There is data security, and then there is Swiss data security.
The difference was explained to me by Stéphan Grouitch in a conference room deep within a mountain in the Swiss Alps, lit by a subterranean buzz of fluorescent lights. To get to here, under more than 3,000 feet of stone and earth, I showed my passport (something I didn’t have to do to enter the country from Germany), had my finger scanned repeatedly, and passed under security cameras and motion detectors. A blast door, thicker than my forearm is long, is said to protect this old Cold War bunker against a 20-megaton bomb.
“The country has always stored valuables for people all around Europe—even before money,” says Grouitch, CEO of Deltalis, the company that owns the bunker. When Deltalis first looked into acquiring the facility from the Swiss military, it considered storing gold bullion here. Instead, it now runs a farm of computer servers where data is safeguarded by strict privacy laws and a unique culture of discretion. To legally access someone’s data here, you’ll need an order from a Swiss judge.
A Swiss play in data security has been under way for around a decade, mostly in connection to banking. But the controversy around global surveillance by the U.S. National Security Agency is “a huge development,” says Franz Grüter, CEO of Green, an Internet service provider whose state-of-the-art data center in the village of Lupfig is being filled out “years ahead of schedule.”
To get a sense of the opportunity, one need only look at the projected losses the U.S.-based cloud services industry (including Google, Microsoft, and IBM) is facing because of anxiety and indignation over U.S. wiretapping. Estimates of lost market share through 2016 range from $35 billion to $180 billion (according to Forrester Research).
Switzerland isn’t the only country hoping to cash in. Finland’s F-Secure recently released a Dropbox competitor called Younited. And a consortium of German telecoms, ISPs, and e-mail providers has backed an “E-Mail Made in Germany” program that aims to keep communication data routed and stored in-country when possible. In February, German chancellor Angela Merkel attended talks in Paris on building an all-European communications network so that “one shouldn’t have to send e-mails and other information across the Atlantic.”
European companies, according to Grüter, now routinely question where data is physically stored—and are declining U.S. offers. One result is that a cluster of privacy companies is forming in Switzerland. ID Quantique makes the Centauris CN8000, one of the world’s first commercial encryption systems using quantum mechanics. And Blackphone, a secure handset launched by U.S. privacy pioneer Phil Zimmerman, will store subscribers’ telephone numbers on Swiss servers.
Altogether, Switzerland has around 1,440,000 square feet of data-center space. While that is far less than is available in countries like the U.S. and Germany, it’s a lot relative to Switzerland’s population of eight million.
Richard Straub, head of market development at ID Quantique, says Swiss innovations are backed by strong research at universities like EPFL in Lausanne, ETH-Zürich, and the University of Geneva. They also benefit from local demand. When ID Quantique took its products to market, it found early, and eager, customers in the banking industry and in government. Officials in Geneva have used its technology to help transmit federal election results since 2007, and in online voting for citizen initiatives since 2009.
So whom can you trust with your data? Grouitch thinks Switzerland’s appeal should be obvious. “This country really is a vault in the center of Europe,” he says.