Customer story

SGM Munich Airport: sovereign data exchange in a critical-infrastructure environment

How an aviation-security provider shares highly sensitive data with no third-country risk, from its start on SecureCloud Advanced to the Enterprise extension.

Add hero image here

At a glance

Situation and goals

Securely share highly sensitive HR, contract and security data in a KRITIS-regulated environment
No exposure to data access by US authorities under the US CLOUD Act or FISA
Exchange data across sites, authorities and partners with no grey areas around data residence or jurisdiction

Highlights

100% hosting in Germany at noris network AG in Nuremberg
Scaled from Advanced to an Enterprise extension in 18 months, with no platform change
BSI C5 and ISO 27001 built into the platform, not a task for the internal IT team
Around 630 employees covered, in use since 05/2024

About the company

SGM Sicherheitsgesellschaft am Flughafen München mbH has safeguarded aviation security at one of Europe's most important transport hubs since 1986, with around 630 employees.

IndustryAviation security (KRITIS)
LocationMunich
Employeesaround 630
Product in useSecureCloud Advanced + Enterprise extension with virus-scan module

Customer logo

The Challenge

Secure collaboration with no grey areas

As an operator of security-critical tasks in a KRITIS-regulated environment, SGM is subject to strict requirements from the German Aviation Security Act (LuftSiG), the KRITIS regulation, the NIS2 directive and the GDPR. In daily operations, sensitive HR, contract, training and security data has to be shared securely across sites, authorities and partners, with no grey areas around data residence, jurisdiction or access.

SGM therefore needed a cloud provider that offers no exposure whatsoever to data access by US authorities under the US CLOUD Act and FISA.

„For our platform decision it was clear: no third countries, no grey areas, no compromises on data control.“

Markus Zobel Leitung IT, SGM Sicherheitsgesellschaft am Flughafen München

The Solution

Sovereign infrastructure that scales

Sovereign infrastructure with no third-country risk:

SecureCloud runs its entire infrastructure exclusively in Germany, with no US parent company and no third-country transfer. This removes any exposure under the US CLOUD Act or FISA, a basic prerequisite for use in KRITIS-regulated environments.

Scaling in live operation, with no platform change:

The starting point in 2024 was SecureCloud Advanced. Within 18 months, usage was expanded to an Enterprise extension with additional features, more licences and an integrated virus-scan module, with no platform change and no migration effort.

Built-in compliance, no in-house lift:

BSI C5, ISO 27001, complete data-processing and TOM documentation, German data centres at noris network AG in Nuremberg. The regulatory substance is part of the platform, not a task for SGM's IT team.

The Result

A relieved IT team and built-in compliance

SGM now shares highly sensitive data with full legal certainty and no grey areas around jurisdiction or data residence. The built-in certification and documentation substance relieves the internal IT team and speeds up audits. The expansion from Advanced to Enterprise happened in live operation, with no migration effort and no platform change.

Placeholder: add a concrete metric (e.g. audit days saved or number of secured data rooms) - to be confirmed via Sebastian.

„With SecureCloud we found a provider that meets these requirements with full legal certainty and at the same time runs smoothly in our day-to-day IT operations, from the start with Advanced to the logical next step: the Enterprise extension.“

Markus Zobel Leitung IT, SGM Sicherheitsgesellschaft am Flughafen München

A sovereign cloud for your regulated environment?

Book a free initial consultation