Rethinking cloud computing

Cybersecurity июн. 30, 2021

Rethinking cloud computing

The home office is experiencing a boom. But exchanging data can sometimes be insecure and, at the same time, subject to considerable legal restrictions. Solutions such as R&S®Trusted Gate offer both data security and legal compliance.

It sounds like an insoluble dilemma: since the end of January, employers in Germany have been legally required to allow their employees to do office work from home, and they are increasingly using the tried-and-tested cloud services offered by leading providers. At the same time, however, personal data may no longer be transferred to third countries deemed to be unsafe – which largely rules out the use of these same services. Companies and public authorities are thus thrust into a position where they have to ensure, on the one hand, that employee collaboration and, above all, the exchange of personal data function reliably, but on the other expose themselves to legal attack if they resort to the most easily available solution.

According to the Handelsblatt newspaper of April 14, 2021, a German Data Protection Conference (DSK) task force is carrying out random checks to ensure compliance with the law, with companies violating the new regulations facing fines of up to EUR 20 million. The investigators are mostly targeting companies that use office software, video conference services and employee satisfaction survey tools.

Security is our name: R&S®Trusted Gate makes working from home safe.
Security is our name: R&S®Trusted Gate makes working from home safe.

Why a legal expert sees R&S®Trusted Gate as a solution

Prof. Dr. Dirk Heckman, renowned data protection and IT security law expert, sees the dilemma as characterized by the fact that it is possible neither to regionalize the internet nor to Europeanize the laws of other countries that are obliged, for example, to hand over their data to their own authorities. Heckmann, however, believes that the dilemma can be solved. He is not speculating on Europe’s emerging GAIA-X platform, nor does he think a switch to legally compliant but less capable providers is appropriate.

Instead, in his May 2021 report on the data protection compliant use of cloud solutions, Prof. Dr. Heckmann concludes that "cutting the Gordian knot" tied by the European Court of Justice in its Schrems II data security ruling could be achieved by a technical solution: R&S®Trusted Gate from Rohde & Schwarz Cybersecurity. He concludes his report by stating his conviction that this solution also represents "a major step toward digital sovereignty".

With his verdict, Prof. Dr. Heckmann refers to the independent KuppingerCole Analyst AG and their report from March 2019, in which they explain how it is possible for the solution – which has been patent pending for just under three years – to provide one hundred percent protection for data in the cloud. Robert Rudolph, Product Marketing Manager R&S®Trusted Gate, expects patent protection to be granted this year, describing the solution as an "absolutely new process". This process makes it possible to use all forms of public cloud services, regardless of the provider, with full security – and at the same time to meet the demands of data protection and compliance. The trick: while the cloud providers' services can still be used via servers all over the world, the users' own data is completely decoupled from these services and thus unable to be accessed by the public cloud providers.

With R&S®Trusted Gate, only authorized users can view the content of uploaded files. Everyone else will only see random characters.
With R&S®Trusted Gate, only authorized users can view the content of uploaded files. Everyone else will only see random characters.

How data centric security works

We are witnessing a paradigm shift: away from protecting one's own IT infrastructure and toward data centric security. To take this fundamental step, the solution's inventor, Dr. Bruno Quint, and his team at Rohde & Schwarz Cybersecurity have developed a combination of virtualization, encryption and file fragmentation. And it works like this: when a document is uploaded to the cloud, a virtualized version of the original document is created. This virtual document contains only the metadata of the original, such as keywords, but actually has no content of its own. An unauthorized reader sees that a blank document is being transmitted, but not what the original actually contains. The document as such remains in the workflow, but is worthless to hackers or intelligence agencies.

The original document, meanwhile, is encrypted and fragmented; figuratively speaking, it is transformed into digital dust. These dust particles are then stored on different, freely selectable storage systems. This means that the original document can never be viewed in its entirety. Even quantum computers with their enormous computing power are helpless. The distributed chunks cannot be cracked because they are only fragments of the encrypted data. The shredded document only becomes visible when all the chunks are reassembled and decrypted.

Dr. Bruno Quint explains: "The data protection authorities, after all, have not banned users from using the cloud, and they have not banned cooperation with the major providers. What matters is regaining sovereignty over the data. And in a cloud environment, the data is the only thing we own." Cloud providers based outside of Europe are sometimes forced by law to hand over data to their respective government agencies. "They see R&S®Trusted Gate as an effective customer tool for preventing this," says Daniel Heck, Vice President Marketing Rohde & Schwarz Cybersecurity, "and they maintain a good working relationship with us as a result."

The fundamentally new software solution is very easy to use. Public authorities and companies can install R&S®Trusted Gate and have it up and running within 24 hours. Case in point: a German non-profit organization wanted to handle its internal communications using a standard collaboration tool, and at the same time to ensure that personal and health-related data remained protected in the public cloud. R&S®Trusted Gate was deployed on the desired platform, and the installation was fully configured within a day by professional remote support. Employees were able to continue working together the next day as they always had, with no additional training. Chat is also encrypted. Other typical cases in which R&S®Trusted Gate represented a quick solution include a biotechnology company that uses R&S®Trusted Gate to protect itself against industrial espionage and an aviation company that can process its satellite data in encrypted form – and thus securely.

We have really started to push the boundaries.

"We have really started to push the boundaries."

Dr. Bruno Quint, Rohde & Schwarz Cybersecurity

Protection for the network and equipment, too

The data centric approach does not make traditional security measures obsolete, but rather complements them. Government agencies and public authorities in particular rely on sharing confidential documents and classified information not only in a cloud, but also within their network. In this respect, the sudden switch to home offices is also a challenge, because data transfer via standard VPN (virtual private network) tunnels leaves the data vulnerable to attack. Germany’s Federal Office for Information Security (BSI) recommended solutions that are independent of the operating system. Until recently, however, this would have meant obtaining hardware and providing each employee in the home office with a VPN box in addition to their end user equipment. Here, too, the simpler approach is a software solution that implements VPN dial-in independently of and isolated from the operating system, without requiring additional hardware connected to the terminal device: the R&S®Trusted VPN Client has been approved by the BSI for classified information up to RESTRICTED (VS-NfD) level.

It is still important to maintain control over the browser, as this is the main gateway for malware. Opening an email attachment, using an app, downloading a document – all of these can introduce malicious code that infects not only the computer but the entire network. Rohde & Schwarz Cybersecurity has developed R&S®Browser in the Box, a software response to this problem as well. Users notice nothing to tell them that they are working in a secure environment when they go online – the operating system runs in a virtual environment, and the file system and interfaces are not accessible to the browser. Downloaded documents enter an isolated environment ("docs in the box"), and even crucial interfaces such as the microphone and computer camera are incorporated into the virtual environment and thus kept secure.

R&S®Browser in the Box and R&S®Trusted VPN Client enable secure communications in company networks.
R&S®Browser in the Box and R&S®Trusted VPN Client enable secure communications in company networks.

In this way, one seemingly insoluble problem after another turns out to be quite solvable after all – provided you have the know-how. In the case of the supposedly unsolvable cloud computing dilemma, Prof. Dr. Heckmann felt prompted by the elegant solution presented by R&S®Trusted Gate to use two tongue-in-cheek subheadings when structuring his report. The first was for the section on legal assessments: "I have no solution, but I admire the problem." The second was for the section on the technical solution presented by R&S®Trusted Gate: "I admire the solution. What was the problem again?"

Related topics

R&S®Browser in the Box

More information

Rohde & Schwarz Cybersecurity solutions

More information

Secure data exchange

More information

Secure collaboration

More information

Further R&S Stories

Browsing at public authorities fully encapsulated

Find out, how public authorities and municipalities are using R&S®Browser in the Box for protection against professional cybercriminals.

More information

Tackling the challenges of school digitalization

Solutions from the German network specialist LANCOM Systems make virtual classrooms a secure space.

More information

Future mobility: the cable cars of La Paz

In La Paz, Bolivia, you fly to work. Wi-Fi components from LANCOM Systems ensure maximum safety and security in the world's longest urban cable car network.

More information

Запросить информацию

У вас есть вопросы или вам нужна дополнительная информация? Просто заполните эту форму, и мы свяжемся с вами в ближайшее время..

Я хочу получать информацию от Rohde & Schwarz по

Согласие на получение маркетинговых материалов

Что именно это означает?

Я соглашаюсь с тем, что ROHDE & SCHWARZ GmbH & Co. KG и предприятие ROHDE & SCHWARZ или его дочерняя компания, указанная на данном Веб-сайте, может обращаться ко мне выбранным способом (по электронной или обычной почте) с целью маркетинга и рекламы (например, сообщения о специальных предложениях и скидках), относящейся в числе прочего к продуктам и решениям в области контрольно-измерительной техники, защищенной связи, мониторинга и тестирования сети, вещания и средств массовой информации, а также кибербезопасности.

Ваши права

Настоящее заявление о согласии может быть в любое время отозвано путем отправки электронного письма с темой «Unsubscribe» (отказ от подписки на рассылку) по адресу: news@rohde-schwarz.com.Кроме этого, в каждом отправляемом вам письме имеется ссылка на отказ от подписки на рассылку будущих рекламных материалов.Дополнительная информация об использовании персональных данных и процедуре отказа от их использования содержится в Положении о конфиденциальности.

Обязательное поле Предоставляя свои персональные данные, я подтверждаю их достоверность и свое согласие на их обработку Обществом с ограниченной ответственностью «РОДЕ и ШВАРЦ РУС» (ОГРН 1047796710389, ИНН 7710557825, находящемуся по адресу: Москва, Нахимовский проспект, 58) в следующем объеме и следующими способами: обработку с использованием средств автоматизации и без таковых, сбор, систематизацию, классификацию, накопление, хранение, уточнение, обновление, изменение, шифрование с помощью любых средств защиты, включая криптографическую, запись на электронные носители, составление и переработку перечней и информационных систем, включающих мои персональные данные, маркировку, раскрытие, трансграничную передачу моих персональных данных, том числе, на территории стран всего мира, передачу с использованием средств электронной почты и/или эцп, в том числе, передачу с использованием интернет-ресурсов, а также обезличивание, блокирование, уничтожение, передачу в государственные органы в случаях, предусмотренных законодательством, использование иными способами, необходимыми для обработки, но не поименованными выше до момента ликвидации / реорганизации Компании либо до моего отзыва настоящего согласия.

Ваш запрос отправлен. Мы свяжемся с вами в ближайшее время.
An error is occurred, please try it again later.