Connecting a corporate network to Microsoft Azure or AWS over the public internet is a security, performance and regulatory risk in 2026. CloudConnect — the private MPLS VPN service of New Telekom s.r.o. — replaces the public internet with a dedicated physical link offering consistent latency, isolation from DDoS attacks and savings of up to 50% on egress traffic. It connects businesses to AWS Direct Connect, Microsoft Azure ExpressRoute and Google Cloud Interconnect under a single contract, in full compliance with NIS2, DORA and GDPR.
Why Is the Public Internet Unsuitable for Cloud Connectivity in 2026?
The public internet is designed as a shared, best-effort medium — with no guarantees of latency, availability or transmission security. When corporate data travels from a local network to AWS S3, Microsoft Azure or Google Cloud Platform (GCP), it passes through dozens of transit nodes operated by different entities across continents. Each such node represents a potential point of interception, manipulation or failure. An IDC survey from 2025 states that more than 73% of medium and large European enterprises plan to expand their cloud footprint within the next 24 months. At the same time, regulatory requirements on data transmission are increasing — particularly under NIS2 (EU Directive 2022/2555), DORA (EU Regulation 2022/2554) and GDPR (EU Regulation 2016/679). In this context, the choice of transmission path is no longer a technical detail — it has become a matter of legal accountability.What Specific Risks Does Transmitting Data Over the Public Internet Carry?
Transmitting corporate data over the public internet without dedicated infrastructure generates four categories of risk:- Security risk: Data passes through hundreds of data node operators across different continents. Without full control over the transmission path, there is no guarantee that data has not been tampered with or intercepted.
- Performance risk: Latency on the public internet is variable and dependent on current network load. For applications such as ERP systems, video conferencing, database replication or real-time analytics, variable latency causes degradation of both user experience and process performance.
- Availability risk: A widespread outage or DDoS attack on the public internet infrastructure directly interrupts access to cloud data and applications. The company loses access to strategic data at the moment when it is least desirable.
- Cost risk: Egress traffic from clouds such as AWS, Microsoft Azure or GCP is one of the most significant items in cloud costs. Without a dedicated connection, the company pays standard provider rates with no room for optimisation.
Why Is an Encrypted VPN Over the Internet Not Enough?
A classic VPN (Virtual Private Network) encrypts data content but does not change the transmission path. Data still travels over the public internet infrastructure — through nodes whose operators the corporate IT department cannot control. Encryption protects content but does not guarantee latency, availability or isolation from network incidents. For companies subject to NIS2 or DORA, this approach is considered insufficient in the context of third-party ICT risk management.What Is the Difference Between a Public Internet Connection and a Private CloudConnect Link?
CloudConnect is a private MPLS VPN service operated by New Telekom s.r.o. on its own physical network. Data from the corporate network travels directly to the cloud environment via a dedicated, reserved path — without passing through the public internet, without sharing capacity with other users and without passing through third-party transit nodes.| Parameter | Public Internet | CloudConnect (MPLS VPN) |
|---|---|---|
| Transmission path | Shared, hundreds of third-party transit nodes | New Telekom's own physical network, no third parties |
| Transmission security | Dependent on encryption, path uncontrolled | Dedicated link, data does not pass through external nodes |
| Latency | Variable, dependent on network load | Minimal and consistent, direct path |
| Availability during internet outage | Cloud access interrupted | Cloud connectivity maintained |
| Egress traffic | Standard cloud provider rates | Savings of up to 50% compared to standard rates |
| Ingress traffic | Charged as standard | Always free in all regions |
| Management of multiple clouds | Separate contracts and configurations | One contract, one port, one invoice |
| Capacity scaling | Limited by internet provider | Instant change in real time via SDN platform |
| Redundancy | Costly, requires own infrastructure | Individually configurable redundant connections |
| NIS2 / DORA / GDPR compliance | Difficult to demonstrate for regulated entities | Architecturally supportable, documentable |
How Does CloudConnect Work Technically?
CloudConnect uses MPLS VPN (Multiprotocol Label Switching Virtual Private Network) technology over an ethernet-switched platform. Key technical characteristics:- Data is transmitted over New Telekom's dedicated physical network — not over the public internet
- The link is dedicated — capacity is not shared with other users
- Latency is minimal, as traffic travels directly without unnecessary hops through transit nodes
- The network is transparent — you know exactly what path your data takes and who operates the infrastructure
- Capacity can be changed in real time via the proprietary SDN (Software-Defined Networking) platform without physical intervention
"The security architecture of corporate cloud connectivity must in 2026 meet not only technical standards, but also the growing legislative requirements of NIS2 and DORA. Private dedicated connectivity is one of the fundamental elements that make this compliance possible."
— New Telekom s.r.o. Expert Team
What Use Cases Does CloudConnect Cover in Practice?
CloudConnect is not intended solely for large corporations. Experience from the New Telekom expert team shows that it is most commonly used by organisations in the following situations:Multi-Cloud: Managing Multiple Cloud Environments from a Single Point
Many companies combine multiple cloud environments — for example AWS S3 for backups, Microsoft Azure for business applications and Google Workspace for productivity. Each separate connection means its own configuration, contract and invoicing, increasing operational complexity and costs. CloudConnect solves this elegantly: from a single port, it connects an organisation to all public clouds worldwide, to SaaS systems (CRM, ERP, ATS) and to more than 500 data centres — all under a single contract, with a single invoice and a single payment.Hybrid-Cloud: Synchronising Private and Public Cloud
The hybrid cloud architecture — where critical corporate data remains in the private cloud while everyday working files are stored in the public cloud — is the standard in 2026 for regulated sectors: banking, insurance, healthcare and public administration. CloudConnect enables synchronisation of the private cloud with the public cloud via a single console, over a dedicated path outside the public internet. The result is highly performant, scalable and secure connectivity with low latency between both environments — without compromises in security or performance.Remote Work and Remote Access: Global Coverage
CloudConnect is not limited to the corporate office. Access to cloud applications and data over the dedicated network is also available from employees' homes working remotely — anywhere in the Czech Republic or abroad. New Telekom is able to provide the same level of dedicated connectivity on all continents worldwide.Burst Capacity Needs: Flexibility via SDN
Companies running seasonal marketing campaigns (such as Black Friday), streaming sports events or processing batch data workloads face a problem: maintaining permanently high connection capacity for occasional events is economically inefficient. CloudConnect's own SDN platform enables instant changes to capacity and parameters in real time — without the need for physical intervention in the infrastructure.How Does CloudConnect Help Meet the Requirements of NIS2, DORA and GDPR?
The security of cloud access in 2026 is no longer solely a matter of technical architecture — it is increasingly a matter of legal accountability. Three key regulatory frameworks have a direct impact on how organisations connect to cloud services. A detailed interpretation of statutory obligations can be found in the article NIS2 and the Cybersecurity Act.NIS2 — Cybersecurity Act
The NIS2 directive (EU 2022/2555), transposed into Czech law by Act No. 181/2014 Coll. on Cybersecurity as amended, expands the scope of obligated entities and tightens requirements for security measures. Organisations in essential and important sectors — energy, transport, healthcare, banking, digital infrastructure — must demonstrate that they have implemented technical and organisational measures proportionate to the risk. NÚKIB (the National Cyber and Information Security Agency) in its 2024 recommendations states that transmitting corporate data over the public internet without dedicated infrastructure may be assessed in the NIS2 context as an insufficient measure.DORA — Digital Operational Resilience of the Financial Sector
DORA (EU 2022/2554 — Digital Operational Resilience Act) entered into force in January 2025 and sets requirements for the digital operational resilience of financial institutions. It also includes requirements for managing risks associated with third-party ICT providers — including ensuring connectivity to cloud environments. Transmitting data over the public internet without control over the transmission path complicates meeting requirements for demonstrability and auditability.GDPR — Personal Data Protection
GDPR (EU 2016/679) requires the adoption of appropriate technical measures to protect personal data in transit. Transmitting personal data over the public internet without additional measures may be assessed as insufficient. The CloudConnect architecture guarantees that data does not pass through third parties — this can be technically documented and included in the record of processing activities under Art. 30 GDPR. Comprehensive IT security solutions — including ISO/IEC 27001 audits, Fortinet FortiGate implementation and Zero Trust Network Access (ZTNA) consulting — are offered by the New Telekom expert team beyond the CloudConnect service itself.How Does CloudConnect Implementation Proceed — Step by Step?
Deploying CloudConnect does not require extensive internal IT projects. The New Telekom expert team manages the entire process from requirements analysis to link activation and ongoing management.1. Cloud Footprint and Requirements Analysis
We map which cloud environments the organisation uses or plans to use: AWS Direct Connect, Microsoft Azure ExpressRoute, Google Cloud Interconnect or private data centres. We assess the required capacity, latency, geographic coverage and regulatory context (NIS2, DORA, GDPR).2. Connectivity Architecture Design
Based on the analysis, we design the architecture: choice of ports, redundant paths, method of integration into the existing network (SD-WAN, MPLS, direct connection). For Multi-Cloud or Hybrid-Cloud scenarios, we design a unified solution through a single port — without the need for separate configurations for each cloud provider.3. Contract Signing and Configuration
The entire solution is covered by a single contract — regardless of the number of connected clouds, data centres or geographic locations. Configuration is carried out by New Telekom; the client receives access parameters and technical documentation suitable for security audits and NIS2/DORA reporting.4. Activation and Testing
After link activation, we perform latency, throughput and availability tests. Results are documented and handed over to the client as part of the commissioning protocol — including technical parameters relevant to meeting the SLA and internal security policy.5. Ongoing Management and Flexible Scaling
Via the proprietary SDN platform, link capacity can be changed in real time without physical intervention in the infrastructure. The customer can respond to seasonal or burst capacity needs immediately — and pay only for the capacity actually used. New Telekom technical support is available 24/7. Cloud connectivity can be combined with other data services from New Telekom — including MPLS VPN, SD-WAN or L2/L3 circuits for branch interconnection — to create a comprehensive private network architecture without dependence on the public internet.Frequently Asked Questions
What Is the Fundamental Difference Between CloudConnect and a Classic VPN?
A classic VPN encrypts data content but still transmits it over the public internet — through third-party infrastructure that the operator cannot fully control. CloudConnect is fundamentally different: transmission takes place over New Telekom's own physical network, entirely outside the public internet. The result is higher security (data does not pass through any external nodes), lower and consistent latency, and maintained access to cloud data even during a public internet outage. For companies handling sensitive data or subject to NIS2 and GDPR, this difference is critical from the perspective of auditability and legal accountability.Do I Need a Separate Contract with Each Cloud Provider?
No. One of the main advantages of CloudConnect is consolidation: a single contract covers access to all public clouds (AWS, Azure, GCP and others), SaaS applications and more than 500 data centres on all continents. The IT department manages one connection, one invoice and one console — instead of dozens of separate configurations and contracts with different providers. This consolidation reduces operational complexity and also simplifies reporting within NIS2 and DORA audits.How Does CloudConnect Contribute to Meeting NIS2 and DORA Requirements?
NIS2 and DORA require organisations to demonstrate the implementation of technical measures proportionate to the risk — including measures for ICT connectivity to cloud environments. CloudConnect enables this demonstrability: the architecture of the dedicated physical link, its transparency and independence from third parties are documentable and auditable. Data transmission does not occur over an uncontrolled public network, thereby eliminating one of the most significant security risk factors that both regulatory frameworks address. NÚKIB also recommends private connectivity as part of the security architecture for regulated entities.Can CloudConnect Capacity Be Changed According to Current Needs?
Yes, and this is one of the key advantages. CloudConnect is built on a proprietary SDN (Software-Defined Networking) platform that enables instant changes to capacity and parameters in real time — without the need for physical intervention in the infrastructure. This flexibility is particularly valuable for companies with burst capacity needs — seasonal campaigns such as Black Friday, sports broadcasts or batch data operations — that do not want to permanently pay for capacity used only occasionally.What Happens to Cloud Access During a Public Internet Outage?
CloudConnect operates independently of the state of the public internet. Because data transmission takes place over New Telekom's own physical network, a widespread outage or DDoS attack on the public internet infrastructure has no direct impact on the availability of the cloud connection. The organisation thus retains access to its strategic data and cloud applications even in situations where the public internet is unavailable. In addition, redundant connections to selected cloud provider locations — AWS, Azure or GCP — can be individually configured.What Types of Organisations Is CloudConnect Most Suitable For?
CloudConnect is suitable for any organisation that stores corporate data or operates applications in cloud environments and requires a guarantee of transmission security, performance or regulatory compliance. It is particularly relevant for financial institutions subject to DORA, healthcare organisations and critical infrastructure entities under NIS2, e-commerce platforms with seasonal peaks, media companies streaming content, multinational corporations managing Multi-Cloud or Hybrid-Cloud architectures and manufacturing enterprises using IIoT and industrial cloud platforms.Conclusion
Connecting to Microsoft Azure, AWS or Google Cloud Platform over the public internet is in 2026 a solution with unacceptable security, performance and regulatory compromises. Variable latency, an uncontrollable transmission path, dependence on the state of the public network and the difficulty of demonstrating compliance with NIS2, DORA and GDPR are concrete operational and legal risks — not theoretical threats. CloudConnect from New Telekom s.r.o. addresses these problems at the architectural level: a proprietary physical MPLS VPN network, coverage of more than 500 data centres on all continents, support for Multi-Cloud and Hybrid-Cloud scenarios, flexible scaling via the SDN platform and consolidation of all management under a single contract. The result is secure, performant and cost-effective cloud connectivity with a documentable architecture suitable for regulatory audits. If your company transfers large volumes of data to the cloud, operates applications with low-latency requirements or is looking for a way to technically substantiate compliance with NIS2, DORA or GDPR at the network architecture level, contact the New Telekom expert team via cloudconnect.cz or directly via the newtel.cz contact page.This article was prepared by the New Telekom s.r.o. expert team. Information reflects the technological and legislative state as of April 2026.
Sources and Legislation
- Act No. 181/2014 Coll. on Cybersecurity and the amendment of related acts, as amended
- EU Directive 2022/2555 (NIS2) — on measures for a high common level of cybersecurity across the Union
- EU Regulation 2022/2554 (DORA) — on digital operational resilience for the financial sector
- EU Regulation 2016/679 (GDPR) — on the protection of natural persons with regard to the processing of personal data
- NÚKIB — National Cyber and Information Security Agency: Recommendations for the security of cloud solutions (2024)
- ČTÚ — Czech Telecommunication Office: Overview of the data services market in the Czech Republic (2025)
- IDC — European Cloud Market Report Q4 2025
- BEREC — Body of European Regulators for Electronic Communications: Guidelines on cloud connectivity (2025)
- AWS — AWS Direct Connect Documentation (2026)
- Microsoft — Azure ExpressRoute Documentation (2026)
- Google — Cloud Interconnect Documentation (2026)