Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

1/16/2020
12:25 PM
Oliver Schonschek
Oliver Schonschek
Oliver Schonschek
50%
50%

German Companies Want Even More Local Clouds

The European data infrastructure GAIA-X can help connect thedisparate needs of German firms and create market access for providers from the EU and beyond.

A cloud data center in the EU is not enough for many German companies. They prefer German locations, preferably within their own particular region. At the same time, they need cloud services from US providers. The European data infrastructure GAIA-X can help connect these disparate needs of German firms and create market access for providers from the EU and other regions.

Cloud computing is growing faster than ever in Germany. In 2018, three out of four companies (73%) used computing power from the cloud whereas in the previous year it was only two thirds (2017: 66%). This is the finding of a representative survey by Bitkom Research.

If a German company uses, or plans to use, cloud applications, it seems that data protection is the top criterion when it comes to choosing a cloud service provider. Some 90% of the companies surveyed state that compliance with the General Data Protection Regulation (GDPR) is essential for cloud solutions. For eight out of ten (79%) a transparent security architecture is essential. The question of location is also an issue for cloud users and planners. For two thirds, the headquarters of the cloud provider must be located in the legal area of the EU.

German data centers are the preference for Germans, but...
If you take a deeper look into the survey, you will find out that a German data center is a must-have for 72% of German companies, even more than for the requirement that the data center has to be within the EU (66%). Only 8% of the German companies say that it is not important to them that they use a cloud data center located in Germany.

The German market knows several regional or even local cloud providers, which are successful in their very own region, like Baden Cloud. LEITWERK AG and E-Werk Mittelbaden AG & Co. KG joined forces here to offer a network of two data centers for the region.

Nevertheless, the German users want cloud services offered by US providers like Microsoft, AWS and Google. The question is how to accommodate the desire for strong security and privacy (see Data Protection in the Cloud Is Still a Big Issue in the EU) while balancing the need for the data center to be nearby, and accommodating the need for international cloud services. One answer lies in a new European project, GAIA-X.

Europe needs an intelligent mix of digital infrastructure providers
The announcement of GAIA-X (see Europe Starts to Build Its Own Secure Cloud) has attracted some attention and discussion, with opinions on it being quite varied, depending on the interpretation of the project's objective, says EuroCloud Deutschland_eco e.V., the German Association of the Cloud Computing Economy.

The idea of a European secure data infrastructure like this is to offer companies and authorities independence from large non-European cloud providers. It should increase the availability of data, especially for midsized companies. But this should also benefit other parties involved, in order to better exploit the potential of AI (see European Approach to Artificial Intelligence: Ethics Is Key), for example.

Oliver Süme, chair of the board at Eco, the Internet industry association, recently said: “Europe needs an intelligent mix of digital infrastructure providers and a strengthening of the business location for providers of such services. We therefore believe that user companies -- whether SMEs, global players, or even the public administration itself -- need support in the form of the availability of trustworthy infrastructures -- from edge computing to cloud computing to hyperscalers -- in order to be able to make confident economic decisions in this age of digital transformation.” (See this article from dotmagazine.)

The big US cloud providers AWS and Google are already engaged in GAIA-X. "GAIA-X can also have nodes in Brazil or China, or wherever it is needed, if it is relevant for customers," says Andreas Weiss, head of Digital Business Models at Eco. "Customers, then, can make that choice. They can mandate that the data must remain in Europe or in Spain or within a specific region," so Weiss. "It is this level of choice and self-determination that makes GAIA-X unique."

The project serves as the cradle of an open digital ecosystem in which data can be made available, merged and shared securely and with confidence," states the German Federal Ministry for Economic Affairs and Energy. "With the help of this ecosystem, companies and business models from Europe should be able to scale competitively worldwide."

Bringing local and international cloud infrastructures together
GAIA-X networks central and decentralized infrastructures into a homogeneous system. It should have a modular structure and is based on open source.

Cloud providers outside the EU can also participate in GAIA-X, insofar as they share the values and goals of GAIA-X, namely data sovereignty and data availability. GAIA-X could become, for international providers, an entry point into the German market in which many companies prefer a data center in Germany or even in their region. The local provider can also become the door opener to new international cloud services within GAIA-X.

"GAIA-X does not start to develop a new technology, but it is supposed to use existing technologies and standards (e.g. the International Data Space) to set up a neutral data infrastructure for Germany and Europe and to be able to use and change offers from various cloud providers without any problems," says VOICE, the Federal Association of IT Users in Germany.

VOICE strongly recommends now the following measures:\r\n

    1. To put the needs of user companies at the center of GAIA-X beyond avoiding vendor lock-in.

 

    1. To quickly establish clear decision-making and management structures for GAIA-X that allow rapid standard and standard development.

 

    1. To develop a technical roadmap as quickly as possible, which enables providers to participate and to offer cloud and edge services on this basis.

 

  1. Develop and bring to market examples of relevant, easy-to-use services that can be used by a large number of user companies based on GAIA-X standards.

— Oliver Schonschek, News Analyst, Security Now\r\n\r\n

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...