elsewhere, etc.—and always keep an exit strategy in mind. Even the Swiss government has raised this concern, exploring medium- and long-term alternatives to Microsoft in order to reduce dependence on U.S. vendors and preserve digital sovereignty.

Costs and Budget Control

Azure’s pay-as-you-go model is a double-edged sword. It eliminates upfront capital expenditure, but costs can escalate quickly if not properly managed. In Switzerland, Azure pricing reflects Microsoft’s premium service level—which comes at a cost. Some local resources may be more expensive than in the U.S., for instance. Hidden costs can also emerge: data egress fees (when retrieving data from the cloud), network charges, or premium support fees. Without strong governance, companies can face unpleasant billing surprises. It’s crucial to monitor usage and optimize accordingly (turn off unused VMs, right-size resources, etc.). Local alternatives often highlight their pricing transparency. For example, Infomaniak advertises lower prices than the global cloud giants for equivalent instances. Comparing offers and projecting ROI over multiple years is essential: Azure delivers value (agility, innovation), but you must ensure the return justifies the cost when compared to on-prem or alternative cloud options.

Data Governance and Long-Term Compliance

Although Azure Switzerland allows local data storage, one sensitive issue remains: foreign jurisdiction. Because Microsoft is a U.S. company, it is subject to U.S. law. This means laws like the U.S. CLOUD Act (2018) could, in theory, compel Microsoft to provide data to U.S. authorities—even if that data is stored in Switzerland. This risk of extraterritorial disclosure, while rare in practice and typically governed by international treaties, has raised valid concerns about sovereignty and confidentiality. In Switzerland, the consensus is that data hosted entirely by a Swiss provider is beyond the reach of the CLOUD Act and cannot be shared with the U.S. outside of Swiss legal channels. With Azure, clients must rely on Microsoft’s contractual assurances and international agreements, but for certain organizations (e.g., defense or highly sensitive sectors), this remains a red flag. More broadly, adopting Azure means outsourcing part of your IT governance. You rely on Microsoft for platform management: in the event of a regional outage, policy change, or evolving terms of service, your room for maneuver may be limited. It’s therefore critical to carefully review contractual clauses (exact data location, residency commitments, protocols for legal requests, etc.) and implement strong encryption practices (e.g., managing your own encryption keys stored in an Azure HSM so that Microsoft cannot access them without your consent).

Service Coverage in Swiss Azure Regions

Another point to consider is that not all Azure features are immediately available in newer regions like Switzerland. Microsoft typically prioritizes new service rollouts in core regions (Western Europe, U.S., etc.) before expanding elsewhere. At launch in 2019, only about 20 Azure services were available in Switzerland. That number has since grown to several hundred, covering most common needs (VMs, databases, Kubernetes, AI, etc.). However, there can still be slight delays for the latest Azure features or capacity limitations for very specific services. For example, a large GPU compute instance or a niche analytics service may not be available locally right away if demand in Switzerland is too low. In such cases, companies must choose between waiting, temporarily using a neighboring European region (with data stored outside of Switzerland), or finding another solution. It is therefore recommended to check regional availability for the specific Azure services you need. Overall, the gap is narrowing thanks to Microsoft’s ongoing investment in Switzerland, but it remains a planning consideration.

Azure in Switzerland offers undeniable advantages, but it’s essential to stay aware of its limitations: avoid vendor lock-in through thoughtful architecture, continuously monitor and optimize costs, understand the implications of international law, and stay informed about service coverage. By doing so, you’ll be able to use Microsoft’s Swiss cloud with full awareness—leveraging its benefits while mitigating potential risks.

What Are the “Sovereign” Alternatives?

While Azure in Switzerland is an appealing offering, it’s wise for IT decision-makers to also explore local and independent alternatives that align with values such as sovereignty and tailored technology. In the spirit of Edana—which advocates for open, hybrid, and client-adapted solutions—several options are worth considering to complement or even replace a 100% Azure approach:

Infomaniak Public Cloud: Swiss, Independent, and Ethical

Infomaniak, a well-known Swiss hosting provider, has offered a sovereign public cloud since 2021, fully hosted and operated in Switzerland. Based on open-source technologies (OpenStack, etc.), the platform guarantees that “you know where your data is, you’re not locked into proprietary tech, and you pay a fair price” (Infomaniak’s own words). The provider emphasizes high interoperability (no vendor lock-in) and aggressive pricing—reportedly several times cheaper than cloud giants on certain configurations, based on internal benchmarks. It delivers essential IaaS/PaaS services (VMs including GPU support, S3 object storage, managed Kubernetes, etc.) on 100% Swiss infrastructure powered by renewable energy. For companies that value transparency, social and environmental responsibility, and data sovereignty, Infomaniak shows that it’s possible to run performant, local cloud services free from the CLOUD Act, while maintaining full control over the software stack (with auditable open-source code). It’s a compelling option for hosting sensitive workloads—or simply to introduce competition in terms of cost and capabilities.

Other Swiss Cloud Providers

Beyond Infomaniak, a full ecosystem of Swiss cloud providers is emerging, offering sovereign services. For example, Exoscale is a cloud platform of Swiss origin (with datacenters in Switzerland and across Europe) that provides virtual machines, S3-compatible storage, managed databases, and Kubernetes—all GDPR-compliant with strong local roots. Similarly, major Swiss players like Swisscom or IT specialists like ELCA have developed their own cloud offerings. ELCA Cloud positions itself as a Swiss cloud guaranteeing data, technological, and contractual sovereignty—designed to close the regulatory gaps of international cloud platforms. Its infrastructure, based on OpenStack and Kubernetes clusters across three Swiss zones, complies with Swiss and EU regulations (FADP, GDPR), and ensures hosted data is not subject to the CLOUD Act. These local providers also highlight advantages such as close (and often multilingual) support, transparent pricing, and flexibility for custom needs. For a Swiss company, working with a local cloud vendor can offer additional peace of mind and higher service personalization (direct contacts, local legal expertise, etc.)—even if that means sacrificing some of the service breadth offered by hyperscalers like Azure. The key is to align your choice with your priorities: absolute compliance, cost control, features, support, and so on.

Hybrid and Multi-Cloud Strategies

A growing trend is to avoid putting all your eggs in one basket. A savvy CIO might adopt a multi-cloud strategy by combining Azure with other solutions—for example, using Azure for globalized workloads or Microsoft-centric projects, while deploying a private or local public cloud for more specific needs. Hybrid architectures let you benefit from the best of both worlds: the power of Azure on one side, and the sovereignty of a private cloud on the other—especially for highly sensitive data or applications requiring full control. Technically, Azure can be interconnected with a private OpenStack or VMware cloud, data can be exchanged through APIs, and orchestration can be managed using multi-cloud tools. This approach requires more operational effort, but it avoids vendor lock-in and offers maximum flexibility. Moreover, with the rise of containers and Kubernetes, deploying portable apps across different cloud environments has become easier. Some organizations already adopt this model—for example, storing confidential data in-house or with a Swiss provider, while using Azure’s compute power for high-performance or big data workloads.

In Summary

Sovereign alternatives are plentiful: from Swiss public clouds to open-source private clouds hosted in-house, each option has its benefits. The most important thing for a CIO or CTO is to align the cloud choice with the company’s business strategy and constraints. Azure in Switzerland offers a great opportunity for innovation and compliance, but it’s wise to consider it as part of a broader ecosystem, where multiple clouds may coexist. This diversification enhances strategic resilience and can improve ROI by optimizing each workload for the most suitable infrastructure. The best path forward is to seek guidance from experts in the field.

At Edana, we help our clients design and implement IT and software architectures. Contact our experts to get answers to your questions and build a cloud architecture tailored to your needs and challenges.

Talk about your needs with an Edana expert

PUBLISHED BY

Jonathan Massa

As a specialist in digital consulting, strategy and execution, Jonathan advises organizations on strategic and operational issues related to value creation and digitalization programs focusing on innovation and organic growth. Furthermore, he advises our clients on software engineering and digital development issues to enable them to mobilize the right solutions for their goals.

Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN

GDPR & nLPD Compliance: What Are Your IT System’s Obligations?

GDPR & nLPD Compliance: What Are Your IT System’s Obligations?

Auteur n°4 – Mariami

Technology decision-makers and managers in Switzerland must comply simultaneously with the EU’s GDPR for cross-border data exchanges and with the Swiss Federal Act on Data Protection (nLPD, formerly LPD) for local processing. The GDPR governs the collection, use and retention of personal data of EU citizens, while the nLPD defines rights and obligations on Swiss soil. Mastering both frameworks helps you anticipate legal and operational risks and build a robust, future-proof data governance model that can adapt as these regulations evolve.

Understanding Your Legal Obligations under GDPR and nLPD

You need to define precisely which processing activities fall under each regulation to avoid heavy fines.

For a Swiss IT manager, it’s not just about ticking legal boxes: misinterpreting the scope can expose your company to substantial penalties and erode trust with customers and partners. From day one, clarify who is affected, which data is processed, and under what conditions to establish a solid and scalable compliance framework.

Scope of the GDPR in Switzerland

The GDPR applies to Swiss companies when they:

  • Offer goods or services to EU residents
  • Monitor their behavior (e.g., via cookies, analytics tools or profiling)

Examples include:

  • A Swiss e-commerce site receiving visitors from France
  • A web form filled out by a prospect in Germany

Non-compliance can lead to fines up to €20 million or 4 % of global annual turnover—and seriously damage your reputation with European customers.

Key Features of the nLPD

The revised Swiss Data Protection Act (nLPD), in force since September 2023, strengthens individual rights in Switzerland and aligns certain requirements with the GDPR, but with notable differences:

  • Data-breach notification: Report to the Federal Data Protection and Information Commissioner (FDPIC) “as soon as possible,” without the GDPR’s strict 72-hour deadline.
  • Fines: Up to CHF 250 000—significantly lower than GDPR penalties.
  • International transfers: More flexible, provided “appropriate safeguards” are in place.
  • Legal basis: In some cases, processing may rely on “legitimate interest” without requiring explicit consent, unlike the GDPR.

The Business Case for Compliance

Beyond legal obligation, solid data governance boosts efficiency and competitiveness:

  • Process optimization
  • Fewer incidents
  • Better data value

A PwC study found that 85 % of customers prefer companies guaranteeing personal-data security—an advantage for customer retention and partnerships.

Compliance also builds flexibility to adapt rapidly to future legal changes in a tightening regulatory environment. Moreover, exemplary governance opens doors to new markets with strict compliance requirements and strengthens credibility with investors and stakeholders.

{CTA_BANNER_BLOG_POST}

Map and Diagnose Your Data Flows

Data-processing mapping is the cornerstone of governance and compliance management. Without a comprehensive overview, IT and business leaders cannot prioritize actions, assess risks correctly, or respond to data-subject requests on time.

Inventory Your Data Sources

Start by listing all data sources:

  • On-premises servers
  • SaaS applications
  • CRM databases
  • Mobile apps

For each entry, note the type and sensitivity of data, volume and location. This highlights critical points—e.g., log files stored outside the EU.

Implement a Centralized Repository

A single repository storing metadata, data-processing owners, purposes and retention periods streamlines data management, reduces human error, enhances GDPR compliance and speeds up audit responses.

Example: For a pharmaceutical lab, implementing such a tool cut response time to data-access requests by 40 % and reduced the annual data-update cycle from two weeks to two days.

Our approach:

  1. Analyze and map your current data landscape
  2. Design a data model tailored to your organization
  3. Deploy a centralized tool connected to key information sources
  4. Assign simple, owner-driven update processes

This accelerates central governance and improves data reliability.

Diagnose Vulnerabilities

Identify all weak points in your system to protect personal data:

  • Outdated applications
  • Undocumented manual processes
  • Data transfers outside the EU without adequate safeguards

For each vulnerability, assess potential impact and likelihood. Use a risk matrix to visualize and prioritize—focus on high-risk items (e.g., securing a payment API) before less critical tasks.

Establish Compliance Processes and Policies

Clear, documented processes are essential to meet GDPR/nLPD requirements and secure your data operations. Formalizing roles, workflows and controls ensures demonstrable compliance and swift incident response.

8-Step Operational Roadmap

  1. Team awareness and objective setting
  2. Comprehensive audit of processing activities and flows
  3. Appointment of a Data Protection Officer (DPO) where required
  4. Security measures (encryption, access controls)
  5. Drafting and publishing internal policies
  6. Ongoing staff training
  7. Management and tracking of data-subject requests
  8. Continuous monitoring and incident alerts

Formalize Responsibilities

Define and document roles—DPO, business-unit liaisons, IT teams—in an up-to-date org chart to maintain clear decision and processing chains.

Maintain a Living Processing Register

Keep your register up to date: every new project or scope change must be recorded immediately with legal basis, retention period and data flows.

Automate Data-Subject Rights Workflows

Automate the full lifecycle of access requests: receipt, identity verification, data extraction, secure delivery and closure. Automation ensures legal timeframes are met and provides full audit trails.

Third-Party and Vendor Controls

Use an evaluation framework for subcontractors and incorporate standard contractual clauses (SCC) for the GDPR. Review these assessments at least annually to ensure partner compliance and reduce legal and operational risks.

Monitor, Audit and Continuously Improve

Long-term compliance requires KPI-driven management and regular audits. Turn governance into an agile, measurable process to gain a competitive edge.

Define and Track Your KPIs

  • Percentage of requests handled on time
  • Number of security incidents
  • Proportion of documented processing activities
  • Average time to update the register
  • Number of vulnerabilities remediated

Operational Dashboard

Consolidate KPIs into a real-time portal (Power BI, Grafana, etc.). For one mid-sized client, our dashboard reduced audit discrepancies by 25 % and accelerated request processing by 40 %.

Audits and Feedback Loops

Schedule an annual external audit and quarterly internal reviews. Integrate team feedback and regulatory updates into a continuous improvement plan to avoid reactive compliance.

Foster a Privacy-First Culture

Promote transparency and accountability through internal newsletters, workshops and incident debriefs. Engaged teams contribute more effectively to a strong privacy posture.

Build Your GDPR & nLPD Governance

You now have a comprehensive action plan: understand your obligations, map your data flows, formalize policies, manage with KPIs and cultivate a privacy culture. This approach secures your IT system, reassures stakeholders and delivers lasting competitive advantage.

If you need expert support to implement a compliant, secure and scalable digital ecosystem, contact Edana to discuss your challenges.

Discuss about your challenges with an Edana expert

PUBLISHED BY

Mariami Minadze

Mariami is an expert in digital strategy and project management. She audits the digital presences of companies and organizations of all sizes and in all sectors, and orchestrates strategies and plans that generate value for our customers. Highlighting and piloting solutions tailored to your objectives for measurable results and maximum ROI is her specialty.

Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN

Implementing an Effective 3‑2‑1 Backup Strategy and Disaster Recovery Plan

Implementing an Effective 3‑2‑1 Backup Strategy and Disaster Recovery Plan

Auteur n°14 – Daniel

For decision‑makers and technology leaders, a 3‑2‑1 backup means keeping three copies of your data on two different media, with one copy off‑site. A Disaster Recovery Plan (DRP) defines the procedures and responsibilities to restore your service after an incident. Together, these two pillars ensure business continuity and minimize the risk of prolonged downtime.

The 3‑2‑1 principles combined with a DRP form an essential duo for any organization committed to resilience and maximized ROI in security and availability.

1. Core Principles of 3‑2‑1 Backup and Disaster Recovery

Summary: The 3‑2‑1 rule secures your data; the DRP prepares you to restore it.

A 3‑2‑1 backup strategy relies on three distinct copies of your data: the primary production copy, a second local backup (NAS, hard drive), and a third off‑site copy (cloud or managed service). This setup limits single points of failure and reduces the chance of total data loss in the event of a physical disaster or cyberattack. Adopting this approach requires carefully assessing your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) to select the right open‑source technologies and avoid vendor lock‑in.

Disaster recovery, or your DRP, complements the 3‑2‑1 backup. While backups guarantee data integrity, the DRP formalizes the steps to reinstate your critical services. It specifies roles, failover processes, and standby environments. It’s best to adopt a flexible plan—there is no one‑size‑fits‑all solution—that aligns with your business context and leverages existing components, whether banking systems, e‑commerce platforms, or ERP.

To stay agile, Edana’s approach combines bespoke development with proven open‑source components (Node.js, Linux, PostgreSQL…). This mix minimizes technical debt and optimizes costs while ensuring scalability and security. Every environment is unique, which is why we architect your ecosystem with a flexible methodology focused on digital transformation and, when relevant, eco‑responsibility.

2. Building a Tailored Disaster Recovery Plan for Your Organization

Summary: A custom DRP guides restoration and ensures business continuity.

An effective DRP begins with an audit of your business processes and critical scopes. This involves identifying strategic applications, their dependencies, and required service levels. In collaboration with your ops, security, and IT teams, our experts design a recovery plan that combines standby environments, automated failover procedures, and regular testing. The goal is to minimize downtime (RTO) and acceptable data loss (RPO).

Every context has its own requirements, so we customize each DRP accordingly. For example, for a Swiss bank, we built a managed standby platform with encrypted backups via Infomaniak and TypeScript automation scripts that handle failover in under five minutes. We then established quarterly test cycles to validate full service restoration and fine‑tune procedures based on feedback. This pragmatic approach not only significantly reduced RTO but also boosted operational teams’ confidence in their infrastructure’s resilience.

At Edana, we favor an iterative process: deploy a minimum viable recovery framework first, then enhance the DRP based on real‑world tests. This semi‑custom methodology keeps technical debt in check and integrates seamlessly with your development cycles, whether agile or waterfall. You achieve controlled recovery aligned with your business goals and budget.

{CTA_BANNER_BLOG_POST}

3. Selecting Open‑Source Technologies for Your Backup Strategy

Summary: Open source cuts costs and prevents vendor lock‑in.

When it comes to backup strategy, open‑source solutions deliver flexibility and transparency. Unlike proprietary offerings, they free you from costly licenses and long‑term commitments. Some of the most popular building blocks include:

  • BorgBackup for deduplication and encryption
  • Restic for ease of use and multi‑backend support
  • Duplicity for incremental archiving

These tools integrate naturally with orchestration frameworks (Ansible, Terraform) to automate snapshot creation, off‑site transfers, and integrity checks. Embedding them in a CI/CD pipeline validates backups with every deployment, reinforcing your confidence in the restore process.

Edana’s approach? Depending on your needs, we integrate these tools, develop custom extensions, or mix open‑source components with bespoke code. For instance, a TypeScript hook can extend Restic to trigger alerts in Slack or Jira upon failure. This tailored ecosystem delivers agility and real‑time visibility while respecting your governance and sustainability requirements.

By choosing these solutions, you benefit from active communities and regular updates—crucial for security. We also document each component in Confluence, ensuring long‑term maintainability and internal skill growth.

4. Embedding 3‑2‑1 Backup in a Scalable, Secure Architecture

Summary: Your architecture must grow with your business and protect your data.

A 3‑2‑1 backup is most effective when it’s part of a system designed to evolve with your needs. Rather than imposing an off‑the‑shelf solution, you build a modular “pipeline” that spans data collection, storage, and recovery. Depending on your constraints, you might combine local storage (a NAS or on‑premise server) for fast access with a remote location (public cloud or managed service) for resilience. You’re free to choose other options—object storage, cross‑datacenter replication, or even cold storage—while ensuring compliance with regulations (GDPR, encryption, etc.) and maintaining full control over your architecture’s future evolution.

Security is paramount: encrypt data at rest and in transit, centralize key management (e.g., HashiCorp Vault), and enforce strong authentication (OAuth2). Edana’s approach includes regular vulnerability scans and key‑rotation policies to minimize attack surfaces. We also assess the environmental impact of backups and favor storage sites powered by renewable energy to support your CSR objectives.

For monitoring, integrate metrics (Prometheus, Grafana) to track backup latency, error rates, and storage usage. Automated alerts notify your teams of deviations, enabling proactive scaling and preventing major incidents.

Achieve a Resilient, Controlled Infrastructure

By combining a 3‑2‑1 backup strategy with a robust DRP, you secure your data and guarantee business continuity. You gain not only strong protection for your information but also a detailed, tested emergency plan aligned with your operational objectives. Leveraging open source, custom development, smart integration of existing tools, and a scalable architecture, you maximize ROI while reducing costs and technical debt over the medium and long term. This flexible approach—centered on security, scalability, and digital transformation—ensures the longevity of your services and the confidence of your stakeholders.

Parler de vos enjeux avec un expert Edana

PUBLISHED BY

Daniel Favre

Avatar de Daniel Favre

Daniel Favre is a Senior Software Engineer. He designs and builds bespoke business solutions (SaaS, mobile apps, websites) and full digital ecosystems. With deep expertise in architecture and performance, he turns your requirements into robust, scalable platforms that drive your digital transformation.

Categories
Cloud et Cybersécurité (EN) Digital Consultancy & Business (EN) Featured-Post-About (EN) Featured-Post-CloudSecu-EN Featured-Post-ConsultingAudit-EN Featured-Post-HomePage-EN

Health Data: Hosting Patient Records and Medical Data in Switzerland

Health Data: Hosting Patient Records and Medical Data in Switzerland

Auteur n°3 – Benjamin

Increasing digitalization in the healthcare sector

The importance of digitalization in the healthcare sector is undeniable. Organizations seek to optimize their processes, improve the quality of care, and enhance the confidentiality of medical information. The growing integration of artificial intelligence in healthcare also opens up new perspectives, with the collection of data from a multitude of medical devices. These data, valuable nuggets of information, allow for refining diagnoses and patient profiles, bringing medicine closer to a personalized approach.

Significant legal challenges in Switzerland

However, these technological advances, whether in telemedicine, connected devices (IoT), or business applications, software, or computerized patient records, raise legal questions, especially regarding the hosting of health data. Many providers of telemonitoring devices, patient record digitization, or custom application and software developers opt for storage on cloud servers. This raises questions about the legitimacy of outsourcing this data, whether hosting can be done in Switzerland or abroad, and also raises questions about security and regulatory compliance more generally.

In this article, we will explore what Swiss law says and what the best practices are for managing and hosting patient and health data. We will also address crucial points for securing a server intended to host sensitive data in Switzerland. Examples of secure digitizations carried out by our teams will also be provided.

{CTA_BANNER_BLOG_POST}

Respect for medical confidentiality and data protection (LPD)

Article 10a, paragraph 1 of the Swiss Data Protection Act (LPD) authorizes the processing of personal data by a third party under certain conditions. However, the question arises regarding compliance with medical confidentiality (art. 321 CP) in the transfer of data to third parties, especially to IT service providers.

The majority doctrine considers IT service providers as “auxiliaries” of healthcare professionals, allowing them to subcontract data processing without violating professional secrecy. However, this qualification poses a problem when the provider hosts the data abroad.

Hosting health data abroad (Azure cloud, AWS, etc.): A legal puzzle

Article 6, paragraph 1 of the LPD prohibits the transfer of personal data abroad if the personalities of the individuals concerned are seriously threatened due to the absence of legislation ensuring an adequate level of protection. However, the transfer may be authorized under certain conditions, such as sufficient contractual guarantees.

However, doctrine emphasizes that hosting medical data abroad may result in a breach of professional secrecy. The risk is exacerbated by the uncertainty regarding the applicability of art. 321 CP abroad and the possibility that a foreign authority may request the disclosure of this data.

This is one of the reasons why cloud services offered by web giants such as Amazon and Google such as Azure, AWS, Digital Ocean, Linode, etc., are generally to be avoided for hosting such sensitive data. Although some of these giants are starting to establish data centers in Switzerland, they are still controlled by foreign parent companies. From a purely ethical point of view, it remains safer to turn to a completely Swiss provider.

Our customized solution for Filinea and its data management

As experts in custom business software development and digital transformation, we have assisted various Swiss companies in storing and handling patient data and sensitive data as well as increasing their profitability and optimizing their operations.

Filinea is a company mandated by the state of Geneva to support young people in difficult situations. To optimize the daily work of its thirty or so employees, the company entrusted us with the development of a custom internal software. The management and storage of sensitive data (including medical data) were included, all of which are stored on a secure server located in Switzerland that our engineers deployed and manage according to appropriate security standards.

Discover the Filinea case study

Create your own secure digital ecosystem

In the following sections of this article, we will provide various technical and administrative recommendations regarding the protection of health data that we apply when designing our projects handling patient and health data in Switzerland.

Recommendations from our experts for prudent management of patients and medical data in Switzerland

Faced with these challenges, recommendations emerge to ensure the security of health data:

1. Prefer hosting in Switzerland

Opt for hosting providers in Switzerland as much as possible, benefiting from a strong reputation for data protection.

2. Ensure anonymization of health data

In case hosting in Switzerland is not possible, ensure that data is anonymized end-to-end, with the private key held by the data controller.

3. Obtain patient consent

If transfer abroad is unavoidable, obtain explicit consent from the patient for the transfer, thus lifting medical confidentiality.

4. Risk assessment

If transferring to a provider outside of countries recognized as offering adequate protection is the only option, carefully assess the risks and obtain explicit consent from the patient as well as lifting medical confidentiality.

5. Avoid violating medical confidentiality at all costs

If none of the previous options are possible (or in case of patient refusal), refrain from transferring data to avoid a breach of medical confidentiality.

Contact our experts to discuss your digitalization in complete safety

How to secure a server to host sensitive data such as patient data?

Hosting a server within a Swiss data center is not enough. Securing such a machine intended to host medical data is a crucial task that requires a rigorous and attentive approach. Confidentiality, integrity, and availability of data must be guaranteed to comply with security standards and protect sensitive information in the medical field. Here are some recommendations for securing a web server hosting medical data:

1. Encryption of communications

Use the HTTPS protocol (SSL/TLS) to encrypt all communications between the web server and users. This ensures the confidentiality of data transmitted between the server and users’ browsers. Be sure to use advanced encryption protocols and avoid weak encryption such as 128-bit whenever possible. Also, use a recognized and reliable certification entity.

2. Regular update of the operating system (OS) and software

Regularly apply security updates to the operating system, web servers, databases, and any third-party software installed on the server. Known vulnerabilities are often addressed by these updates.

3. Firewall and packet filters (Firewall)

Set up a firewall to filter incoming and outgoing network traffic. Limit server access to authorized IP addresses and block any unnecessary traffic.

4. Strict access control

Implement rigorous access control mechanisms. Limit access to medical data only to authorized users. Use individual user accounts with appropriate privileges.

5. Server monitoring

Implement server monitoring tools to detect suspicious activities, intrusion attempts, or abnormal variations in traffic. Well-configured activity logs can help identify potential issues.

6. Regular backups

Regularly back up medical data. Store these backups in a secure location, ideally off-site, to ensure recovery in case of data loss or a major incident.

7. Vulnerability management

Conduct regular security scans to identify and address potential vulnerabilities. Intrusion testing and security audits help ensure system robustness.

8. Strong password policies

Implement strong password policies. Require complex passwords, encourage frequent password changes, and use two-factor authentication mechanisms.

9. Isolation of services within the secure server

Isolate services on the server as much as possible. For example, run the database on a separate server and limit access to other services only to necessary machines.

Implement a secure, customized solution to manage my patient data

In summary: managing and hosting patient records in Switzerland

In conclusion, the dilemma of hosting health data in the era of artificial intelligence and digitization of companies and organizations raises complex issues, requiring a thoughtful approach in line with Swiss legal requirements. Respect for medical confidentiality and data protection should guide healthcare professionals’ choices in an ever-evolving digital landscape.

Hosting on a server located in Swiss territory and securing this server with reinforced cybersecurity measures is imperative to comply with current legislation and protect patient data as well as any sensitive data in general.

Categories
Cloud et Cybersécurité (EN) Featured-Post-About (EN) Featured-Post-CloudSecu-EN Featured-Post-HomePage-EN Software Engineering (EN)

How to Ensure Data Security with Your Enterprise Software?

How to Ensure Data Security with Your Enterprise Software?

Auteur n°14 – Daniel

Data security has become a critical concern for businesses of all sizes. With the proliferation of cyber threats and the increasing value of data, it is imperative for organizations to implement robust security measures to protect their sensitive information. Enterprise software, often the guardian of valuable data such as customer information, financial data, and trade secrets, is a prime target for cybercriminals. Therefore, ensuring data security within your enterprise software becomes a top priority to ensure business continuity and maintain customer trust.

In this article, we will explore different strategies and best practices for enhancing data security with your enterprise software. From risk assessment to establishing a robust security infrastructure, managing access and permissions, data encryption, and employee awareness, we will provide practical advice to help you effectively protect your critical information. By understanding potential threats and adopting a proactive approach to security, you can reduce the risk of security incidents and ensure the confidentiality, integrity, and availability of your essential data.

Understanding Risks: Threat Assessment and Vulnerabilities

Before implementing effective security measures, it is essential to understand the risks facing your enterprise software. This involves a thorough assessment of potential threats such as phishing attacks, malware, and intrusion attempts, as well as identifying vulnerabilities in your IT infrastructure. By understanding these factors, you can better prioritize your security efforts and focus your resources where they are most needed to reduce risks and strengthen your data protection.

Once you have identified threats and vulnerabilities, you can develop a security strategy tailored to your organization. This may include implementing firewalls and intrusion detection systems, regularly updating software to address known security flaws, and continuously monitoring network activity to detect suspicious behavior. By taking a proactive approach to security and remaining vigilant against emerging threats, you can better prevent attacks and protect your data from cybercriminals.

{CTA_BANNER_BLOG_POST}

Notable Data Breach Example: Yahoo

Let’s look at an example that highlights the devastating impact a data breach can have on a company and underscores the crucial importance of implementing robust security measures to protect users’ sensitive information.

In 2016, Yahoo confirmed it had experienced a cyberattack in 2014, compromising data from over 500 million user accounts. This attack was considered one of the largest data breaches in history at that time.

The stolen data included sensitive information such as names, email addresses, hashed passwords, and in some cases, security questions and their associated answers. Additionally, Yahoo revealed in 2017 that another cyberattack, occurring in 2013, had affected all existing Yahoo accounts at the time, totaling around three billion accounts.

These incidents had a significant impact on Yahoo’s reputation and also had significant financial consequences for the company, including a reduction in the purchase price during the acquisition by Verizon.

Establishing a Robust Security Infrastructure

Establishing a strong security infrastructure is essential to effectively protect your data from potential threats. This involves defining clear security policies and implementing appropriate tools and technologies to monitor and control access to sensitive data. Key elements of a robust security infrastructure include firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS), as well as identity and access management (IAM) solutions to ensure that only authorized individuals have access to critical information.

Additionally, careful planning for data redundancy and regular backups can ensure the availability of information in the event of a disaster or system failure. Network segmentation and securing entry and exit points are also important measures to limit the scope of damage in the event of a security breach. By adopting a multi-layered approach and combining multiple security technologies, you can strengthen the resilience of your IT infrastructure and protect your data from a variety of potential threats.

Some of Our Case Studies

Our software engineering teams are dedicated to creating robust and secure business solutions specifically designed to meet your unique needs and challenges. We are committed to providing solutions fully tailored to your use cases, with a particular emphasis on data security. Below, we present two examples illustrating our expertise in creating secure business solutions for Swiss companies that have invested in advanced digital transformation.

I want to discuss my needs with an expert from Edana

Access and Authorization Management: Principle of Least Privilege

Effective access and authorization management are essential to mitigate the risks of unauthorized access to your sensitive data. The principle of least privilege, which involves granting users only the access privileges necessary to perform their specific tasks, plays a central role in this strategy. By adopting this approach, you reduce the potential attack surface by limiting the number of users with extended privileges, thus reducing the risks of misuse or compromise of sensitive information.

Furthermore, implementing granular access controls and strong authentication mechanisms, such as two-factor authentication (2FA) or biometrics, can enhance the security of your systems by adding an additional layer of protection against unauthorized access. By regularly monitoring and auditing access to sensitive data, you can quickly detect suspicious behavior and take corrective action to prevent potential security breaches. By following these best practices, you can better control access to your data and reduce the risks of security compromise.

Data Encryption: Protecting Sensitive Information

By using robust encryption algorithms, you can make your data unreadable to anyone unauthorized who attempts to intercept or illicitly access it. Encryption can be applied at various levels, ranging from encrypting data at rest on servers to encrypted communications between users and servers, as well as encryption of backups and external storage devices. By adopting a holistic encryption approach, you can ensure that your data remains secure even in the event of a security breach or data theft.

Additionally, effective management of encryption keys is essential to ensure the integrity of the encryption process and prevent unauthorized access. By using secure key management practices, such as regular key rotation and separation of responsibilities, you can enhance the security of your data and minimize the risks of compromise of encryption keys. By incorporating data encryption into your overall security strategy, you can create an additional barrier against potential threats and ensure the protection of your most sensitive information.

Employee Training and Awareness: The Human Element of Security

Employees are often the weakest link in the security chain, as they can inadvertently compromise data security through human errors or negligent security practices. Therefore, it is essential to provide regular training on best security practices, including identifying threats such as phishing, malware, and social engineering attacks.

Furthermore, raising employee awareness of the importance of data security and the potential consequences of a security breach can encourage them to adopt secure behaviors in their daily use of company computer systems and data. Effective awareness programs may include phishing attack simulations, interactive training sessions, and regular reminders about company security policies. By investing in employee training and awareness, you strengthen the human factor of security and reduce the risks of security incidents related to human errors.

Conclusion

If you are looking to ensure the security of your data, our Swiss team specializing in strategic consulting and custom development is ready to support you in this endeavor.

Edana provides expertise to design personalized solutions that go beyond conventional standards in data security. By integrating security at every stage of managing your complex projects, our goal is to create memorable and secure experiences, surpassing simple business interactions.

Discuss with an expert

PUBLISHED BY

Daniel Favre

Avatar de Daniel Favre

Daniel Favre is a Senior Software Engineer. He designs and builds bespoke business solutions (SaaS, mobile apps, websites) and full digital ecosystems. With deep expertise in architecture and performance, he turns your requirements into robust, scalable platforms that drive your digital transformation.

Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN Software Engineering (EN)

Why is Network Security important?

Why is Network Security important?

Auteur n°3 – Benjamin

What is network security?

You should implement network security features to protect network architecture from undefined exploitations, accesses, changes, demolitions, and exposes. Network security is a process that guarantees the safety of your information and data. 

Securing a network needs various combinations of instruments, such as routers, hardware, software applications, and many more. Also, it requires high-tech professionals who can provide working of the system. Because all these essential resources to have good network security system are often expensive and unavailable. 

Importance of Network Security

The number of cyber-attacks increases every day, not only to the government’s data and large businesses but also to the regular people’s computer networks. It doesn’t matter how important information is on your devices; Keeping them safe is always essential. A secure network can avoid data loss, theft, misusing your information, or shutting down the whole system. 

{CTA_BANNER_BLOG_POST}

The reasons why Network Security is important

Here are some most common reasons you should consider when it comes to the necessity of the protection of your network:

  1. First, it secures your and your client’s data

For businesses, their data and their client’s information are essential. As a business, your data may consist of financial details, marketing bases, and everything necessary for your company. Other than that, every business collects its clients’ data, especially when you are e-commerce. Their card details, numbers, emails, and all these things are in danger without solid network security. 

  1. Improves performance of the network

If you make sure to get a quality system, it protects your network from attacks and helps it run faster. Good network security provides better performance for your computer networks and allows you to work more swiftly. 

  1. Raised cyberattacks

There is no news without one fact about cyber-attack. It is rising for many reasons, including the progress of artificial intelligence and machine learning, also the spread of the 5GB network. That is why it gets more necessary to have strong network security that will protect data.

  1. No protection will cost more money

Besides the emotional stress from having your information stolen, it costs a lot, especially when you are a business. If we see examples of companies that lost their information, we see how much money it costs from them to compensate for the loss. For instance, when Yahoo was attacked, it affected its 3 million users and ended up costing 350 million dollars. So you can see how expensive it gets when you don’t have solid network security. 

  1. Everything in this world depends on technology

Another reason why network security is essential is how integrated technology is in our lives. Everything around us has a technological system, hardware, or algorithm. Our cars, computers, and even homes are known as technologically intelligent, so because of this, it gets more imminent to have network security. 

How to be Secured?

If you have never thought about how to protect your system as an amateur, you can do these few steps to store data safely and reduce the risk of possible attacks.

First and most importantly, use a powerful router admin username and password. It isn’t news that these two things are most valuable regarding the security of your network. The next step is to change the network name. Use more firewalls and turn off any guest network. 

This obviously isn’t enough, and hackers do magic to enter your network and access the data, but it is the first step to securing a computer network system. 

Conclusion 

Protecting confidential information from unauthorized access is the whole society’s responsibility, including business. Every little detail your client gives you or your company needs for the function is vital for you and needs to be safe, so start securing your networks today and be sure to make them as strong as possible. 

What we offer 

For more similar articles, scroll through our Publications on Edana. And for Expert-Level assistance from your Swiss Digital Agency. Our expertise includes Software Engineering Services. Feel free to contact us anytime!

Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN Software Engineering (EN)

Use SSL to improve Security of your Digital Channels

Use SSL to improve Security of your Digital Channels

Auteur n°3 – Benjamin

SSL Basics You Should Know

Did you know, that all in all most of digital product users are concerned with the security of their online transactions? We all know the risks of inserting even the smallest confidential classified information into a website. This is exactly where the SSL comes in.

SSL deciphers as Secure Sockets Layer. It’s a protocol for web browsers and servers that allows the forms of authentication, encryption and decryption of the data roaming in and out of the server we are using.

Keep Connections Secure

Now, to step aside from the transactional part of internet which generally reminds us of internet banking in most of the cases, let’s discuss connections as well. Current browser contains loads and loads of information which overlap at a certain point.

To put it more simply-let’s take the example of messaging apps. It can be Viber or WhatsApp for example right? Quite often at the header section of an application we see it’s end to end encrypted.

The point of this security method is to make sure that the information shared between two individuals is not just flowing around the whole server heightening the risk of it being hacked and viewed by anybody else outside the authorized users.

{CTA_BANNER_BLOG_POST}

So, basically we all need to keep our connections just as secure because quite simply this is just as much of confidential information as your CC card credentials.

How SSL is a MUST for your Digital Channels

Now, no matter what type of information we are speaking about, please keep in mind, that whatever does not seem confidential to you, can be very important for your target audience.

Do not forget that in current society one of the most active problems is stalking. A lot of individuals, especially females are facing this problem and especially on social media platforms.

If your website is focused on syncing information from social media, such as registering via Facebook accounts-you cannot let any synchronized information fall into the wrong hands. After all, for your own good, a customer whose information has been leaked will be completely eligible to take the matters to court for cyber-security guidelines.

And surely, we don’t want that, so it’s always better to invest in your SSL and have more guarantees that such problems are least likely to occur.

Encryption Parties

The two main parties in encryption process are: The User and Website itself. Now, as we have already discussed the mobile application above, that can be counted as sub-party. But, yet the primary encryption recipient is the website in the first place. SSL is the one neutral party of software ensuring the security of data flow.

Validate your Domain-SSL Certificate

There are several options for getting SSL certified. What it means to be SSL certified, is that your webpage when googled for example will ensure the user that it’s free to roam. How does Google warn users on SSL uncertified users?

At least once you might have a warning page from google before browsing a specific site that it can be dangerous to insert any of your information. This is when Chrome browser asks you whether you’d like to continue to visit a website or go back to the previous page.

Here are a few options to get SSL certificate:

  • Verify your domain information through ICANN lookup.
  • Generate CSR (certificate signing request)
  • Validate your domain by submitting the CSR
  • Install the certificate on your domain/website

What We Offer

For more similar articles make sure to scroll through our Publications on Edana. And, don’t forget to check our services for Expert-Level assistance from your Swiss Digital Agency. Our expertise includes Software Engineering and many more. Feel free to contact us anytime!