Securecloud
Close  menu
SecureCloud at...
Blog Posts

SecureCloud at it-sa 2025

Written By Sebastian Deck
Oct 7, 2025

SecureCloud was an exhibitor at the it-sa Expo&Congress in Nuremberg in 2025 - the most important trade fair for IT security in the German-speaking world. For three days (October 7-9, 2025), everything revolved around cloud security, data sovereignty and resilient infrastructures. it-sa is regarded as the central platform for the European IT security community and brings together providers, CISOs and IT managers in Nuremberg. For us, it's one of the highlights of the year - and a reason to make an appearance: with numerous colleagues and the largest trade fair stand we've ever had.

"it-sa 2025 showed that customers want two things at the same time: maximum security and smooth day-to-day work. This can easily go together - if companies make security the standard, not an add-on."
- Marcus Müller, CEO & Founder, SecureCloud

IT security must become suitable for everyday use

The discussions at the stand revealed clear priorities: Data residency in Germany, security by design instead of "nice-to-have" - and legally compliant e-signatures for regulated processes. This is precisely where many companies still have some catching up to do: it is not enough to tick off compliance checklists and file them away; what is important is an architecture that, for example, maps access, proof and failure scenarios in a comprehensible way.

"Compliance is a hygiene factor. The decisive factor is how easily teams can do the right things securely - from sharing sensitive files to legally binding signatures."
- Stanislaus Herzel, Head of Sales, SecureCloud

  1. Data residency & sovereignty: why location matters when it comes to hosting
    Since the ECJ's "Schrems II" ruling at the latest, international data transfers must be carefully examined and, if necessary, secured with additional protective measures. Anyone processing personal data needs clear answers:
    Where is the data located? Who has access? Which jurisdictions apply? Official bodies emphasize: Additional measures are required for transfers to third countries without an adequacy decision. For many companies, data storage in Germany/EU with strict access control is therefore the most pragmatic option. BfDI+1

    Our special SecureCloud approach:
    - Operation exclusively in German data centers, client separation, end-to-end encryption
    - Customer key (BYOK) and strict admin controls based on the dual control principle
    - Export interfaces with signed archives for audits and exit scenarios

    "Data sovereignty means retaining technical and contractual control. Location, keys, protocols - everything must be verifiable."
    - Raphael Ernst, CTO SecureCloud

  2. Security by design: data protection as a standard approach - not a special case
    Instead of "securing" products, security belongs in the processes: File shares with expiration dates and watermarking, role-based access, mandatory SSO/MFA, audit-proof protocols. This turns security into a productivity standard rather than a brake pad.

    What has proven itself:
    - Secure collaboration with standardized release policies, automatic encryption defaults and traceable versions.
    - Identity-centric control (SSO/SCIM) so that rights are properly assigned to roles and offboarding works reliably.
    - Resilience by design: backups outside the primary stack, tested restore paths, defined RTO/RPO.

    "Resilience means that we plan for both normal operation and exceptional circumstances. Today, resilient IT is no longer an extra, but a basic requirement for the IT architecture of every company."
    - Marcus Müller, CEO, SecureCloud

  3. E-signatures in regulated environments: fast and legally compliant
    Electronic signatures have long been standard - the decisive factor is the appropriate level of trust. According to eIDAS, the qualified electronic signature (QES) has the same legal effect as a handwritten signature and fulfills the legal written form. It is often the safe choice for sensitive applications (procurement, HR processes, medical consent, committee resolutions). Authorities and trusted service information centers clearly describe the legal basis.

    Current priorities:
    - Embed QES in existing workflows (without shadow IT)
    - Carry out clean identification once, then 2-factor signing with clear roles/representations
    - Ensure archivability & traceability (time stamps, logs, signature verifiability)

    "E-signatures will only be accepted if they are simpler than printing, signing and scanning - and still remain legally compliant."
    - Habib Bejaoui, Sales Manager Germany, Namirial

How secure is your data? Our "30-day checklist"

  1. Classify data (critical / confidential / internal) and define storage.
  2. Define roles & rights (least privilege, dual control principle for admins).
  3. Introduce mandatory SSO + MFA, harden privileged access.
  4. Adopt e-signature policy for 3 core processes (contracts, HR, purchasing).
  5. Test backup & restore in real life - incl. signed, encrypted exports.
  6. Carry out resilience exercises (table-top) for incident scenarios.
  7. Store evidence (logs, DPO/audit packages) centrally and verifiably.

it-sa 2025 - classification & outlook

it-sa confirms its status as the leading European trade fair for IT security. For decision-makers, this means orientation, best practices and concrete roadmaps on how IT security can be incorporated into everyday processes. In 2026, the competition will not be decided by individual features, but by how seamlessly companies combine security, sovereignty and productivity.

SecureCloud auf der it-sa
Von links: Christopher Leininger, Oliver Larisch, Stanislaus Herzel, Marcus Müller, Nicole Bleisteiner, Raphael Ernst, Georg Manthey
SecureCloud Stand auf der it-sa
 able to read.
it-sa
Vortrag von SecureCloud auf der it-sa
 able to read.
it-sa Messe von außen

FAQ

What is it-sa?

One of the leading European trade fairs for IT security in Nuremberg, incl. congress program Congress@it-sa.

When did it-sa 2025 take place?

From October 7 to 9, 2025 in Nuremberg (Exhibition Center).

Which signature is legally binding?

According to eIDAS, the QES has the same legal effect as a handwritten signature and fulfills the written form requirement.

Why is everyone talking about data residency?

Since Schrems II, data transfers to third countries without an adequacy decision are only legally secure with additional protective measures - many companies therefore rely on EU/DE locations.

After the trade fair is before the trade fair

Couldn't make it to Nuremberg or want to catch up on the demos? Request a consultation now - in just 30 minutes, we will show you how to implement data residency, security by design and e-signatures in practice.

Interessiert Sie die souveräne Cloud?

Unsere Experten erklären Ihnen gerne mehr.

Beratungstermin vereinbaren
Picture of Sebastian Deck

Sebastian Deck

Sebastian Deck is Chief Marketing Officer (CMO) at SecureCloud and is responsible for brand strategy, communications and marketing. He has many years of experience in building and leading international marketing teams in consulting, fintech and technology companies. At SecureCloud, he drives brand positioning, thought leadership and lead generation. He also manages go-to-market initiatives and campaigns to position SecureCloud as a leading provider of cyber security and secure cloud services.

Topic

Subscribe to our Newsletter

Related Articles

Trade Shows & Events

4 Min read

KOMMUNALE 2025: Digital sovereignty & resilience in the administration

KOMMUNALE Recap: Sovereign Hosting, Security by Design & E Signature - with a 30-day checklist for municipalities.

Read more
Trade Shows & Events

2 Min read

SecureCloud at it-sa, Europe's largest trade fair for IT security

SecureCloud at it-sa 2024 in Nuremberg. Try encrypted cloud storage for businesses, electronic signatures, and more!

Read more