Services that process confidential data, e.g. ERP and CRM systems, have barely taken root in Germany. According to analysts, this is widely due to cloud users‘ lack of trust in the platforms‘ privacy and security. (Garnter, „Key Challenges in Cloud Computing“ 2016; PwC, „Cloud Computing – Navigation in der Wolke“, 2010; NIFIS, „Studie Cloud Computing“, 2015; bitkom, „Cloud-Monitor“, 2015)
Most platform providers claim “security”. However, there is no such thing as zero or 100% security. Different protection demands require different security levels. In the European Union, law requires that reasonable means according to the state-of-the-art are applied to protect the rights and the freedom of the data subjects like e.g. patients.
Threats against the patient’s privacy are present from external and internal attackers as well as by foreign or own state’s actors. Sealed Platform provides with its unique sealing technology protection against all these three threats.
Other platform providers claim security for example through encrypting virtual images – such as docker images – when stored away or transferred to another data centre. In many cases platform providers have a master key to access such images and potentially can make use of it. In case of “bring your own key”, the providers do not have a master key. Still, during unencrypted processing of the data the data centre operators do have privileged access to the sensitive data. Sealed Platform rigorously excludes such unauthorized access (“Zero privileged access”). The mechanism of “data clean-up” guarantees within the Sealed Platform that data cannot be accessed, even when being processed in unencrypted form. No master key is used. Sealed Platform includes a Sealed Trust Anchor Network (STAN) that provides a unique (patents pending) protection and control for private and secret keys. Private key management comes “as a Service” compliant to the KMIP protocol.
On common cloud platforms, many images of different users run on the same physical machine. This opens attack vectors such as Spectre or Meltdown. On the Sealed Platform, hardware is not shared between images of different users.
Many providers may even be forced to provide access to data, e.g. by the US Cloud Act, irrespective of the geographical location of the servers. Sealed Platform is run under the law of the European Union and Germany, where protection against the misuse of privileged access is not forbidden but required for applications dealing with professional secrets like medical data.
ISO 27018 is a code of conduct supplementing the certification standard ISO/IEC27001 and in particular the normative Annex A. It does not give criteria for certification, but rather a set of recommendations to fulfil ISO 27001 with regard to data protection within cloud infrastructures. Since ISO 27018 formulates only in “should” rather than in “shall” (to be read “must”) statements, the protection level of different platforms certified according to ISO 27001, even when considering the recommendations in ISO 27018, cannot be compared by fair means. The set of recommendations is by far not sufficient to address European data protection requirements. Such certificates do not guarantee or imply EU-GDPR compliance.
For statements regarding data protection compliance, the Trusted Cloud Data Protection (TCDP) or more recently the AUDITOR criteria catalogues are relevant. The Sealed Cloud service iDGARD has been certified according to TCDP in the highest protection class III. This certificate has a modular structure. All layers and components of the solution must be certified and only if all components and their interworking comply, the full stack is compliant. The platform component of iDGARD, the Sealed Platform, is EU-GDPR compliant; in order to receive a compliance statement for your software stack being deployed on Sealed Platform your modules and their interworking with Sealed Platform need to be certified in addition. However, a re-use of the auditor statements on Sealed Platform reduces cost dramatically.
Sealed Platform differentiates itself against other Platforms by its unique property of being “provider-proof”. By technical means,
This is prevented by the innovative sealing technology. With respect to EU-GDPR compliance, this means that with Sealed Platform the state-of-the-art data minimization is reasonably applied to the administrators’ rights and roles concept as it is required by the GDPR principle of “privacy by design”. For applications with medium or high protection demand, solutions without such protection against the potential misuse of the privileged access rights of the provider can generally not be compliant to EU-GDPR.