SecureCloud was an exhibitor at the it-sa Expo&Congress in Nuremberg in 2025 - the most important trade fair for IT security in the German-speaking world. For three days (October 7-9, 2025), everything revolved around cloud security, data sovereignty and resilient infrastructures. it-sa is regarded as the central platform for the European IT security community and brings together providers, CISOs and IT managers in Nuremberg. For us, it's one of the highlights of the year - and a reason to make an appearance: with numerous colleagues and the largest trade fair stand we've ever had.
"it-sa 2025 showed that customers want two things at the same time: maximum security and smooth day-to-day work. This can easily go together - if companies make security the standard, not an add-on."
- Marcus Müller, CEO & Founder, SecureCloud
IT security must become suitable for everyday use
The discussions at the stand revealed clear priorities: Data residency in Germany, security by design instead of "nice-to-have" - and legally compliant e-signatures for regulated processes. This is precisely where many companies still have some catching up to do: it is not enough to tick off compliance checklists and file them away; what is important is an architecture that, for example, maps access, proof and failure scenarios in a comprehensible way.
"Compliance is a hygiene factor. The decisive factor is how easily teams can do the right things securely - from sharing sensitive files to legally binding signatures."
- Stanislaus Herzel, Head of Sales, SecureCloud
- Data residency & sovereignty: why location matters when it comes to hosting
Since the ECJ's "Schrems II" ruling at the latest, international data transfers must be carefully examined and, if necessary, secured with additional protective measures. Anyone processing personal data needs clear answers:
Where is the data located? Who has access? Which jurisdictions apply? Official bodies emphasize: Additional measures are required for transfers to third countries without an adequacy decision. For many companies, data storage in Germany/EU with strict access control is therefore the most pragmatic option. BfDI+1
Our special SecureCloud approach:
- Operation exclusively in German data centers, client separation, end-to-end encryption
- Customer key (BYOK) and strict admin controls based on the dual control principle
- Export interfaces with signed archives for audits and exit scenarios
"Data sovereignty means retaining technical and contractual control. Location, keys, protocols - everything must be verifiable."
- Raphael Ernst, CTO SecureCloud
- Security by design: data protection as a standard approach - not a special case
Instead of "securing" products, security belongs in the processes: File shares with expiration dates and watermarking, role-based access, mandatory SSO/MFA, audit-proof protocols. This turns security into a productivity standard rather than a brake pad.
What has proven itself:
- Secure collaboration with standardized release policies, automatic encryption defaults and traceable versions.
- Identity-centric control (SSO/SCIM) so that rights are properly assigned to roles and offboarding works reliably.
- Resilience by design: backups outside the primary stack, tested restore paths, defined RTO/RPO.
"Resilience means that we plan for both normal operation and exceptional circumstances. Today, resilient IT is no longer an extra, but a basic requirement for the IT architecture of every company."
- Marcus Müller, CEO, SecureCloud
- E-signatures in regulated environments: fast and legally compliant
Electronic signatures have long been standard - the decisive factor is the appropriate level of trust. According to eIDAS, the qualified electronic signature (QES) has the same legal effect as a handwritten signature and fulfills the legal written form. It is often the safe choice for sensitive applications (procurement, HR processes, medical consent, committee resolutions). Authorities and trusted service information centers clearly describe the legal basis.
Current priorities:
- Embed QES in existing workflows (without shadow IT)
- Carry out clean identification once, then 2-factor signing with clear roles/representations
- Ensure archivability & traceability (time stamps, logs, signature verifiability)
"E-signatures will only be accepted if they are simpler than printing, signing and scanning - and still remain legally compliant."
- Habib Bejaoui, Sales Manager Germany, Namirial
How secure is your data? Our "30-day checklist"
- Classify data (critical / confidential / internal) and define storage.
- Define roles & rights (least privilege, dual control principle for admins).
- Introduce mandatory SSO + MFA, harden privileged access.
- Adopt e-signature policy for 3 core processes (contracts, HR, purchasing).
- Test backup & restore in real life - incl. signed, encrypted exports.
- Carry out resilience exercises (table-top) for incident scenarios.
- Store evidence (logs, DPO/audit packages) centrally and verifiably.
it-sa 2025 - classification & outlook
it-sa confirms its status as the leading European trade fair for IT security. For decision-makers, this means orientation, best practices and concrete roadmaps on how IT security can be incorporated into everyday processes. In 2026, the competition will not be decided by individual features, but by how seamlessly companies combine security, sovereignty and productivity.
FAQ
What is it-sa?
One of the leading European trade fairs for IT security in Nuremberg, incl. congress program Congress@it-sa.
When did it-sa 2025 take place?
From October 7 to 9, 2025 in Nuremberg (Exhibition Center).
Which signature is legally binding?
According to eIDAS, the QES has the same legal effect as a handwritten signature and fulfills the written form requirement.
Why is everyone talking about data residency?
Since Schrems II, data transfers to third countries without an adequacy decision are only legally secure with additional protective measures - many companies therefore rely on EU/DE locations.
After the trade fair is before the trade fair
Couldn't make it to Nuremberg or want to catch up on the demos? Request a consultation now - in just 30 minutes, we will show you how to implement data residency, security by design and e-signatures in practice.