Rethinking cloud computing

R&S®Trusted Gate inventor Bruno Quint talks about absolute data security.

We have really started to push the boundaries.

"We have really started to push the boundaries."

Dr. Bruno Quint, Rohde & Schwarz Cybersecurity

Mr. Quint, the cloud is considered insecure. Some large providers are not even legally allowed to guarantee data security. Should we be avoiding the cloud?

The trend is toward the cloud. Even governments and the German armed forces are moving into cloud infrastructures. A cloud is not evil per se, so the question is: how can we maintain control over our data in an inherently insecure infrastructure.

Many are putting their hopes in a European cloud.

GAIA X projects are nice, but far too short-sighted. We must learn to achieve our data sovereignty within the existing infrastructures, regardless of whether we use Amazon, Google, Azure or some other hyperscaler. We cannot simply throw our hands in the air and say: we just produce data. Whoever produces the data owns it. It belongs to the individual or to a company. One only has to anonymize it.

And you've developed a unique technology for this, which has now also been patented.

We have actually introduced a number of technological innovations, the most important of which are virtualizing data and working with virtualized data – we invented this, and it's a thing that others can't do.

What does "virtualize" mean in this context?

Let’s say you want to work with a Word document in the cloud. When you do that, you need to upload something to the cloud. But because that can't be data, we've come up with a trick: we simply take out the content and send up a blank sheet, so to speak. This blank sheet only contains the metadata. In a second step, we encrypt the original document using all the tricks in the cryptographer's book.

So the first step by itself would not be enough?

No. We encrypt the data, then send it through a kind of digital shredder. Then we distribute the snippets that come out. For example, someone works with a virtual document in the Azure cloud, and in the meantime the snippets – or this digital dust, as we call it – are stored in different locations. As a user, you can define these locations. One snippet could be at Google, one at Amazon, one somewhere else. We distribute them all over the globe. To correlate the virtual documents with the snippets and to know how everything goes together again – well, that's what we've got a patent for.

It almost sounds like the fabled Horcruxes in "Harry Potter" that Lord Voldemort uses when he splits his soul to try to become invincible and immortal.

Which he does not manage to do, in fact. The difference is that we make the snippets so tiny and distribute the digital dust across any number of cloud systems until it becomes impossible to reassemble. Only the customer's R&S®Trusted Gate knows how to put the puzzle back together and how to decode it. Not even quantum computers with their enormous computing power can do anything to counter this process.

How is this different from the techniques used by, say, Deutsche Bahn or Deutsche Bank, which also work with large cloud providers?

They use – and I admit that this may sound a little arrogant – standard cryptography. You encrypt data on the client, for example, and upload it. Or you encrypt the communication channel, for example SSL, and put your data in there. It's safe for the millisecond it's in there, but then it goes somewhere else. We make sure that data is secure at all times – not only "data in motion" but also "data at rest".

So it’s not just about transferring data, but also storing it. But how do you find the data again if it is only available in encrypted form?

Let's say you want to use a keyword to search a text in a digital archive. We have integrated a secure full-text search function for this purpose. This makes it possible to work with the encrypted data as if you were working with it plain. That is the real trick that R&S®Trusted Gate offers – to make it as transparent as possible for the user. Security that is completely invisible.

You don't notice it at all?

It’s like a prism: the end user peers through it and thinks, oh, that looks perfectly normal. But what actually happens is this: the user uploads something, R&S®Trusted Gate splits the whole thing up and then reassembles the individual data streams. And in the end, the different colors revert to being a normal, white image.

Daniel Heck, Vice President Marketing at your company Rohde & Schwarz Cybersecurity, professes to have marketed many excellent products, but none that has fascinated him as much as this one.

The same fascination is also felt by our customers. It's always amazing to see their eyes light up when they understand the principles you're explaining. We have really started to push the boundaries.

Back to Rethinking cloud computing

Related topics

R&S®Browser in the Box

More information

Rohde & Schwarz Cybersecurity solutions

More information

Secure data exchange

More information

Secure collaboration

More information

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to news@rohde-schwarz.com. Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.