IONOS Cloud

Provider-specific sources from the current dataset. Use the Compass for scoring, weighting, and A/B comparison.

Compare in the Compass

Provider Snapshot

Criterion	Score
Customer content in the EU	3.0
Customer-created metadata in the EU	3.0
Physically & logically separated	2.0
EU-based operations & support	2.0
No critical non-EU dependencies	3.0
Ownership / ultimate parent (EU-owned?)	5.0
Controlling interest & FISA 702 risk (jurisdiction ≠ residency)	5.0
Local contracting entity & EU governance (operational model)	3.0
Independent advisory board	0.0
EU root CA / trust services	1.0
BSI C5	4.0
ISO 27001 / ISMS	3.0
IT-Grundschutz (BSI)	4.0
SecNumCloud (ANSSI)	0.0
Open standards / API portability	5.0
Service portfolio depth	3.7
Geographic footprint & redundancy (regions/AZ/DCs in EU/DE)	4.0
Audit reports / evidence pack	3.0
Policy enforcement (guardrails)	2.0
Default deny / secure by default	4.0
Independent verification (continuous)	2.0
Blackbox exposure (ops/control plane)	2.0
Operator access exclusion (workload scope)	1.0
IaC & automation (Terraform/OpenTofu, SDKs, APIs)	4.0
Everyday SDLC/DevOps (CI/CD, registry, secrets, K8s)	3.0
Observability (logs/metrics/traces, alerting)	4.0
Limits/quotas (transparency & increase)	4.0
Reference architectures / landing zones	2.0
Unified security stack	3.3
Energieeffizienz / PUE & Zielwerte	5.0
CO₂-/Wasser-Reporting + erneuerbare Energiequellen	5.0

Scope: IaaS

Customer content in the EU: 3.0; Customer-created metadata in the EU: 3.0; Physically & logically separated: 2.0; EU-based operations & support: 2.0; No critical non-EU dependencies: 3.0; Ownership / ultimate parent (EU-owned?): 5.0; Controlling interest & FISA 702 risk (jurisdiction ≠ residency): 5.0; Local contracting entity & EU governance (operational model): 3.0; Independent advisory board: 0.0; EU root CA / trust services: 1.0; BSI C5: 4.0; ISO 27001 / ISMS: 3.0; IT-Grundschutz (BSI): 4.0; SecNumCloud (ANSSI): 0.0; Open standards / API portability: 5.0; Service portfolio depth: 3.7; Geographic footprint & redundancy (regions/AZ/DCs in EU/DE): 4.0; Audit reports / evidence pack: 3.0; Policy enforcement (guardrails): 2.0; Default deny / secure by default: 4.0; Independent verification (continuous): 2.0; Blackbox exposure (ops/control plane): 2.0; Operator access exclusion (workload scope): 1.0; IaC & automation (Terraform/OpenTofu, SDKs, APIs): 4.0; Everyday SDLC/DevOps (CI/CD, registry, secrets, K8s): 3.0; Observability (logs/metrics/traces, alerting): 4.0; Limits/quotas (transparency & increase): 4.0; Reference architectures / landing zones: 2.0; Unified security stack: 3.3; Energieeffizienz / PUE & Zielwerte: 5.0; CO₂-/Wasser-Reporting + erneuerbare Energiequellen: 5.0

Sources / Evidence

Customer content in the EU

IT-Grundschutz (ISO 27001 auf Basis BSI IT-Grundschutz) für Betrieb in DE: Compute Engine, IONOS Object Storage, Managed Backup & Managed Services (eigene DCs + Co-Locations Frankfurt/Berlin) (stated).

Customer-created metadata in the EU

Deutsche RZ (eigene + Co-Location Frankfurt/Berlin). IT-Grundschutz-zertifiziert. EU-Fokus.

Physically & logically separated

Eigenes Provider-Stack; kein AWS/Azure/GCP Sub-Service. Trennung zu Drittanbietern abhängig vom Setup.

EU-based operations & support

IONOS SE (DE): Unternehmenssitz DE; 24/7 Support (stated). EU-only Privileged Access/Break-glass nicht öffentlich belegt.

No critical non-EU dependencies

United Internet AG (DE) als Muttergesellschaft. RZ in Deutschland. Gaia-X-Engagement.

Ownership / ultimate parent (EU-owned?)

IONOS (DE) – Teil der United Internet Gruppe (DE) (stated).

Controlling interest & FISA 702 risk (jurisdiction ≠ residency)

Ultimate Parent: United Internet (DE/EU). Kein US-Parent; Risiko extraterritorialer US-Zugriffspflichten deutlich geringer (trotz internationaler Geschäftstätigkeit).

Local contracting entity & EU governance (operational model)

IONOS SE (DE/EU); Governance nach EU-Recht (stated).

Independent advisory board

Kein unabhängiges Advisory Board dokumentiert.

EU root CA / trust services

Keine spezifische Dokumentation zu EU Root CA / Trust Services.

BSI C5

BSI C5 Type 1 Testat für Compute Engine, Cloud Cubes, S3 Object Storage (Nov 2023) (stated).

ISO 27001 / ISMS

ISO 27001 (IONOS Gruppe) + IT-Grundschutz-Zertifikat (Scope siehe Zertifikatsseite).

IT-Grundschutz (BSI)

IT-Grundschutz: ISO 27001-Zertifikat auf Basis IT-Grundschutz für Betrieb von Compute Engine, IONOS Object Storage, Managed Backup, Managed Services in DE (inkl. DCs + Co-Locations Frankfurt/Berlin) (stated).

SecNumCloud (ANSSI)

TBD.

Open standards / API portability

SECA API: offener Industriestandard / neue API-Spezifikation für Cloud-Infrastruktur-Management; soll EuroStack unterstützen (stated).

Service portfolio depth

Stärker IaaS/Cloud Kernportfolio; Hyperscaler-Breite geringer (typisch).

Geographic footprint & redundancy (regions/AZ/DCs in EU/DE)

Mehrere DE-Standorte/Locations (z.B. Berlin, Frankfurt, Karlsruhe; Frankfurt de/fra/1+2) (stated).

Audit reports / evidence pack

C5-Testat & Zertifizierungsreport teils „auf Anfrage“ verfügbar (stated).

Policy enforcement (guardrails)

IAM Roles & Permissions dokumentiert; zentrale Config-Guardrails nicht explizit belegt (partial).

Default deny / secure by default

Network Security Groups: 'deny all' für nicht explizit erlaubten Traffic (secure-by-default).

Independent verification (continuous)

ISO/C5 u.a. Compliance-Reports vorhanden (periodisch); keine Continuous/maschinenlesbare Verification öffentlich belegt.

Blackbox exposure (ops/control plane)

C5 + IT-Grundschutz schaffen Teilblick. Aber: Control-Plane-/Ops-Transparenz begrenzt öffentlich dokumentiert.

Operator access exclusion (workload scope)

Kein Confidential Computing-Angebot dokumentiert. Standard-Zugriffskontrollen (RBAC, Logging).

IaC & automation (Terraform/OpenTofu, SDKs, APIs)

Cloud API + OpenAPI Specs, Terraform Provider, SDKs (z.B. Go), auch Pulumi Provider (über Terraform).

Everyday SDLC/DevOps (CI/CD, registry, secrets, K8s)

Basis-Bausteine vorhanden (K8s, Networking, Security). DevTools/CI/CD eher über Ökosystem/Partner; Provider-APIs zentral.

Observability (logs/metrics/traces, alerting)

Logging Service + Monitoring Service (API-basiert) sowie Activity Logs.

Limits/quotas (transparency & increase)

Quotas/Limits werden in Docs genannt; Quota-Usage via Cloud API (Contracts) abrufbar; Erhöhungen via Support.

Reference architectures / landing zones

How-tos/Guides vorhanden; dedizierte „Landing Zone“ Patterns je nach Projekt prüfen.

Energieeffizienz / PUE & Zielwerte

Nachhaltigkeitsbericht mit PUE-Targets pro Data Center; WUE erstmals gemessen (2024: 0.003). 100% erneuerbarer Strom in eigenen DCs. (Quelle: IONOS Sustainability Report 2024)

CO₂-/Wasser-Reporting + erneuerbare Energiequellen

ESG-Reporting inkl. 100% erneuerbarer Strom (DCs), Scope-Reporting, Carbon- & Water-KPIs (WUE) und Targets. (Quelle: IONOS Sustainability Report 2024)

Service catalog (core/security)

Expand to load the service catalog …