Who trusts the cloud?

13 April 2015

We delved into this controversial subject, which is now being hotly debated in the IT industry, at our most recent Fabasoft TechSalon event in Vienna. Our panel discussion of security in the cloud had great resonance in the industry because we examined the issue from both an economic and scientific angle. Few companies would now question the economic benefits of cloud computing. Yet many still are skeptical with regard to the security issue. The fact that the implementation and approach to security is key to unlocking the true potential of this very innovative means of providing IT is beyond dispute.

Right at the beginning of the panel discussion, I reiterated my call for a strong and unified European privacy policy and appealed to politicians to make Europe a global pioneer in the securing of basic digital rights. We now need to rapidly introduce our exemplary data protection reform measures to return Europe's IT to its rightful seat at the table with the U.S. and Southeast Asia. Our European standpoint on privacy means maximum data security for individuals and businesses, and is in no way an isolationist attempt to cut off our IT market from the rest of the world.

Scientifically proven product developments create trust

What we urgently need for the IT market as a whole – namely, fair trade practices which take account of market diversity straight through the equal market access account – we especially need for the cloud business. Fabasoft has always believed in the concept of a "cloud made in Europe," but we must now create the standards for it if we are to overcome the current crisis of faith in IT. We need European added value, infrastructure, services of predominantly European origin and uniform license agreements, SLAs, and guaranteed safety standards to make European cloud computing a distinct brand. I therefore advocate the introduction of a European "cloud label" and am very pleased that in Brussels, too, European data protection is regarded as a special guarantee of quality.

In our latest product developments, we have elevated the level of security in the cloud to new heights of quality. Thanks to our two pioneering and innovative new appliances, we can now dispel any doubts customers may have regarding the cloud model for the long term. Because the combination of on-premises protection in the form of a private cloud and real end-to-end encryption forms a security tandem that will enable us to truly break new ground in cloud computing.

Science also needs new concepts to master the challenge of security in the cloud. Professor Dr. Reinhard Posch, scientific director of the Secure Information Technology Center - Austria (A-SIT) and longtime CIO (chief information officer) of the Republic of Austria, proposed maintaining the separation of cloud and encryption. Only by separating data storage and the processing of security services, i.e. those elements of the system that handle keys, can services be conceived to which access can be adequately controlled and which thus are highly credible and do the customer justice. Science also needs new concepts to master the challenge of security in the cloud. Professor Dr. Reinhard Posch, scientific director of the Secure Information Technology Center - Austria (A-SIT) and longtime CIO (chief information officer) of the Republic of Austria, proposed maintaining the separation of cloud and encryption. Only by separating data storage and the processing of security services, i.e. those elements of the system that handle keys, can services be conceived to which access can be adequately controlled and which thus are highly credible and do the customer justice. But safety requirements in the context of the user must be addressed not only through technological solutions, but also through the creation of the proper legal awareness with regard to data protection and through pan-European governance, if today's economically crucial shared economy, i.e. working together by sharing data, is to be made a reality for the future. Innovative technologies are essential to Europe's survival, and we will have no choice but to push forward new forms of information technology, such as cloud computing, big data, social networks, and mobile apps. This huge potential, however, can only be realized if new security technologies and forward-looking data protection policies are optimally intertwined and politically implemented.

Security trends from a research perspective

As director of the Digital Safety & Security Department at Austria's largest non-university research institute, AIT Austrian Institute of Technology, Helmut Leopold has introduced three key positions into the discourse that take the irreversible metamorphosis of IT over the past 20 years as a starting point and identify the challenges for secure cloud computing and look ahead to two future trends for cloud security based on a description of the importance of virtualization and cloud computing for addressing technological questions about the future.

Virtualization and thus cloud computing today are the basic prerequisite for the reduction of complexity that continues to increase with each passing year through IT's penetration of almost all future-oriented technologies. Cloud computing will only truly break through if the users of virtualized services have sovereignty and control over their data and if their privacy is protected. For highly secure cloud computing, data encryption is, of course, an important precondition. AIT is now also researching new approaches to a "federated cloud" in which security is achieved through secret sharing, i.e. by distributing the data amongst many providers. And trust through assurance by offers users the ability to retrieve technical safety parameters directly from the cloud provider's system.

Scientists and researchers gave the audience an optimistic feeling that their results are making a greater and greater contribution to secure cloud computing. I found that very heartening and as such, am very much looking forward to the next Fabasoft TechSalon event on the 18th of June. We will examine the "digital fitness" of Austria as a business location and discuss what needs to be done to keep it in shape. Please come by.