So the focus of the question that companies ask themselves on their way to the cloud has shifted. The whether has become a how. “All cloud providers are not equal,” Söllner says. “Many companies remain uncertain, particularly with regard to the major providers in the United States. The technology can be as beneficial as possible, but if the trust in the provider isn’t there, only a fraction of companies will decide to use the service.”
In his research Söllner has identified various approaches that must come to pass before companies can confidently outsource data storage. “Generally,” he says, “it’s about me as a provider not disappointing companies that are increasingly willing to make a changeover to the cloud. A business entrusts me with its most precious thing, the data upon which its success rests. As a provider, this is about being a dependable partner who dispels the final doubts and conveys the certainty that the data is secure.”
TÜV SÜD’s Chief Digital Officer, Dr. Dirk Schlesinger, can confirm this. Lately he has often sat face to face with potential clients who talked about wanting to take the plunge into cloud computing but who also had reservations about the majority of data center providers and cloud infrastructures based in the United States. Schlesinger says, “My conversations usually came down to the same two topics. Namely, that data could be hacked from outside the cloud. And that the majority of businesspeople have major reservations about whether that data might also be able to be read from the inside, meaning by the cloud providers themselves.”
On the Right Path
Five Trust-Building Approaches for Using the Cloud
Openness, Transparency and Problem Awareness
Cloud providers should deal openly with their clients’ potential misgivings, transparently answer all questions and be proactive about providing information on new developments.
Reviews and specialist articles by third parties, including analysts or journalists, as well as references from familiar clients, create trust.
Being able to address a client’s security requests in a customized manner can minimize potential reservations and lowers inhibitions about outsourcing the storage of sensitive data.
Data Security and Data Protection
Cloud providers must show that they are actively addressing the topic and using solutions that are designed to correspond to the demands of data protection (privacy by design) and are state of the art. The data center must be located in the European Economic Area. Furthermore, a data center located in the home country is also important for many clients.
Quality of Service
Objective certifications of business processes, data centers and employees by independent third parties signal high quality to clients and create trust.
There are few companies that enjoy such a high degree of trust among their clients and in the public eye as TÜV SÜD. The theme of “creating trust” wasn’t just the maxim for the company’s 150th anniversary in 2016, but has always been a central brand essence for a company that inspects technical safety in a variety of areas of work and life as a neutral and independent third-party provider. As TÜV SÜD Chairman of the Board of Management Prof. Axel Stepken so succinctly summarized it “Only safety and security can turn innovation
This applies also to all things digital: TÜV SÜD, working in cooperation with its affiliate Uniscon, headquartered in Munich, is also a neutral operator of a dependable cloud solution. As CDO Schlesinger puts it, “The high degree of trust enjoyed by TÜV SÜD may help such solutions finally achieve a breakthrough.”
With their Sealed Cloud security technology, TÜV SÜD and Uniscon solve one of the basic problems of secure cloud computing: provider access. While the Sealed Cloud ensures that data transmission and data storage is always encrypted and that the data is secure from outside attacks, it also ensures that the data and connection information are protected during processing: the cloud operator and its administrators have no access whatsoever.
To protect the cloud data, the data center is segmented in such a way that in the case of an attack from outside or inside, portions of the data or even all of it can automatically be deleted with the help of what is known as data clean-up technology. What’s more, sophisticated key-distribution procedures ensure that only the authorized user has the key for decrypting the data and that absolutely no one within the cloud computing provider has one.
It is precisely this protection from internal attackers, such as the employees of cloud computing providers, that is the main advantage of the Uniscon solution. As Managing Director Dr. Hubert Jäger, a cofounder of the TÜV SÜD affiliate, says: “Much is said about external cyber attacks, yet the risk of data abuse is primarily found in internal processes. Potential hackers have a very short pathway to the data, which they can view, copy, change or delete.” But with the help of the Sealed Cloud, this type of attack can be eliminated. “A very large number of people would have to work together in a bad-faith coalition to bypass this technology. The likelihood of this happening is infinitesimally small.”
Secure Data Exchange with iDGard
Uniscon GmbH, a company that specializes in highly secure cloud solutions, has been a part of the TÜV SÜD Group since mid-2017. The company’s iDGARD cloud service, based on Sealed Cloud technology, makes data communication possible so that unauthorized persons can neither read nor copy it. Using this service for digital teamwork, companies thereby create a safe virtual data space for projects in the cloud and can thus dispense with FTP and file-sharing services. ABOUT TRUST readers have the opportunity to test the service for 30 days, free of charge, using the bonus code 30DAYS-ABOUT. Register at: idgard.de/business-registrierung
In particular small and medium-sized companies, those with the most start-up difficulties for a pathway to cloud computing, should be able to benefit from such a secure solution and gain more confidence—the trend certainly suggests this is the case. The Cloud Monitor 2017, a representative study by auditors KPMG in cooperation with Bitkom Research, showed that small and medium-sized companies have practically caught up with larger companies with regard to cloud computing. For 80 percent of German small and medium-sized companies, cloud computing will be a mainstay for their future IT strategy.
However, Schlesinger finds that a distinction must be made between quantity and quality. Smaller and medium-sized companies often still shy away from outsourcing business-critical data. “What we’re talking about here is organizational and communication applications, not design files or supply chain data,” he says. “But if I use the entire potential of the cloud as an entrepreneur, I can develop and refine existing business fields and offer new digital products.” In other words: keeping up with competitors or even gaining an advantage. As Uniscon’s Hubert Jäger explains, “Working together with TÜV SÜD, we’re involved in offering companies such a broad range of potential uses.” These especially include analytics projects as part of Industry 4.0 and the Internet of Things.
“The deluge of data will continue to increase,” Jäger says. “The more important as an asset that data becomes, the stricter that data protection requirements will become. According to the new EU General Data Protection Regulation, which comes into effect as of May 2018, you are required as a business to implement technical data protection and also to verify this with your clients. The pressure to act within the law in the use of personal data is something our clients are thinking about a lot.” Due to its high security factor, Sealed Cloud technology can address these concerns, and much, much more.
The Thinking Car
The Sealed Cloud Increases Security in Many Areas
The automation of many automobile features can only work with the help of sensors. Cameras and radar devices continually capture the state of the vehicle’s environment. Onboard electronics transmit a portion of these datasets into the cloud of the car manufacturer. A huge amount of information comes together there, for instance data about vehicle maintenance or reports on road conditions.
An important application and a key industrial innovation is predictive maintenance. Intelligent systems monitor and service themselves autonomously. Enormous amounts of data are collected in this process. Few companies have at their disposal the necessary expertise for analyzing this data, yet it is often too sensitive to be outsourced. The Sealed Cloud solves this problem: an ingenious encryption technology provides the necessary security for the collected data, both during transmission as well as during processing.
Video Surveillance in Public Spaces
It’s a social conflict: on the one hand, we all want a high degree of security, particularly in public spaces, which can be made possible with the use of video surveillance and facial recognition software. On the other hand, the often unjustified storage and processing of such data is extraordinarily questionable from a data protection standpoint. Sealed Freeze technology ensures that data can be “thawed” only when criteria specified by previously established guidelines are met.
Internet of Things
Better traffic flows, fewer accidents: communication between machines seems to offer great promise, particularly for street traffic. But in public spaces in particular, data security and technical data protection are the linchpins for implementing such communication. If the smart management of traffic signals requires sensors along the street that measure traffic volumes, then secure data transfer and data processing are also required. This ensures that hackers and data center employees cannot access any sensitive information.
For commercial users of cloud offerings there is a categorical obligation to monitor the protective mechanisms the cloud computing provider supplies. Yet this is something these users cannot practically perform by themselves since the cloud is much too complex. In this context, the Trusted Cloud Data Protection Profile (TCDP) can help, a new auditing standard for data protection certification, initiated by the German Federal Ministry for Economic Affairs and Energy. Uniscon is one of the first companies to receive the certification for its Sealed Cloud technology. “Thanks to the TCDP certification, companies can recognize if the cloud computing services they use fulfill the statutory data protection regulations,” Jäger says. “As an operator, you’ve already met your monitoring obligations if you select a service where the level of protection matches the protection requirements. That naturally creates a high degree of trust.”
Secure cloud technologies like Sealed Cloud eliminate a multitude of problems and obstacles on the pathway to the data-based computing cloud: businesses can therefore outsource their data in powerful modules, are secure from data theft and at the same time fulfill all the statutory data protection regulations. TÜV SÜD’s Schlesinger is convinced that the advantages the cloud offers will be just one of the factors making the use of such technology no longer an issue generally. It will simply become the new normal. “The great migration is already in full swing,” he says. “I think we’ll all be working in the cloud in the next five to ten years.”