The cloud is in. More and more companies are using this technology, either partly in private data centers or through contracts with service providers such as Amazon AWS, Microsoft Azure, Google Cloud or one of the smaller providers. Some observers have already predicted that most companies will have almost completely outsourced their IT shortly. But there is still a long way to go: data processing and storage have become such an important building block for economic success that many people in charge hesitate to give up control entirely.
According to a report by IDC (“Worldwide Quarterly Enterprise Infrastructure Tracker: Buyer and Cloud Deployment”) published in July 2021, the proportion of IT organizations carried out entirely or partially in-house is decreasing in a slow process towards cloud Structures. In 2019, non-cloud and dedicated IT in-house dominated the world with an average share of 51.6 percent, while pure cloud-based processes only came to 16.1 percent. The IDC researchers predict that by 2025 IT, which is carried out entirely in-house, will only make up 33.9 percent. The regional differences in this process are considerable: IDC’s market observations conclude that.
The cloud model appears to some as the non-plus-ultra of modern data processing: You can make use of a wide range of services without having to have access to the bundled specialist knowledge and the constant overview and control yourself – almost as easy as computing with notebooks or smartphones at home or on the go, at least that’s what the apologists for this technology say.
Companies that expand their IT infrastructure in the direction of the cloud often overlook the dangers associated with it. Factors such as competitiveness or lower overall costs are in the foreground without taking any risks into account. Especially when working with external infrastructures and partners, internal processes, applications, and data must be particularly protected. Since this can result in additional costs, many companies shy away from the new technology.
But the large cloud providers such as AWS, Microsoft Azure, Google or Oracle are attractive due to a wide range of services and appear to be cheaper in terms of acquisition and operating costs than applications and data in their own data centre. The downsizing of IT staff in-house made possible by the cloud also appears attractive. But how do you, as a company that wants to get involved in the cloud, maintain an overview and security?
However, there are alternatives for companies that do not want to accept the burden of their classic data centre or the confusion of one of the large cloud service providers. The German start-up Unison, founded in 2013 and taken over by TÜV Süd in 2017 and integrated into its digital strategy for IT security and legally compliant certification of data centres, offers several components for secure computing in companies. This includes, above all, the sealing of the IT with the Sealed Cloud and additional security measures provided by the SaaS cloud service idgart.
The basic idea of this new approach is the zero trust principle. It is a security concept that assumes that you do not automatically trust all IT processes and the people who work with them. This applies both inside and outside the boundaries of a company. In particular, all processes and persons who connect to the IT systems must be continuously checked. Access to the inside and outside is only granted via special control devices. Akamai Technologies, a leader in this field, has defined this principle as follows: The strategy around Zero Trust boils down to not trusting anyone. It’s about blocking access until the network knows who you are. One should not allow access to IP addresses, computers etc., until one knows.
In this context, various attack vectors must be taken into account, including attacks on data transmission from cloud users to and from the cloud, external attacks on the cloud infrastructure, attacks or negligent actions by internal employees of the company or its IT department, unchecked trust in the hardware and software components used or in external service providers and, last but not least, attacks by domestic and foreign authorities or individual actors. Customizable rights management can help prevent or at least reduce such dangers.
The technology of the Sealed Cloud consists of a systematic locking of the systems, which also allows internal employees or the contracted service providers only limited or no access to the infrastructure itself. The sealing of web services should secure three aspects in particular:
- The performance concerns the speed of the data transfer. The sealed cloud aims to exchange signals neither according to a multicast scheme or via a network of mixed nodes but directly with the service’s infrastructure.
- User-friendliness should mean that the users can use the service easily and intuitively. This should be possible without special client software despite security mechanisms and encryption.
- The recommended security ensures that the service complies with legal and company-internal requirements. The EU data protection regulation (GDPR) provides the general framework with its provisions, whereby additional regulations such as data protection-compliant technology design (privacy by design) may have to be observed.
All data must be encrypted in a sealed cloud in the data centre. Special keys are also used for the users, and the experts from service providers, including Unison, do not have direct access to applications and data either. In addition to data protection in the data centre, the connection paths must also be specially secured – for example; classic TLS encryption is used here.
Some cloud providers add further security mechanisms. For example, certificates for cloud services prove compliance . Protected functions for exchanging data with colleagues and business partners are particularly important for companies. Depending on the provider, joint projects can be carried out in audit-proof data rooms.
The selection of a suitable cloud service must be based on the data it manages. This is the only way to ensure compliance and GDPR conformity.
Also Read: Monitoring And Security In The Cloud