The various online communications forms, e‐mail, file sharing, and messaging, on the one hand, increase productivity and efficiency. On the other hand, however, their use is also risky, raising technology security concerns. After all, vulnerable business internal and external communication security can grant unauthorized parties access to servers and unencrypted data. A major security loophole consists in the fact that providers of clouds that process data can access unencrypted data through their application servers. A further security issue consists in the fact that even metadata, that is encrypted end‐to‐end in a cloud, may still be analyzed and accessed and, hence, misappropriated for profiling very easily.
65.2 Data Security & Compliance Requirements for Businesses
Private enterprises or public authorities, that process personal or personally identifiable data of customers or other third parties, are subject to data privacy law and respective (European, federal, state, etc.) data protection acts. EU directives, international and business internal conventions and agreements, and established practices provide further regulation. As a result, both private enterprises and public authorities are subject to a wide variety of statutory obligations, which, if not met, can lead to high fines and substantial liability claims [2].
Business external online communication, for example, poses one of the greatest risks: Employees often deem encryption measures inconvenient, which is why documents are frequently sent in unencrypted form. Even if information is encrypted, data centers can still process it merely in unencrypted form.
Consequently, when data is processed within a cloud, in both internal and external data centers, it remains accessible, especially when cloud provider staff can or must access it, e. g. for typical administration purposes. In the past, since data breaches in conventional systems customarily postulated multiple‐party cooperation, organizational measures sufficed for the protection of personal and personally identifiable data, data that was subject to professional and official secrecy, classified data, and confidential matters in general. However, since a high degree of networking and miniaturization have found their way into almost all data processing systems, today, one individual misappropriating data is often all it takes, to do great damage. The high‐profile case around whistleblower Edward Snowden substantiates this perfectly.
For this reason, the technology and market research firm Forrester Research provocatively calls the security model that has become necessary owing to said trend, the “Zero Trust Security Model” [3]. Forrester excoriates that conventional security models divide their world into “trustworthy inner” and “untrustworthy external” areas, thus focusing too much on perimeter security, which relies on a combination of organizational and “human” measures, to protect their infrastructures, applications, and data against external attacks, while neglecting security against potential internal attacks. In equal measure as per novel information security model presented herein, protection along the first line of defense should be warranted internally and externally via technical measures only.
The following chapter illustrates the basic principles of the Sealed Cloud safety concept (see Fig. 65.1). It elucidates how named approach protects content and metadata alike, without compromising service availability or any of its features [4].
Fig. 65.1Sealed Cloud System Overview
65.3 The Technology’s Basic Concept
The root idea of the Sealed Cloud technology consists in the combination of performance and convenience of a conventional web service, on the one hand, and essential, compliant information security, on the other. “Performance” postulates that the networks’ access capability may be exploited efficiently and operations performed effectively on communication content. In contrast, “compliant security” implies that a set of technical measures effectively and verifiably exclude all unauthorized access, both to content and metadata alike. Organizational measures against internal and external spying along the first line of defense, in particular, become redundant, thus excluding the “human” risk factor altogether.
65.3.1 Secure Access to Sealed Cloud
The device is connected to Sealed Cloud via SSL encryption, so that no special software need to be installed. In order to ensure imperative, compliant security, the system merely admits strong ciphers, i. e. long keys with no implementation weaknesses. As opposed to conventional web servers, the system also bars all private keys on server side, thus ensuring “perfect forward secrecy” [5].
65.3.2 Protection Against Data Access During Processing
In addition to encryption, named technology also hermetically “seals” the system, so that infrastructure providers and service provider staff have no way of accessing user data during processing whatsoever. The following components constitute said sealing technology: a)Data Center Segmentation
The data center is subdivided into multiple segments, which can each operate independently of one another. This ensures redundant connectivity of operations, even during data clean‐up, as described below.
b)Technical Entry & Access Control, Alarm System
The application servers are located in the data clean‐up area in special mechanically sealed units (“cages”), whose access is controlled via electromechanical locks. Electronic server interfaces not needed for the application’s operation are deactivated or provided with filters, in order to prevent any unauthorized access to server content, including that of administrators or maintenance staff. A further feature pertaining to the servers engaged in this area, is that no persistent memory is used that could record application data. Both the mechanical cage components and the servers are secured against manipulation by a multitude of sensors. This ensures that any access attempt whatsoever, be it on a physical level, be it on a logical one, immediately triggers an alarm that instantly deletes all the data on the respective servers.
c)Data Clean‐Up
Said alarm instantly triggers data clean‐up. In doing so, user sessions on the affected servers are automatically routed to non‐affected segments, and all data on the affected segment is deleted. What’s more, deletion is additionally ensured by sufficient (10‐second) automatic power supply disconnection to the servers.
d)Integrity Checks
Before a server begins to operate after data clean‐up, the entire hardware and software are subject to an integrity check. This postulates individual production and signing of software for each respective server. In other words, should a maintenance worker try to install components during maintenance that have not been cleared or attempt to manipulate the hardware, the integrity check prevents reintegration of that affected server.
65.3.3 No Decryption Keys in the Database
“Sealing” comprehends special key distribution, in which the service provider disposes of no key with which to decrypt a database’s protocols or a file system’s files. In practice, this means that the keys to a database’s protocols consist of hash chains of user names and passwords. The instant a hash value is ascertained, the user name and password are rejected. At the end of a session, the determined hash value is also deleted. The latter two procedures constitute crucial focal points of independent auditors’ inspection and certification protocols.
65.3.4 Additional Metadata Security Measures
In order to prevent metadata information from being deducted from external data traffic observation, the system communicates traffic‐volume dependently and in a pseudo‐random, deferred, i. e. time‐delayed manner. The volume of transmitted data is scaled to the standard next in size [6]. This prevents deduction of metadata per size correlation. After all, even if cloud data is encrypted end‐to‐end, “confidential content may still be disclosed indirectly via metadata”, states attorney‐at‐law Steffen Kroschwald, Research Associate of provet, the Constitutional Technology Design Project Group at the University of Kassel [7]. Since linked meta
data reveals a great deal of information, parties obliged to professional and official secrecy, in particular, e. g., must do all that is possible to ensure maximum data security.
65.4 Alternative: Homomorphous Encryption
Combining homomorphous encryption [7] with a mix network would ensure high data security. This is a promising scientific approach. In practice, the customary approach with currently available technology entails both technical and economic difficulties. Homomorphic encryption does, indeed, enable further processing of already encrypted data, without said data having to be decrypted prior to processing. However, this encryption option incurs exponentially increasing costs compared to conventional data processing and will most likely continue to do so for quite a long time.
In contrast, the mix network does not transfer information directly from the sender to the recipient but rather via multiple intermediate stations (mixes). This technological combination allows the data’s origin to be concealed yet does not protect the metadata (connection data) effectively. The pseudonyms (aliases) communicating with each other, i. e. who communicates with whom, remains visible. As a result, pseudonyms are easy to uncover.
65.5 Application as Basic Technology
Sealed Cloud was developed by Uniscon GmbH and refined, as a basic technology for wide application in manufacturing and trade, in a consortium with AISEC (Fraunhofer Institute for Applied and Integrated Security) and SecureNet within the framework of the German Federal Ministry for Economic Affairs and Energy’s Trusted Cloud program. Today, the interfaces at hand may be adapted to the most diverse applications and services imaginable. Hence, since Sealed Cloud’s maximum security may be integrated into companies’ individual solutions, the technology also ensures businesses a competitive edge on the global market. This is corroborated, among others, by a variety of international corporations and German global players applying the technology.
The technology allows small and medium‐sized enterprises to use the secure infrastructure in two ways: On the one hand, applications can be added directly to the platform and implement the basic principles of Sealed Cloud themselves. At the same time, applications can use the generic features of the existing communication service iDGARD via said interfaces and integrate the service directly into existing business procedures.
65.5.1 iDGARD Web Service for Collaboration & File Exchange
By virtue of Sealed Cloud’s maximum security, iDGARD service enables safe document and message exchange both business internally and externally. And that to such a high degree, that, in March 2016, iDGARD was one of the first services ever to be certified pursuant to the Federal Ministry for Economic Affairs and Energy’s Trusted Cloud Data Protection Profile (TCDP). iDGARD was certified maximum‐security Class 3 protection, which allows even parties subject to professional and official secrecy obligations, to process personal and personally identifiable data via public cloud.
Since iDGARD is a cloud offer, applying the service requires no special or added software. All a user needs is a web browser and a mobile device app. This leads to the following application scenarios, which meet the data privacy and compliance demands of any business fully: Confidential file exchange with staff, customers, and partners; i. e., safe file transfer
Team workspace, project and data rooms for business internal and external collaboration
Mobile access to business documents
Chats via any mobile device
Scheduling & resource planning
Secure business internal and external communication is possible, because the entire key management remains indiscernible to the user yet well protected within Sealed Cloud. For this reason, it is not necessary for an external dialogue partner to dispose of an own iDGARD license, if a member of an organization wishes to communicate with him or her. Instead, the license owner simply grants that party a Guest License. To do so, he or she simply creates a Privacy Box, i. e. a common project workspace, by entering the recipient’s name, e‐mail address and mobile number. What’s more, Privacy Boxes may be upgraded to Data Rooms. In the latter, all activity is recorded in an auditable journal. Further features include anti‐forwarding measures, such as watermarks, view‐only options, etc.
Considering the facts and figures that exist to date, as to how quickly the service for secure collaboration is written off, allows the technology’s financial benefits to be assessed also for other applications: If a business wishes to establish an infrastructure with which to communicate with external parties, it has to expect costs for merely installing a secure system; Not to mention further expenses for system operation and management, maintenance and repair, and its actual campaign against cybercrime. When using the cloud service iDGARD, businesses are spared the cost of installation. What’s more, this carries the benefit that the business uses the service in line with demand (pay per use). From project experience, a cloud based collaboration service is already amortized within one to two months. Likewise, commensurate financial benefits may also be calculated for all Sealed Cloud based applications.
65.5.2 A File Sharing Solution on the Sealed Cloud Platform
Group Business Software (GBS) is a provider of solutions and services for the IBM and Microsoft Collaboration Platforms. One of its applications is iQ.Suite Watchdog FileSafe [8], which enables confidential and compliant e‐mail file transfer per Sealed Cloud interface: When an e‐mail attachment is sent, it is automatically sourced out to a maximum‐security cloud area, where it is substituted by an e‐mail link. The recipient receives this link with a one‐time, non‐recurring password. He or she can then log on to the protected cloud and access the respective data.
65.5.3 Compliant Big Data Analysis
A further feature, Sealed Freeze, enables data privacy compliant memory of big data applications. In conjunction with the rapid expansion of big data applications, secure data memory is, indeed, still dealt with less than data preservation; yet big data bears much greater risks in terms of data abuse. Basically, big data is based on the collection of tremendous amounts of data for the mere purpose of analysis.
The Sealed Freeze concept ensures adequate protection of big data against access, by technically enforcing rules specified ex ante, in which, for example, the parties granted access, the duration of data storage, and rules pertaining to the deletion of data are defined prior to use. Sealed Freeze technology is already implemented by iDGARD and widely applied by global players.
65.5.4 Data Protection & Compliance
Under the Regulation 2016/679 of the European Parliament and of the Council of 27th April 2016, no disclosure of any confidential data by unauthorized parties should be feasible whatsoever. Almost always, not only content but also metadata constitutes a professional secret. Parties obliged to professional or official secrecy are not free to tacitly accept or acquiesce to possible disclosure of such data from conventional business internal and external communication. In contrast, an application based on Sealed Cloud technology, such as iDGARD, enables parties obliged to professional secrecy to communicate online internally and externally in compliance with data privacy law.
The latter even ensures requisite data confiscation protection. This is merely possible by virtue of Uniscon’s Sealed Cloud technology, which has already been patented in leading countries worldwide1.
65.6 Conclusion
Since today’s IT market is largely dominated by American service providers, German IT solutions are often regarded with suspicion. At the same time, the US attitude is frequently considered lax, when it comes to data privacy. The past few months have substantiated this assumption: owing to Snowden’s disclosures and the public’s increased awareness of US authorities’ stance as to foreign clients’ data privacy. Trust in German quality, in data protection, in particular, now plays an increasingly i
mportant role. With Sealed Cloud, German and European users are provided a platform that complies with their security needs. As a result, they are now able to reap the economic benefits of cloud computing also for business essential applications ignored to date and, hence, reduce costs significantly.
This greatly redounds to German providers’ advantage, who are given a competitive edge with this technology. After all, German cloud providers not only enjoy greater trust than American ones. Today, such a consumer confidence fostering technical solution is also a blessing in the competitive market worldwide. This applies to IT providers, hosting firms, and system integrators alike.
The Author
Ralf Rieken has two decades experience in the network infrastructure and IT industry in Germany and the USA. At Siemens, he played a leading role in the development of value‐added services for telecommunications networks. In the United States, he served as Vice President of Software Development at Optisphere Networks and, until 2007, as CEO of Fujitsu Siemens Computers in Silicon Valley. Back in Germany, he managed IT Data Center Consulting at Fujitsu Technology Solutions in Munich. In 2009, he founded the IT company Uniscon with Dr. Hubert Jäger and Arnold Monitzer.
Digital Marketplaces Unleashed Page 101