Internet applications provide many benefits. Yet they can be risky: After all, apps process and store user data in online data centers (clouds). Hence, users lose control of their data, not knowing who else can access it or how securely it is processed and stored. Data center systems are alien for users.
This is why many businesses are reluctant to use clouds for sensitive applications (email, online memory or common web workspace).
Sealed Cloud, on the other hand, a technically sealed data center, ensures users maximum security. Data is protected via technical means only. For this reason, one refers to technology-based trust.“.
In contrast to other systems, Sealed Cloud protects data across an entire processing chain. By mere technical means, Sealed Cloud excludes the human risk factor in data centers altogether. Hence, neither service provider staff nor external cyberspies can access unencryted data at any time whatsoever. This is where other security systems drop the ball. Major scandals that involved Telekom, Vodafone, Dropbox, and Ed Snowden corroborate this.
In public cloud systems, multiple users of an application share an infrastructure by using a common data center. The individual users‘ data is not interconnected. This is normally ensured by a software’s technology. However, this also postulates flawless operation of a software. What’s more, operational procedures must be followed. For cloud providers appreciate security and reliability. Unfortunately, however, vulnerabilities are quite common. Such weaknesses run rife in data processing, in particular. In other words, in computers that process unencrypted data, i.e. in application servers. These vulnerabilities jeopardize the data’s entire security. After all, each chain is only as strong as its weakest unit.
Sealed Cloud secures each application server individually. Application servers are computers. This is where the programs with unencrypted data run. With Sealed Cloud, all servers are locked in racks. The racks and servers that carry the data are hermetically sealed technically. If provider staff or cyberspies try to access an application server, all unencrypted data is instantly moved to another server and deleted within the initial one prior to access. In other words, all access is excluded prior to deletion. The system controls itself: The instant it detects any changes, it is disconnected. Yet before the power is turned off, the system automatically stores all unencrypted data on further sealed application servers.
With Sealed Cloud, it is virtually impossible to correlate data to a particular party. This enables safe data decryption on application servers. Content cannot be accessed at any time during an entire data path, i.e. from transfer, to memory, to processing. With Sealed Cloud, even parties obliged to professional and special official secrecy as per §203 StGB (German Criminal Code) automatically comply with privacy law.
A Legal Analysis by Steffen Kroschwald, LL.M., provet Universität Kassel. PDF
Sealed Cloud in a Nutshell. PDF
White Paper Sealed Cloud – Benefits & Technology. PDF
iDGARD White Paper – How iDGARD Protects Web Privacy. PDF
iDGARD for Media Firms PDF
Wissenschaftliches Paper zu Sealed Cloud – Sealed Cloud – A Novel Approach to Safeguard against Insider Attacks more
iDGARD Security Concept more