Where is information stored securely? On a private server not accessible from outside and protected by law or on foreign publicly accessible servers not protected by local laws?
So both the German and French governments host Nextcloud firewalled off from the internet. Others use things like a reverse proxy (City of Geneva). Most customers just run Nextcloud internet-facing, as that is the easiest if you want to collaborate and work remotely. We trust Nextcloud to be perfectly safe for that, at least as safe as any complex piece of software can every be, of course. We have a very active security team, the latest security measures and a bug bounty program where you get up to $5K for reporting issues to us.
Those quotes read like typical PR statements made by politicians. I was hoping for a bit more.
I can’t find it now but it wasn’t long ago that the NextCloud (or was it OwnCloud) FAQ had a note about security that read something like “we’re busy adding features we’ll get to security later”. It left me feeling uneasy. I would have hoped security would have been part of the design. Maybe I’m just getting old...
Things have changed a fair bit since the early ownCloud days - you'll be hard pressed to find a large PHP app with so few security issues, and that's not me saying that but quoting a pentest firm hired by the Swiss city of Geneva which audited Nextcloud recently. See https://nextcloud.com/secure - thoughts are, of course, always welcome.