Status
Data protection is no longer just a «nice to have» – for many organisations, it has become an indispensable core element of their compliance strategy. This is especially true in regulated industries such as government, finance, and healthcare, where companies handle particularly sensitive data. Today, strict requirements apply not only to where data is stored, but also to who is allowed to access it.
At Nine, we increasingly work with customers who have very high expectations when it comes to compliance and data protection. It’s no longer just about standard practices like encryption or access control: many organisations face specific regulatory requirements. For example, some customers are not only prohibited from storing data abroad, but must also technically prevent any access from outside Switzerland. ISO 27001 certification and Swiss data residency are therefore mandatory – but on their own, they’re not enough.
Technically blocking access from abroad
These requirements presented a unique challenge for us in the context of our 24/7 availability and support. In addition to our Swiss team, we also rely on colleagues in Canada as part of our «follow the sun» model. That’s a global support approach where teams in different time zones take over tasks to ensure continuous service in the company’s country of residence. The Canadiens in our team handle incidents outside of regular working hours in Switzerland.
For systems with particularly strict data protection requirements, however, we had to ensure that access is technically limited exclusively to Switzerland – even in the event of a support incident.
Our solution: such cases are now identified in real-time and can optionally be escalated to our Swiss on-call team. This ensures that systems with high regulatory demands are only ever accessed and maintained by staff physically located in Switzerland, but still around the clock.
Trust through transparency and flexibility
One recent example: a customer migrated from Google Cloud Switzerland to our own Nine infrastructure. The motivation was clear: maximum control over data and access, paired with contract flexibility that hyperscalers like AWS, Google Cloud, or Microsoft Azure simply cannot offer.
Thanks to our relatively small size, we are able to act quickly and with a customer-centric mindset. We can now offer individual agreements tailored to the specific data protection needs of each client – as long as they are technically and operationally feasible.
Compliant with Zurich’s data protection authority
We are particularly proud that our solutions also meet – in full – the stringent requirements of authorities such as the data protection office of the Canton of Zurich. This gives our customers an added layer of assurance and gives us confidence that we’re on the right track.
Data protection is not a hurdle, it’s an opportunity
At Nine, we don’t view compliance as a burden. We see it as a differentiator. We support companies in meeting even the strictest requirements – without sacrificing scalability, availability, or flexibility. For us, data protection is not a side issue, it’s a core part of our daily operations.
