DEAR READER,
HERE YOU CAN...

… BROWSE
THE ABOUT TRUST
ARCHIVE

OUR ARCHIVE

… DOWNLOAD
THE CURRENT ISSUE
AS A PDF

DOWNLOAD

… ORDER
THE ABOUT TRUST MAGAZINE
FOR FREE

CLICK HERE

Sealed Cloud Technology

The Big Move

Efficient, available everywhere and powerful: data storage in the cloud has many benefits. That some companies still hesitate with this outsourcing may also be related to fears of hackers and of espionage by platform operators. Sealed Cloud technology makes this type of data theft impossible.

Text Tino Scholz 

Imagine, if you will, that people in big cities would start generating their own electricity on their plots of land—and not just in scattered, ecological flagship projects, but everyone across the board. Every person would get water from their own well, single-handedly grow their own food and put the money they earned under their mattress instead of in a bank. Does this sound fanciful and from a long bygone era? Of course it does.

Our society, organized according to a division of labor, recognized centuries ago that it’s more advantageous for everyone if each individual doesn’t do everything on their own. Numerous tasks can be accomplished much more efficiently, cheaply and successfully by more capable institutions—which is why there are public services for supplying electricity and water, or for trash collection.

And what applies to trash, food, electricity and water will soon apply also to data. Data represents major capital for many companies and is an important commercial asset, and not just in the era of Industry 4.0 and the Internet of Things. Despite this, the majority of companies still store and process their masses of data in their own server rooms. Yet a far more powerful and economic solution exists and has been available for quite some time: cloud computing.

A Global Success

The principle: data is stored offsite in large data centers instead of being stored on location. Authorized parties get access to the data over the internet. A well-functioning and secure cloud concept is similar to that of a bank, which protects the privacy of every customer and offers a broad-scale, dependable and trustworthy service: all bank clients use the same system without having to worry that unauthorized individuals could gain access to their money—or data.

It’s no wonder that the cloud is already a success—at least in surveys, as various global studies have shown. One of these studies, conducted by IDG Connect and Oracle, found that nine of ten businesspeople in the EMEA economic area—Europe, the Middle East and Africa—believe that innovations can be more quickly implemented with the assistance of cloud services. Bain & Company, a management consultancy, predicts that worldwide revenues for cloud computing will total around $390 billion by the year 2020. If this holds true, around 60 percent of the total growth in the global IT sector would be contained in cloud computing.

“If you look at the recent past and the present, cloud infrastructure has by now generally become widely accepted,” says Matthias Söllner, assistant professor for commercial informatics, who researches the topic of creating trust in information systems at the Universities of Kassel and St. Gallen. For a long time, companies and private individuals had major qualms about the security of the cloud, as well as doubts as to practical applications.

The latter is undisputed by now: cloud solutions are easily scalable and cost-efficient, and the data can be accessed from around the world. Söllner continues, “A majority of businesspeople now know that they could be put at a competitive disadvantage without the cloud. However, reservations on the topic of security haven’t disappeared, not at all. Cyber attacks and data breaches by employees of cloud providers still create a degree of uncertainty at companies.”

So the focus of the question that companies ask themselves on their way to the cloud has shifted. The whether has become a how. “All cloud providers are not equal,” Söllner says. “Many companies remain uncertain, particularly with regard to the major providers in the United States. The technology can be as beneficial as possible, but if the trust in the provider isn’t there, only a fraction of companies will decide to use the service.”

In his research Söllner has identified   various approaches   that must come to pass before companies can confidently outsource data storage. “Generally,” he says, “it’s about me as a provider not disappointing companies that are increasingly willing to make a changeover to the cloud. A business entrusts me with its most precious thing, the data upon which its success rests. As a provider, this is about being a dependable partner who dispels the final doubts and conveys the certainty that the data is secure.”

TÜV SÜD’s Chief Digital Officer, Dr. Dirk Schlesinger, can confirm this. Lately he has often sat face to face with potential clients who talked about wanting to take the plunge into cloud computing but who also had reservations about the majority of data center providers and cloud infrastructures based in the United States. Schlesinger says, “My conversations usually came down to the same two topics. Namely, that data could be hacked from outside the cloud. And that the majority of businesspeople have major reservations about whether that data might also be able to be read from the inside, meaning by the cloud providers themselves.”


On the Right Path

Five Trust-Building Approaches for Using the Cloud

 

Openness, Transparency and Problem Awareness
Cloud providers should deal openly with their clients’ potential misgivings, transparently answer all questions and be proactive about providing information on new developments.


Third-Party Recommendations
Reviews and specialist articles by third parties, including analysts or journalists, as well as references from familiar clients, create trust.


Customization
Being able to address a client’s security requests in a customized manner can minimize potential reservations and lowers inhibitions about outsourcing the storage of sensitive data.


Data Security and Data Protection
Cloud providers must show that they are actively addressing the topic and using solutions that are designed to correspond to the demands of data protection (privacy by design) and are state of the art. The data center must be located in the European Economic Area. Furthermore, a data center located in the home country is also important for many clients.


Quality of Service
Objective certifications of business processes, data centers and employees by independent third parties signal high quality to clients and create trust.


There are few companies that enjoy such a high degree of trust among their clients and in the public eye as TÜV SÜD. The theme of “creating trust” wasn’t just the maxim for the company’s 150th anniversary in 2016, but has always been a central brand essence for a company that inspects technical safety in a variety of areas of work and life as a neutral and independent third-party provider. As TÜV SÜD Chairman of the Board of Management Prof. Axel Stepken so succinctly summarized it “Only safety and security can turn innovation
into progress.”

This applies also to all things digital: TÜV SÜD, working in cooperation with its affiliate Uniscon, headquartered in Munich, is also a neutral operator of a dependable cloud solution. As CDO Schlesinger puts it, “The high degree of trust enjoyed by TÜV SÜD may help such solutions finally achieve a breakthrough.”

With their Sealed Cloud security technology, TÜV SÜD and Uniscon solve one of the basic problems of secure cloud computing: provider access. While the Sealed Cloud ensures that data transmission and data storage is always encrypted and that the data is secure from outside attacks, it also ensures that the data and connection information are protected during processing: the cloud operator and its administrators have no access whatsoever.

To protect the cloud data, the data center is segmented in such a way that in the case of an attack from outside or inside, portions of the data or even all of it can automatically be deleted with the help of what is known as data clean-up technology. What’s more, sophisticated key-distribution procedures ensure that only the authorized user has the key for decrypting the data and that absolutely no one within the cloud computing provider has one.

It is precisely this protection from internal attackers, such as the employees of cloud computing providers, that is the main advantage of the Uniscon solution. As Managing Director Dr. Hubert Jäger, a cofounder of the TÜV SÜD affiliate, says: “Much is said about external cyber attacks, yet the risk of data abuse is primarily found in internal processes. Potential hackers have a very short pathway to the data, which they can view, copy, change or delete.” But with the help of the Sealed Cloud, this type of attack can be eliminated. “A very large number of people would have to work together in a bad-faith coalition to bypass this technology. The likelihood of this happening is infinitesimally small.”


Secure Data Exchange with iDGard

Uniscon GmbH, a company that specializes in highly secure cloud solutions, has been a part of the TÜV SÜD Group since mid-2017. The company’s iDGARD cloud service, based on Sealed Cloud technology, makes data communication possible so that unauthorized persons can neither read nor copy it. Using this service for digital teamwork, companies thereby create a safe virtual data space for projects in the cloud and can thus dispense with FTP and file-sharing services. ABOUT TRUST readers have the opportunity to test the service for 30 days, free of charge, using the bonus code 30DAYS-ABOUT. Register at: idgard.de/business-registrierung


In particular small and medium-sized companies, those with the most start-up difficulties for a pathway to cloud computing, should be able to benefit from such a secure solution and gain more confidence—the trend certainly suggests this is the case. The Cloud Monitor 2017, a representative study by auditors KPMG in cooperation with Bitkom Research, showed that small and medium-sized companies have practically caught up with larger companies with regard to cloud computing. For 80 percent of German small and medium-sized companies, cloud computing will be a mainstay for their future IT strategy.

However, Schlesinger finds that a distinction must be made between quantity and quality. Smaller and medium-sized companies often still shy away from outsourcing business-critical data. “What we’re talking about here is organizational and communication applications, not design files or supply chain data,” he says. “But if I use the entire potential of the cloud as an entrepreneur, I can  develop  and refine existing business fields and offer new digital products.” In other words: keeping up with competitors or even gaining an advantage. As Uniscon’s Hubert Jäger explains, “Working together with TÜV     SÜD, we’re involved in offering companies such a broad range of potential uses.” These especially include analytics projects as part of Industry 4.0 and the Internet of Things.

“The deluge of data will continue to increase,” Jäger says. “The more important as an asset that data becomes, the stricter that data protection requirements will become. According to the new EU General Data Protection Regulation, which comes into effect as of May 2018, you are required as a business to implement technical data protection and also to verify this with your clients. The pressure to act within the law in the use of personal data is something our clients are thinking about a lot.” Due to its high security factor, Sealed Cloud technology can address these concerns, and much, much more.


The Thinking Car

The Sealed Cloud Increases Security in Many Areas


Mobility
The automation of many automobile features can only work with the help of sensors. Cameras and radar devices continually capture the state of the vehicle’s environment. Onboard electronics transmit a portion of these datasets into the cloud of the car manufacturer. A huge amount of information comes together there, for instance data about vehicle maintenance or reports on road conditions.


Industry 4.0
An important application and a key industrial innovation is predictive maintenance. Intelligent systems monitor and service themselves autonomously. Enormous amounts of data are collected in this process. Few companies have at their disposal the necessary expertise for analyzing this data, yet it is often too sensitive to be outsourced. The Sealed Cloud solves this problem: an ingenious encryption technology provides the necessary security for the collected data, both during transmission as well as during processing.


Video Surveillance in Public Spaces
It’s a social conflict: on the one hand, we all want a high degree of security, particularly in public spaces, which can be made possible with the use of video surveillance and facial recognition software. On the other hand, the often unjustified storage and processing of such data is extraordinarily questionable from a data protection standpoint. Sealed Freeze technology ensures that data can be “thawed” only when criteria specified by previously established guidelines are met.


Internet of Things
Better traffic flows, fewer accidents: communication between machines seems to offer great promise, particularly for street traffic. But in public spaces in particular, data security and technical data protection are the linchpins for implementing such communication. If the smart management of traffic signals requires sensors along the street that measure traffic volumes, then secure data transfer and data processing are also required. This ensures that hackers and data center employees cannot access any sensitive information.


For commercial users of cloud offerings there is a categorical obligation to monitor the protective mechanisms the cloud computing provider supplies. Yet this is something these users cannot practically perform by themselves since the cloud is much too complex. In this context, the Trusted Cloud Data Protection Profile (TCDP) can help, a new auditing standard for data protection certification, initiated by the German Federal Ministry for Economic Affairs and Energy. Uniscon is one of the first companies to receive the certification for its Sealed Cloud technology. “Thanks to the TCDP certification, companies can recognize if the cloud computing services they use fulfill the statutory data protection regulations,” Jäger says. “As an operator, you’ve already met your monitoring obligations if you select a service where the level of protection matches the protection requirements. That naturally creates a high degree of trust.”

Secure cloud technologies like Sealed Cloud eliminate a multitude of problems and obstacles on the pathway to the data-based computing cloud: businesses can therefore outsource their data in powerful modules, are secure from data theft and at the same time fulfill all the statutory data protection regulations. TÜV SÜD’s Schlesinger is convinced that the advantages the cloud offers will be just one of the factors making the use of such technology no longer an issue generally. It will simply become the new normal. “The great migration is already in full swing,” he says. “I think we’ll all be working in the cloud in the next five to ten years.”