Rethinking cloud computing

Cybersecurity 30-Jun-2021

Rethinking cloud computing

The home office is experiencing a boom. But exchanging data can sometimes be insecure and, at the same time, subject to considerable legal restrictions. Solutions such as R&S®Trusted Gate offer both data security and legal compliance.

It sounds like an insoluble dilemma: since the end of January, employers in Germany have been legally required to allow their employees to do office work from home, and they are increasingly using the tried-and-tested cloud services offered by leading providers. At the same time, however, personal data may no longer be transferred to third countries deemed to be unsafe – which largely rules out the use of these same services. Companies and public authorities are thus thrust into a position where they have to ensure, on the one hand, that employee collaboration and, above all, the exchange of personal data function reliably, but on the other expose themselves to legal attack if they resort to the most easily available solution.

According to the Handelsblatt newspaper of April 14, 2021, a German Data Protection Conference (DSK) task force is carrying out random checks to ensure compliance with the law, with companies violating the new regulations facing fines of up to EUR 20 million. The investigators are mostly targeting companies that use office software, video conference services and employee satisfaction survey tools.

Security is our name: R&S®Trusted Gate makes working from home safe.
Security is our name: R&S®Trusted Gate makes working from home safe.

Why a legal expert sees R&S®Trusted Gate as a solution

Prof. Dr. Dirk Heckman, renowned data protection and IT security law expert, sees the dilemma as characterized by the fact that it is possible neither to regionalize the internet nor to Europeanize the laws of other countries that are obliged, for example, to hand over their data to their own authorities. Heckmann, however, believes that the dilemma can be solved. He is not speculating on Europe’s emerging GAIA-X platform, nor does he think a switch to legally compliant but less capable providers is appropriate.

Instead, in his May 2021 report on the data protection compliant use of cloud solutions, Prof. Dr. Heckmann concludes that "cutting the Gordian knot" tied by the European Court of Justice in its Schrems II data security ruling could be achieved by a technical solution: R&S®Trusted Gate from Rohde & Schwarz Cybersecurity. He concludes his report by stating his conviction that this solution also represents "a major step toward digital sovereignty".

With his verdict, Prof. Dr. Heckmann refers to the independent KuppingerCole Analyst AG and their report from March 2019, in which they explain how it is possible for the solution – which has been patent pending for just under three years – to provide one hundred percent protection for data in the cloud. Robert Rudolph, Product Marketing Manager R&S®Trusted Gate, expects patent protection to be granted this year, describing the solution as an "absolutely new process". This process makes it possible to use all forms of public cloud services, regardless of the provider, with full security – and at the same time to meet the demands of data protection and compliance. The trick: while the cloud providers' services can still be used via servers all over the world, the users' own data is completely decoupled from these services and thus unable to be accessed by the public cloud providers.

With R&S®Trusted Gate, only authorized users can view the content of uploaded files. Everyone else will only see random characters.
With R&S®Trusted Gate, only authorized users can view the content of uploaded files. Everyone else will only see random characters.

How data centric security works

We are witnessing a paradigm shift: away from protecting one's own IT infrastructure and toward data centric security. To take this fundamental step, the solution's inventor, Dr. Bruno Quint, and his team at Rohde & Schwarz Cybersecurity have developed a combination of virtualization, encryption and file fragmentation. And it works like this: when a document is uploaded to the cloud, a virtualized version of the original document is created. This virtual document contains only the metadata of the original, such as keywords, but actually has no content of its own. An unauthorized reader sees that a blank document is being transmitted, but not what the original actually contains. The document as such remains in the workflow, but is worthless to hackers or intelligence agencies.

The original document, meanwhile, is encrypted and fragmented; figuratively speaking, it is transformed into digital dust. These dust particles are then stored on different, freely selectable storage systems. This means that the original document can never be viewed in its entirety. Even quantum computers with their enormous computing power are helpless. The distributed chunks cannot be cracked because they are only fragments of the encrypted data. The shredded document only becomes visible when all the chunks are reassembled and decrypted.

Dr. Bruno Quint explains: "The data protection authorities, after all, have not banned users from using the cloud, and they have not banned cooperation with the major providers. What matters is regaining sovereignty over the data. And in a cloud environment, the data is the only thing we own." Cloud providers based outside of Europe are sometimes forced by law to hand over data to their respective government agencies. "They see R&S®Trusted Gate as an effective customer tool for preventing this," says Daniel Heck, Vice President Marketing Rohde & Schwarz Cybersecurity, "and they maintain a good working relationship with us as a result."

The fundamentally new software solution is very easy to use. Public authorities and companies can install R&S®Trusted Gate and have it up and running within 24 hours. Case in point: a German non-profit organization wanted to handle its internal communications using a standard collaboration tool, and at the same time to ensure that personal and health-related data remained protected in the public cloud. R&S®Trusted Gate was deployed on the desired platform, and the installation was fully configured within a day by professional remote support. Employees were able to continue working together the next day as they always had, with no additional training. Chat is also encrypted. Other typical cases in which R&S®Trusted Gate represented a quick solution include a biotechnology company that uses R&S®Trusted Gate to protect itself against industrial espionage and an aviation company that can process its satellite data in encrypted form – and thus securely.

We have really started to push the boundaries.

"We have really started to push the boundaries."

Dr. Bruno Quint, Rohde & Schwarz Cybersecurity

Protection for the network and equipment, too

The data centric approach does not make traditional security measures obsolete, but rather complements them. Government agencies and public authorities in particular rely on sharing confidential documents and classified information not only in a cloud, but also within their network. In this respect, the sudden switch to home offices is also a challenge, because data transfer via standard VPN (virtual private network) tunnels leaves the data vulnerable to attack. Germany’s Federal Office for Information Security (BSI) recommended solutions that are independent of the operating system. Until recently, however, this would have meant obtaining hardware and providing each employee in the home office with a VPN box in addition to their end user equipment. Here, too, the simpler approach is a software solution that implements VPN dial-in independently of and isolated from the operating system, without requiring additional hardware connected to the terminal device: the R&S®Trusted VPN Client has been approved by the BSI for classified information up to RESTRICTED (VS-NfD) level.

It is still important to maintain control over the browser, as this is the main gateway for malware. Opening an email attachment, using an app, downloading a document – all of these can introduce malicious code that infects not only the computer but the entire network. Rohde & Schwarz Cybersecurity has developed R&S®Browser in the Box, a software response to this problem as well. Users notice nothing to tell them that they are working in a secure environment when they go online – the operating system runs in a virtual environment, and the file system and interfaces are not accessible to the browser. Downloaded documents enter an isolated environment ("docs in the box"), and even crucial interfaces such as the microphone and computer camera are incorporated into the virtual environment and thus kept secure.

R&S®Browser in the Box and R&S®Trusted VPN Client enable secure communications in company networks.
R&S®Browser in the Box and R&S®Trusted VPN Client enable secure communications in company networks.

In this way, one seemingly insoluble problem after another turns out to be quite solvable after all – provided you have the know-how. In the case of the supposedly unsolvable cloud computing dilemma, Prof. Dr. Heckmann felt prompted by the elegant solution presented by R&S®Trusted Gate to use two tongue-in-cheek subheadings when structuring his report. The first was for the section on legal assessments: "I have no solution, but I admire the problem." The second was for the section on the technical solution presented by R&S®Trusted Gate: "I admire the solution. What was the problem again?"

Related topics

R&S®Browser in the Box

More information

Rohde & Schwarz Cybersecurity solutions

More information

Secure data exchange

More information

Secure collaboration

More information

Further R&S Stories

Browsing at public authorities fully encapsulated

Find out, how public authorities and municipalities are using R&S®Browser in the Box for protection against professional cybercriminals.

More information

Tackling the challenges of school digitalization

Solutions from the German network specialist LANCOM Systems make virtual classrooms a secure space.

More information

Future mobility: the cable cars of La Paz

In La Paz, Bolivia, you fly to work. Wi-Fi components from LANCOM Systems ensure maximum safety and security in the world's longest urban cable car network.

More information

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.