Is Germany standing in its own way when it comes to the cloud?

Obstacles on the way to cloud use and how to overcome them – in a nutshell:

  • The mainly American services create the impression that there are not enough alternative cloud providers that are compatible with the German guidelines. However, a sober reflection of the now quite broad and continually developing range of services shows that there are increasingly more European alternatives and that the services of the hyperscalers be used in Germany as well. Multicloud strategies and the use of open interfaces can be used to identify the individually suitable services.
  • Especially companies that do not yet use a public cloud are sceptical about data security. However, with the right handling and usage strategies such as the multicloud strategy, the public cloud can open up new security potential for companies and even be more secure than the local infrastructure.
  • Classic decision criteria can be a major obstacle to cloud projects if cloud transformations are seen as mega-projects that are profitable only after the project is completed. However, if quick wins are recognized as such, this changes things. Indirectly, this is the rapid availability of low-risk infrastructure, which then directly leads to sustainable success and growth as a result of cloud use through easily available services.

In a Europe-wide comparison, Finland, Denmark, and Norway are clearly in the lead when it comes to investing in cloud computing services. However, if we look at Germany, it is behind even Slovenia, Croatia, and Cyprus.[i] Why is Germany always in this position? After all, it is considered an important economic power. Why is a country that is a role model in many political, economic, and social aspects not at the forefront of cloud services and digitalization? This question is coming up not only within Germany. Other countries are also asking whether Germans are losing touch with a digital future with their traditional aversion to risk.[ii]


Is it really technical obstacles or data protection risks that prevent German companies from using the cloud? Or can these be overcome and is the biggest obstacle ultimately the German mindset?

Motivational inhibitors on the way to widespread cloud use

The idea of the cloud still doesn’t seem to be accepted everywhere. There are numerous studies, white papers, and key notes on the topic of the cloud in Germany. There should thus be no shortage of information and discussions. And yet German companies could still benefit from the cloud transformation.

What challenges are holding companies back from adopting the cloud for their business purpose? One obvious and supposedly major obstacle is data protection – in Germany, a common one on the way to innovative areas. However, beyond that, there are other obstacles of a more technical nature. Our cloud-native study identified the following inhibitors in relation to cloud-native technologies:


In the following, we would like to take a closer look at why the use of the public cloud is not yet as widespread in Germany as it in other countries. There are three major motivational obstacles that could be the cause of Germany’s cloud inertia.

Unclear and one-sided product range

The American hyperscalers are ubiquitous and by now a household name for anyone who deals with cloud computing in any form. The three major cloud providers – Amazon, Google, and Microsoft – offer a wide range of services at different levels of cloud computing as well as for cloud natives. At first glance, the range of cloud providers is perfectly adequate. And all three hyperscalers meanwhile have data centres in Germany. However, the overall range of services is not very European in character. On one hand, this raises concerns when it comes to data protection. On the other hand, German companies may have completely different needs that a cloud must solve. The German economy is primarily characterized by a strong industry of small and medium-sized enterprises.

This could be the problem – what about European alternatives?

It remains to be seen whether GAIA-X could ever become a real alternative to the American hyperscalers. At any rate, the German project is not yet ready. And as long as companies wait for GAIA-X to act as a cloud alternative according to German standards, it will be difficult for Germany to catch up in the global (or even Europe-wide) comparison.

Attempts by established cloud providers to become attractive for the German market have also failed.  In 2018, Telekom failed with its joint attempt with Microsoft to offer a cloud landscape that would guarantee that all data would be held in the German Telekom data center. Only the technology stack came from Microsoft. So much for the idea. In reality, however, the costs were too high for the customers, and the available functions were not comparable with the American alternatives. Now Google has announced a new attempt with T-Systems for the coming year to offer a cloud alternative in accordance with German data protection guidelines. This should be just as usable as the services of the hyperscalers. It thus remains to be seen whether the second attempt will succeed and whether T-Systems has learned from the shortcomings of the first. The French alternative OVHCloud and the German cloud provider IONOS[iii] can also be observed.

Amazon’s AWS for Industrial and Google’s Cloud for Manufacturing also offer services tailored specifically to the needs of German industry. Microsoft has also launched a project for industry with the Cloud for Manufacturing.

The product range is there and is being used. After all, $270 billion in revenue was generated worldwide from cloud computing in 2020.[iv] Only for Germany do the services not seem to fit. This could change as soon as the European alternatives have become more accepted than the American ones. Or as soon as the issue of data protection is no longer seen as an obstacle but rather as an opportunity to make the best use of the cloud environment. After all, do public clouds actually have worse data security than local solutions?

The question of data security

Data protection plays a role in every business decision in Germany – and that is right and important. Data protection is thus also used as a decision criterion when deciding between cloud or local and, if cloud, for which purposes. In a 2018 survey, 65% of companies stated that they safeguard their cloud solutions with security services.[v] There seems to be a certain mistrust in cloud solutions – but is that justified?

In fact, only 22% of companies surveyed in another 2018 survey said they had recorded security incidents in their public cloud solutions[vi] – compared with 28% of companies using their own IT infrastructures.[vii] Of particular interest in this context are the results of a study by the digital association Bitkom. According to this, especially those companies that do not use cloud solutions themselves rate the data security in the public cloud as lower. On the other hand, those companies that already store their data in a public cloud have had the opposite experience. They consider the cloud to be even more secure than their own IT infrastructures.[viii] The experiences of hyperscalers from many years of public cloud with an incredibly large number of different customers enables a public cloud environment that is more secure than in-house data storage. For example, security services are part of the standard range of AWS, Azure, and Google.

On the company side, the right handling of the public cloud can contribute to higher data security. Appropriate solutions here include the separation of encrypted data from the corresponding key and the implementation of a multicloud strategy. According to this strategy, data with varying levels of sensitivity is stored at locations with varying levels of security (and varying levels of cost) in a way that maximizes the benefits.[ix] However, this requires the necessary expertise for dealing with public cloud solutions. For example, external partners can provide support for building up expertise.

Inappropriate decision criteria

Cloud computing is a comparatively new technology. Accordingly, the expertise in companies from non-technical sectors is often lacking. Accordingly, the decision-making criteria are not well adapted when it comes to approving projects.

A lack of knowledge about the possible uses and potentials of the public cloud for one’s own company as well as misjudgments of the risk can lead to scepticism about the purpose of the cloud. Because one thing is clear: cloud computing is not an end in itself. Accordingly, its use should not be decided in the context of such an end in itself. Instead, the individual advantages and disadvantages of cloud use for the company should be weighed up.

Likewise, there is a risk of wrong decisions if the use of cloud computing is decided solely on the basis of cost. According to one study, IT executives are well aware of how important the use of cloud computing is – also in terms of cost optimization. However, according to the survey, not all IT decision-makers are aware of how these potentials can be realized because of a lack of understanding or skills.[x] The fact that the potential savings from the cloud are not recognized and that the costs of the cloud are not optimized well enough can lead to cloud projects being classified as less lucrative than they actually are. This is how the barriers to adopting cloud native identified in our Cloud Native Study arise; the priority of cloud projects is not high enough to allocate budget accordingly, and management may not always be on board.

There is obviously still a great need for the corresponding expertise. Or are such decisions not left to the most appropriate individuals in the end?

A cloud transformation project is resource-intensive until it is completed. So at first glance, it seems quite rational to put such a project on the back burner. However, the quick wins that a cloud transformation brings are often neglected here.

On one hand, there are quick wins made possible by the cloud. For example, new services and their acceptance can be tested in test and development environments with comparatively little risk. These quick wins also include SaaS solutions that enable rapid application and which are also provided via the public cloud.

On the other hand, the public cloud as such is already a quick win thanks to the high speed of its provision (and shut down). Services can be quickly made available to everyone in the company without having to make large hardware investments. Needs can be adjusted quickly and easily. There is thus no great risk.

However, “Lift and Shift” is not a quick win of public cloud. The method carries the risk of not using the advantages of the cloud – including cost efficiency.

There is a reason why typical cloud native paradigms suggest proceeding in a gradual and iterative manner. Agile approaches are based on regularly gathering feedback and delivering something testable after each sprint. In a similar way, a cloud transformation also leads to quick wins – but not if it is carried out as a gigantic waterfall project that hints at results only at the end.

The following pattern from the Cloud Native Pattern Library offers a solution.[xi] Initially, there is a lot of experimentation, the possibilities remain broad, and the financial commitment is correspondingly low. In the course of the project, options for action are excluded, while others are focused on and validated by proofs of concept (POC). Finally, and only at this point is the financial commitment really high and the most promising path (big bets) taken.


In this way, the first advantages of cloud use can be created, and potentials for the company can be uncovered right from the start with little resource expenditure and correspondingly low costs.

Germany’s cloud inertia – a question of mindset

The list of supposed obstacles is long. In connection with a mainly American range of services, concerns about data security in particular play a role for female IT decision-makers. In addition, inappropriate criteria are often used for decisions on cloud projects. A lack of appropriate cloud knowledge becomes clear here. This is certainly also largely due to the low priority of cloud computing for many companies up to now.

However, upon closer inspection, it becomes clear that the obstacles are surmountable. Is cloud penetration in Germany ultimately a question of mindset? Companies seem to get in their own way by assuming problems are insurmountable and not questioning them. The goal is thus first of all a change of perspective and the realisation that cloud computing is perfectly compatible with German guidelines and standards.

There is a broad landscape of public cloud services led by the three hyperscalers AWS, Azure, and Google. The greatest shortcoming of these seems to be the supposedly low level of data security – although this is actually not that low. On the contrary, with the right handling of the cloud, a more secure data environment than in local data storage can be created. The necessary expertise coupled with decision-making criteria that are adapted to the fast-moving environment of cloud applications are good prerequisites for putting Germany ahead in the global cloud comparison. A critical examination of the advantages and disadvantages of the public cloud for one’s own company and a solution-oriented approach can succeed in doing just that. Because the primary goal is to embrace the idea of the public cloud and not let perceived risks prevent you from taking the initial steps.

The circumstances of the pandemic have forced many companies to change perspective and move to public cloud solutions earlier than perhaps originally intended. It thus remains to be seen how the market will change and what place German companies will take in it.


Would you like to finally tackle or expand cloud computing? Get in touch with us!

Get in touch

Get in touch