Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

1/16/2020
12:25 PM
Oliver Schonschek
Oliver Schonschek
Oliver Schonschek
50%
50%

German Companies Want Even More Local Clouds

The European data infrastructure GAIA-X can help connect thedisparate needs of German firms and create market access for providers from the EU and beyond.

A cloud data center in the EU is not enough for many German companies. They prefer German locations, preferably within their own particular region. At the same time, they need cloud services from US providers. The European data infrastructure GAIA-X can help connect these disparate needs of German firms and create market access for providers from the EU and other regions.

Cloud computing is growing faster than ever in Germany. In 2018, three out of four companies (73%) used computing power from the cloud whereas in the previous year it was only two thirds (2017: 66%). This is the finding of a representative survey by Bitkom Research.

If a German company uses, or plans to use, cloud applications, it seems that data protection is the top criterion when it comes to choosing a cloud service provider. Some 90% of the companies surveyed state that compliance with the General Data Protection Regulation (GDPR) is essential for cloud solutions. For eight out of ten (79%) a transparent security architecture is essential. The question of location is also an issue for cloud users and planners. For two thirds, the headquarters of the cloud provider must be located in the legal area of the EU.

German data centers are the preference for Germans, but...
If you take a deeper look into the survey, you will find out that a German data center is a must-have for 72% of German companies, even more than for the requirement that the data center has to be within the EU (66%). Only 8% of the German companies say that it is not important to them that they use a cloud data center located in Germany.

The German market knows several regional or even local cloud providers, which are successful in their very own region, like Baden Cloud. LEITWERK AG and E-Werk Mittelbaden AG & Co. KG joined forces here to offer a network of two data centers for the region.

Nevertheless, the German users want cloud services offered by US providers like Microsoft, AWS and Google. The question is how to accommodate the desire for strong security and privacy (see Data Protection in the Cloud Is Still a Big Issue in the EU) while balancing the need for the data center to be nearby, and accommodating the need for international cloud services. One answer lies in a new European project, GAIA-X.

Europe needs an intelligent mix of digital infrastructure providers
The announcement of GAIA-X (see Europe Starts to Build Its Own Secure Cloud) has attracted some attention and discussion, with opinions on it being quite varied, depending on the interpretation of the project's objective, says EuroCloud Deutschland_eco e.V., the German Association of the Cloud Computing Economy.

The idea of a European secure data infrastructure like this is to offer companies and authorities independence from large non-European cloud providers. It should increase the availability of data, especially for midsized companies. But this should also benefit other parties involved, in order to better exploit the potential of AI (see European Approach to Artificial Intelligence: Ethics Is Key), for example.

Oliver Süme, chair of the board at Eco, the Internet industry association, recently said: “Europe needs an intelligent mix of digital infrastructure providers and a strengthening of the business location for providers of such services. We therefore believe that user companies -- whether SMEs, global players, or even the public administration itself -- need support in the form of the availability of trustworthy infrastructures -- from edge computing to cloud computing to hyperscalers -- in order to be able to make confident economic decisions in this age of digital transformation.” (See this article from dotmagazine.)

The big US cloud providers AWS and Google are already engaged in GAIA-X. "GAIA-X can also have nodes in Brazil or China, or wherever it is needed, if it is relevant for customers," says Andreas Weiss, head of Digital Business Models at Eco. "Customers, then, can make that choice. They can mandate that the data must remain in Europe or in Spain or within a specific region," so Weiss. "It is this level of choice and self-determination that makes GAIA-X unique."

The project serves as the cradle of an open digital ecosystem in which data can be made available, merged and shared securely and with confidence," states the German Federal Ministry for Economic Affairs and Energy. "With the help of this ecosystem, companies and business models from Europe should be able to scale competitively worldwide."

Bringing local and international cloud infrastructures together
GAIA-X networks central and decentralized infrastructures into a homogeneous system. It should have a modular structure and is based on open source.

Cloud providers outside the EU can also participate in GAIA-X, insofar as they share the values and goals of GAIA-X, namely data sovereignty and data availability. GAIA-X could become, for international providers, an entry point into the German market in which many companies prefer a data center in Germany or even in their region. The local provider can also become the door opener to new international cloud services within GAIA-X.

"GAIA-X does not start to develop a new technology, but it is supposed to use existing technologies and standards (e.g. the International Data Space) to set up a neutral data infrastructure for Germany and Europe and to be able to use and change offers from various cloud providers without any problems," says VOICE, the Federal Association of IT Users in Germany.

VOICE strongly recommends now the following measures:\r\n

    1. To put the needs of user companies at the center of GAIA-X beyond avoiding vendor lock-in.

 

    1. To quickly establish clear decision-making and management structures for GAIA-X that allow rapid standard and standard development.

 

    1. To develop a technical roadmap as quickly as possible, which enables providers to participate and to offer cloud and edge services on this basis.

 

  1. Develop and bring to market examples of relevant, easy-to-use services that can be used by a large number of user companies based on GAIA-X standards.

— Oliver Schonschek, News Analyst, Security Now\r\n\r\n

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14174
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5....
CVE-2019-20901
PUBLISHED: 2020-07-13
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
CVE-2019-20898
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20899
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20900
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.