Welcome everyone to our KuppingerCole webinar "Role of data centric security in the cloud, how to benefit from cloud collaboration and how to protect IP. The speakers today are Dr. Bruno Quint, who is director of cloud encryption and Robert Rudolph who's product marketing manager at Rohde & Schwarz Cybersecurity, and me, Martin Kuppinger, I'm principal analyst at KuppingerCole. Before we start some quick information about upcoming new events and some housekeeping information. And then after that, we will directly trembling to the content of today's webinar.
So we have a series of upcoming events. On Thursday, we will run our KC live event on solutions for servicenow infrastructure discussing data or relationship of IT, service management, and ITA. We have our customer technology world as a virtual conference in late October and our cyber security leadership summit as a conference, which will be in a hybrid mode.
So partially onsite in Berlin and with the ritual part, always one, so to speak, which we will be held into first hospital November. So don't miss these events regarding the housekeeping.
There's not much to disease, so we are controlling audios. You don't have to care about us, your unit, but you can ask questions at any time. So just to repeat the question in the answers part in the go-to webinar control panel, which is usually at the right side of your screen, you will find the option to ask them to enter questions. We will do the Q and a by the end of the webinar, but the more questions we have to more lively Q and a session will be. So don't hesitate to enter any questions around what you feel as verse to be asked. And we will do our best to answer these questions.
Last time, at least we are recording the webinar and we will provide boosts the webinar podcast recording and the PDF stuff, the webinar slides for your downloads, usually tomorrow, latest and day after tomorrow that you fall in hand with that, let's have a look at the agenda. So as usual for all webinars to agenda is split into three parts. In that first part, I'll talk about cloud first strategies and how this relates to cloud risk and how to measure it, how to mitigate cloud risks.
And I also wanna look at the role of information security in this context of data, get Xs governance and data protection, and how to get better in what we are doing into context off the cloud and in protecting our intellectual properties. Well, in the second part, then Dr.
the challenges of moving to the cloud and specifically for pharmaceutical and chemical companies, but others as well, which have, how does sensitive IP and already information to protect. They will then deliver some insights into the hood and trust trusted gates, which allows us protecting workers into cloud.
They will discuss options for solving these challenges organizations are facing, but also based on their reward experience from projects. So, so let's get started with my part. And I want to first look a little bit of what does it really mean to protect data in an insecure world? And I think the first thing we need to except is we have changed. It's often running longer. Some we have observed, I would have passed and a little bit more months right now. So the one thing is cloud is the new normal. And we have seen the shift to cloud first strategies for quite a while.
And it wasn't as interesting to each physio in the last, maybe two years that routinely every organization I've been talking, even organizations from critical industries defined normal, fuller cloud first strategy. And so I would say trust reality, even for critical workloads, even in critically industries, that there's a clear tendency towards the clock. The other thing is we have to move out of workforce.
And while this mobile workforce thing was probably more about business travel until lately acknowledge since March it's largely work from home, but it's still the mobile workforce. We are intensively using software as a service and collaboration platforms are strong tendency to these platforms. We see moving it, it has our stuff moving to the cloud. And on the other hand, we have these changes in security. So there's not this net for a perimeter anymore.
Oh, well, all the protected things happen behind.
And one of the other concepts, which is intensively discussed these days as zero trust zero trust is really about accepting that there's not this perimeter anymore. In the sense of I have my internal network and the firewall around and everything internally is secure. This is really past. So we have to accept that workloads happen to cloud that people are moving and we need to react to that.
We need to, to protect these environments with all these various types of attacks we are facing, but also with more and more threats by professional actor, speed, industrialist, few NH snatched by by companies, or are you by driven by states? And so we have a, the increasingly complex challenge of protecting information.
It's just because of the cloud or elastic cloud makes things reverse. I would be careful to something like that because you also need to be realistic. Many of the cloud providers have today are way better in security.
The ever organization ever can be trust from, from investment into securities. So the cloud has its risk or shifting workings to the cloud has its risks, but also its opportunities. And we trust to go for, I would say fair and well sought on transparent assessments here. So what you really need to do is we need to understand cloud for skin Beth. We applied at same approach, every thing and best we will say.
When we look at a cloud service, we look at the alternatives and compare sort of on-prem versus when we look at the risks, because we're running the same service on premises might be fine, more risky than it is running the service in the cloud.
And so chocolate looking at cloud risk is I would say, it's not fair and not realistic and not correct.
So, so, but anyway, we need to understand, we need to assess this risk and we need to understate and understand the entire risk costs across our supply chain. So when you're looking at manufacturing and mango, looking at complex supply chains, we have literally every industry pharmaceuticals, chemistries trust, part of that, then you also need to understand the tourists come from other actors in the supply chain. So this is this CS CRM, the cyber supply chain risk management.
So the way we do it, and many other stood, it's really building on industry standards and best practice such as ISO 27,001 and others to do a risk assessment, to understand in her interests, which are, are there first risk mitigation? So what can we do in a contractual side?
What can we do about heading additional technology? What can we do by, by changing our internal behavior, et cetera. And then we end up with some residual risk, which kind of be accepted or not. And the risk becomes interesting because this is really about saying, okay, if there is a risk, what can we do?
Technology-wise was out on types of those matters to mitigate or to reduce that risk. And that will be one of the important elements of today's webinar to look at such risk mitigation, mitigating measures. So why don't we do this first assessment? And I won't go that much into detail. We start with common risks. So it's come a list of risks, which then can be detailed into the specifics of an organization. And then what is the, the impact of the probability of the Verisk? What can be done to mitigate that risk and how will be the, the, the residual risk after lying the key gating measures.
So this is something which can be prepared by providing a lot of sort of predefined potential mitigations, but it's a process you must go through an, it makes a lot of sense and that's upset. It makes a lot of sense for every type of service and specific events about there were highly sensitive, highly valuable, et cetera, informational assets. So it's about intellectual property. What do you also recommend here is to say, put this into a product context.
So we trust a while ago, we find a picture and the concept behind that, there's a lot of research on our website, which is around our KuppingerCole information protection lifecycle, which is a process that looks at how, which types of technologies, fixture types of methods, which concepts apply across the entire lifestyle cycle of organization, which starts with the acquisition, so to speak. So information is created.
So we need to understand what is information is about the need ends up with the disposal, for instance, the archiving or deletions of inflammation in in-between.
We have various levels of things to do. So we need the access controls. We need to want to turn detect what was happening at the med for a pet, the inflammation. Sure. We need to have contain and recover. So understanding that effect and analyze and limiting effects on what could happen on the Oregon station. And if you also might, that might go for DC, but an important element that's in that entire picture is the secure thing. At the end asylum to stand up excess controls things we need to shoot to protect, and the inflammation directly at the inflammation.
Some technologies are out there for quite a while. You look at some of the information and present information protection technologies.
By at the end, it is our database security in some areas with tokenization, et cetera. It's about security. It's about encrypt and or tokenized mask redacted pseudonym, and do that at all levels at all stages at all phases of in-transit in use at rest.
So key focus, the core focus of what we are doing must be on securing the information itself, not trust security it by having Xs controls on the server, but by encrypting information, by shielding information, in a manner that this inflammation is really protected in every phase of its usage. So this entire securing thing is also something. When we look at another concept of whole KuppingerCole that uses the security fabric and this the security fabric to not also the security reference architecture, we look at the various elements of such a security reference architecture.
Then we have this, these various stages and we have to protect part in depth.
That's really about protecting information. When we look at protecting inflammation out that, that the black areas here, that we have these technologies such as an information protection, data, security change control, but also the data access governance piece, which is a little bit more to the right or at the middle of this picture. So we have a couple of technologies, which, which help us in protecting information. And while of these technologies will be done. Dr. , we'll talk about it few minutes.
We truly helps in accrue encrypting in directly protecting information. And so every part or every area, security infrastructure, every security tooling we have should focus on this. How can we protect information? And that must be part of these elements you have within your security tools. And it's an essential part. And I am a big believer in looking at this inflammation protection at a very central place, because at the end of, of your realistic, what do we want to protect?
We want to protect information. It's not about protecting the network.
It's not about protecting the system or the application at the end. It's about protecting the inflammation, does why we do network security. That's why we do all the other things we do insecurity because we need to protect information from being stolen, being deleted, being altered in an inappropriate manner. So every type of malicious exes at the end, it's about inflammation. That is at the core. So all this in our perspective mess, that ends up.
Cause obviously when we call the security fabric, some of you might already seen our, our model often could, we would call identity fabric, which looks at Reiki, identity, sidle sinks, the security fabric, Dennis is really how do all these things come together from a security perspective.
And in the middle, you see this, these circles, these which are lined with information protection, life cycle, and the reference architecture, and it's about understanding, how do you really come to a consistence out service of the child, Pugh protecting everything, the identities, the devices, the data, the applications, the systems, the networks. And as I, at the core of everything, that's the core of what you do when investing into security. It is really this part of information protection.
So Dennis, what I want to bring this to you. So if you go to the cloud and this is, I think one thing we are very often the start of mine at logon right now, the handle that's all come together.
If we go to the cloud and compare it to the traditional on-premise environment, then the sprawl data, the sprawl of information is far bigger. It's far more difficult to keep control of that, which means he needs to really move forward towards putting information protection center, because that is what is hard to get a true bond on.
If you protect information in every station use addressed in motion, the risk of losing information of leaking information of a malicious changing information of in compliance by that protected information. Good enough is reduced. It's mitigated and does what we need to with that. I'd like to hand over to my, to our speakers, which are this upset Dr. Porter Quint and Rudolph, and I make Mr. Quinta presenter out.
So Ben, it's your tone?
Yes.
Hello, wombat come also from our side. My name is and my colleague Robert Rudolph. Hello. So we would like to show you a little bit more about the data and data security in the sense of pharmaceutical industry, biotech industry. And what we figured out is what kind of use cases will you see if you, if you analyze your work and how you are really dealing with confidential data. So maybe you have research collaboration all over the world with following branches, international research organizations.
Maybe you have to do some data exchange with international suppliers sitting in Asia, somewhere of complete different security domain. Maybe you are working currently on approval of trucks. Maybe COVID-19 some, these let's say mixing, we are currently heavily waiting for you are running tests with patients, but this is definitely a high sensitive usage of regulate data. It may be also are just looking on some intellectual property protection, because we all know that already is very interested in, in some medicine of other countries.
And nobody knows who, who somebody will to, what kind of you, they will do really do to get some knowledge of other companies all over the world.
Yeah, that's right. These are the burning topics.
So what, what about, I mean, I know of securing data, for example, data and motion VPN. So everybody's working from home using VPN and we know firewall and so on, but how is this changing?
I mean, what, what's the state of data we know, right.
Yeah, exactly. What Martin coupling already said to security has this has a certain flavor. And here what we are focusing with in this talk, we are focusing on really data confidentiality, data privacy, and about the different states of data itself. And we have to, to get a feeling how we are dealing with these kinds of data. So y'all know that when you're running your business inside the company, you have a pyramid of security, as Martin already mentioned, and you are storing your data.
This is normally mentioned as data at rest defined. So you're storing your data somewhere in, in, in, in containers, in backup media, in files and folders or database, whatever you have to calculate, you have to use the data. Then it's data and use the, the excess of these different data. Flavors is all handled wire rights and relevant management systems, identity and access management systems.
So users will access via these whites and volts to data and rest to your file shares to applications where data on use, and maybe you are communicating with some partners or with the cloud.
Then you have to use somehow some data in motion security. For example, something like a layer, two encryption, a VPN encryption, or at least maybe you are losing just a TLS encryption, which is a very poor one, but better than nothing. But then you have your data stored somewhere in, in you, in your cloud systems. And therefore we have to, we have to think about what is the difference between you you're storing the data and just be, keep in mind. If you keep your data in motion, we are talking about nanoseconds.
If you're working, if you have data in use, we're talking about milliseconds, but that means 99.999% of all your time, the data are still in rest.
So they stay somewhere stored on us storage systems. You are securing the status with your perimeter security and you control the access of your data via your rights and role management systems. But you lose complete control inside cloud systems because here somebody else is taking care for excess. Maybe you have some rights and old systems, but you can immediately compromise these active directories very easily.
And just be able to talk about here about cloud act issues. You lose the control of your data. If you're using data in a unsecure infrastructure, like a public cloud system is if you have a closer look on these different data security in terms of confidentiality means about encryption. You're talking about it, corruption and other things.
And we have a look on how we are dealing with this data inside your own data centers, maybe, or also in the cloud, the backup media devices via secure you, your data with proprietary solutions coming from all the storage providers in the world, you have your storage volume devices.
Maybe you have your some low level encryption mechanisms, like for example, a disc, a disc encryption. This is so-called container storage while your security, but you have also find folder encryption. And maybe you also store some data and databases.
This is a little bit different because here you have not proprietary encryption mechanism. You have to use standard way encryption because you want to access this via almost any applications, any database systems and whatever. Do you have data and use? This is definitely by definition, good running in a, in a application like SAP is, is such an application, but also you, you have to consider that also collaboration platforms like SharePoint is a application, which is accessing these kinds of data. And you see, we are focusing in our discussion right now on file folder.
David is in data and use and data addressed solution. Cybersecurity has a tremendous experience in data motion encryption. This is what our colleagues are doing, but we are currently talking about this feature on the sense,
This is, this is one focus of trusted gate. So it's another focus.
Yeah. Olivia talked about confidentiality. That means confidentially can be secured with encryption mechanisms, but we also have to talk about privacy and export control situations.
And in this, all of you will have the global situation in the world are some privacy regulations worldwide and astonishing. If you all have look on, for example, China, China has, China has a very strong, strong privacy definition because of a button to export any private data outside of personal data outside of China and astonishing.
If you also have a look for example, on color, Tonya, this small part on, on, on the side, also from summer last summer, this year, they do have also a privacy act inside California, where it's forbidden to move data from California, people from outside California. I'm wondering how they are doing this because Google and Facebook and everybody is sitting in this area, but there's a lot of, of legal restrictions inside the world where they, where the control, where are you going with private data of users? It doesn't matter if there's a state which state these data it's forbidden to do it.
So
It seems to be a very heavy loading for, for international organizations. So are there any international agreements that can reduce this kind of loading?
I mean, you have to pay attention to so many privacy acts.
Yeah. Privacy. It's a good and a good cause. Maybe you remember that we had just a couple of weeks ago, the were European European court of justice declared that the privacy shield, which defines how data exchange between us and Europe countries is working, is not longer valid. That means it's forbidden now, or almost very complicated to exchange no personal private data between Germany or other European countries and us. So we do have a challenge here because we have to work now with this challenge of the European court of justice.
And we have also to keep in mind that since long time we know that there's a cloud act in, in, in the S court. And the cloud act defines that any into that, any us services, intelligence services, if they require access to data, you're not supposed to foreign companies. They will look at it, whatever it means, whatever it takes, the cloud act defines in the new version that you will have that NSA and everybody else on the same situation will get complete access to European data on all American software service and whatever.
It's not for blaming Microsoft, Google and all the others.
It's American law and they have to follow it. And also that means we have a lot of challenges for export resections. So we have to keep in mind, which kind of data is able to leave the country or is allowed to leave the company as a country, which data has to stay to the privacy issues inside the country like Germany, for example, then how it's allowed them to work.
For example, with Microsoft teams, obviously five, because this is an American software, does this, you are communicating, you're running and we have to consider and to, to get faced with a challenge, how to deal with all these challenges, how to keep our, how to control our data, that they are, whether it be we'll keep them on privacy, act compliant and also confidential.
So now we see in the perspective from the companies, they have a lot of things to consider. How about the user perspective?
I mean, for them in their daily work, what, what, what are their problems?
Yeah, you've seen a lot of challenges, complicated challenges, and we have to deal with all these challenges. Some are in organizations have to deal with it, but the perspective of a user is they don't want to take care about security at all. They just have, they just want to work for data exchange for collaboration. They don't want to do too much organizational effort to secure data and to keep them private or maybe also confidential in the sense, but that means the challenge for the provider of such security.
So using this, we have to become more or less completely transparent. We have to solve these user challenges, the work challenges, and we have to provide a suit solution, which keeps it more or less complete transparent. That means highly automation and highly, let's say more or less transparent interaction of data streaming. What is what we have to do. That means we have to, to, to do a lot of effort to keep security out of the view of a user.
Okay.
So what's, what's, what's the solution. What's the total solution, how you can solve these challenges.
Okay. I have a closer look on it. That means so nationally is we want to work somehow in a Microsoft environment.
In, as I means Microsoft teams, Microsoft 365, maybe also shop on online. On-prem whatever, what you've said is we want to keep the user out of, of any security. Like that means users just sending out a kind of document. Let's took an example of a document of our document. He wants to upload it all. He want to communicate. You also exchange it with some other persons. It means you have to upload it somewhere to the cloud. What you're doing is we are intercepting the data stream. The data stream is just HD pass or whatever.
And what you're doing is intercepting the data stream with a piece of software. So we are running somewhere in the network hybrid on prem, or maybe also in some cloud versions.
So we intercepting it. And what we're doing is what are your fluent is whenever you are uploading sensitive data into the cloud. And the cloud is an unsecure infrastructure. That means we give up control of the data because a solution like SharePoint teams, what they're doing is they're analyzing these data immediately or search issues, or they're building up indices and index for search.
They are building up previews lists before they are storing inside a storage system database, or file-based, doesn't matter by system based. So we are not allowed to, to upload any real sensitive data. Let's say what you're doing is we're keeping careful this experience, what we made and what we doing is we are just uploading them to piece of paper.
Empty piece of paper is it's sounds a little bit, a little bit too curious, but it means that if you have a written piece of paper in a word document, we are taking out all the texts and sending up just to meet the information of these document and with this meta version, just cause it's just an empty piece of paper, this meta information it's got uploaded.
So no sensitive content will get access by any cloud tools, applications, whatever the real estate data you're taking them.
We encrypting them submitted as a medic, configurable, whatever you like, but this is currently not enough because customer organizations are still working on quantum computers. It's, it's quite a challenge, but they will get it and they will succeed with it. And the reason why our customers say, okay, even if we do a, we do have currently post quantum cryptography and all these things, what can we do? And what we are doing is we for commenting the encrypted document, the binary, which is encrypted, we are fragmenting it.
And the drawn is these, these fragments, these binary fragments are completely secure because you can distribute them across different storage systems over the world globally, or you can store them on the regional systems. And if you just have a look on, on these chunks mathematic, you couldn't reconstruct them again because mathematic it's not longer possible.
It means you have a complete secure.
So usual, wherever you do have a integration in to current applicant, current workflows. So we can integrate complete Spradley inside Microsoft teams office. Now it's called Microsoft 365. We integrate into the SharePoint into everything. We don't expose any sensitive data to unsecure infrastructure. And we keep control on the production level for the co for the real data, the, of the customers, the user control, whether they want to stall them where they want to, to run them directly and how to do the complete accessment.
This sounds a little bit complicated, but we can do it in a really, very scalable transaction. So we can run up to with one instance up to 400 megabit per second throughput. That means really a highly, highly scalable throughput in a few is not enough. We are running just several instances. There's complete running and tool into architecture like with microservices. So you can run them into, into VMs. Or if you like prefer that we can also run them into tacos. So completely scalable, completely state of the art technology
Question by my side, what's the impact for the user?
I mean, how do the, do they have new workflows?
Yeah, no, there's a VOC from is completely transparent for the end user. So the entry was, I was just working on his normal clients like world, right? He's running on in browsers, whatever. So he's accessing just the Microsoft will look at you. You will just have given me a minute and then we will show you some, some, some slides about the user interface. So you're running completely transparent in teams in, in SharePoint where it is, or maybe also in other parts. So when trusted Kate is running, technically it's running via reverse proxy.
That that means we are completely transparent for the end user. And this is what the challenges. Okay.
And there's no need for additional software on the user PC or something. So you don't exactly. That's great.
Exactly. It's just all the site users working with the existing software tries to Cate the own challenges we have to intersect. Somehow the data stream between end-user and, and public cloud, the storage can be somewhere. You can store it in, in, in, in other cloud systems.
So you can work on Azure storage in Google or Amazon, if you like, or if you have some legal restrictions and say, okay, I need due to privacy issues. I need to stay. Or that my data, my personal data have to stay in Germany, just stored in a Durham, a data center, or maybe also on prem in your nurse systems or somewhere else, wherever you like. And you can see in this issue you have, but employees are working complete, transparent, trusted, caters, running somewhere inside the data stream. And that's it.
This is, this is actually, this is a reference project, right?
So it's, it's how a German pharma company just controls its own cloud data. So, so what, what, why do they want to use trusted gate in the first place?
Yeah, so challenges that they both want to keep control of their data and about the confidentiality of their data inside the cloud, because we pharmaceutical and biotech companies are currently heavily attacked by a tech us worldwide. For example, all these let's say research institutes, institutions, which are currently running work or with, with COVID-19 yeah. Maxine or whatever they are. They are the observation. Let's say industry and observation means different, different kinds of observations due to governmental part you to criminal part.
I don't, I don't understand the difference, but it's more or less the same. And what they're doing is here. They want to keep the control of the network property. There's another issue, but they are taking account. For example, they need to take control of data regulations. It means we have seen also in, in, in our first interview, if you're working in a global way, maybe you have laboratories in different countries.
You have, you have production factories in some Asian countries, and you want to exchange, exchange some data with, with affiliates, not worth with your own companies.
It's a big, big challenge. And the challenge we call this localization localization means you, you have to work globally, but you have to, to, to keep in mind your local regulated and legal regulations, which defines its special data are not allowed to leave the country. For example, person data or some patient data or whatever, because you have to run at some point, some tests with Ms.
Patients, how do you do that is not allowed to do them. So in, in this sense, what we, what we run here in this, in this way from site, the pharma company run half the in, in Germany. And they run in different European and worldwide countries, some special, they have some special subsidiaries and to have partners where they work together and all of all in these different contexts to, to follow up local regulations, that means they are not allowed to do this.
We have done this with, with the local installation of cascade is running in these different countries and keep control that the data regulated, we'll never leave the country.
And this is a use case for, for localization.
So yeah, let's, let's show our, our attendees.
What, what can we do? How does it look to use trusted gate? For example, with teams, I think we have prepared a set of demo slides. So you can see how you can use teams. And there are two perspectives. There's one perspective. It's the user who's authorized using the Steve's channel and authorized to use trusted gate. And there's the attacker's perspective, right?
Yeah.
Rob, as you know this, on the left side, you can see an aloud, an authorized user who are doing it. So it, it means we have here, the transplant, you have a authorized user who is running now with some work in teams. As one example, on the other side, what you're showing you is what is no, currently a little bit, you can see the attack on the white side and here Adam is now uploading a, a sensitive document.
And on the other side, you can see you that the attacker, we call him Donald he's a data collector and he would get somehow access to American US-based service, US-based companies, whatever. And here you, if you have, if you have look at it, he's seen a little bit different because, because he's working not with prosecute because it's not authorized to it. He's not able to access it.
You will see the different access. So if he is looking on the side, he will see completely different approach. This is a native teams and Microsoft environment. He will get no access to any sensitive data.
Have let's have a closer look. How such an example can run here. You see your chat, more conversation where he, somebody is talking with each other and he will find, he will talk with his research team about some special results. And it's uploading also they don't some, some Excel sheets. If you see on this side here, you can see on the, on Donald's side, the complete chat and colonization is encrypted, really encrypted on the sense.
You will not get any access to it.
And even if you upload now some data like an extra sheet on the left side, you see completely transparent so that you won't see anything from, from trust, located at all. But on right side, you will see because data even then shut out, stored somewhere in the SharePoint system, shepherd, you see here, you can equip the complete files, whatever you like, you won't get any access. If the attacker will try to access it, it's an empty document. What do your have? We just put a dummy sentence inside. So whatever he's doing, he's downloading it. He's accessing it online.
You won't get any information because it's empty inside the cloud system. Only empty documents of it. Trust the gate is giving you the view on it and countries. So if you have now on, on the, the authorized access, you will get the return.
It's a very tiny form.
Actually, what we're doing here in part is just an example. We'll see whatever he is doing. He will get transparent access to whatever he like is authorized to it. What you're also doing is we are providing a secure search for that. That means we are not allowing SharePoint to build up an index because it's not secure, but you're doing this below. We are creating an owned encrypted index, running it to you in the, in, in, in the taps so that we can get directly full access search mechanisms geared towards finance or whatever it, because you've seen finance also encrypted.
We can provide you the full, transparent access. If you are making now a full text search to that side. And if you go directly and you see you as a result of now the population or to what we looked for and the white side, if Donald twice to do the same search mechanism, because he's running just on the chaperone search, you will find nothing because there is no information, no real sensitive information in the encrypted document.
So this is what we want to show you. And just an overview of what is providing cascade is providing not only for secure collaboration and overview.
So we are supporting teams, Microsoft easy, five SharePoint, also on prem. You provide on premises and the same way also hybrid and cloud-based solution learning also directly into, in south Asia. We also providing data exchange with data rooms solutions, may the control mobile access.
And we provide a lot of infrastructure solutions like , if you don't want to work with you real identity in clouds, which is forbidden for some persons, we provide you secure co-creation via encrypt transplant, one drive for that and provide you also a multi tenant solutions inside a secure infrastructure. So this is what we want to show you. And now it's time for Q and a.
Hey, thank you very much. Let's speak media operator again. So it's quite already set. We are about to enter the Q and a session and we're stopped. Yeah. Let's look at questions you already have from Paulson. First questions I have for you. This is very important to, you know, we have bus you so you can run. So where's it operated in which time of cloud, which type of SAS on premises. So at bend, I said, run,
We can run it wherever a customer likes to have it because the use cases are depending on the use case of the customer side. So we provide piece of software.
We provide tools that a customer or an organization can install it on. Prem can install it on hybrid basis. That means you can run parts of trusted gate, some the, you know, drum cloud, or if you like also in Amazon and work on Azure. So we are completely choosing the architecture. What we are, what we are doing is we are running completely on the demand where a customer needs to have it. And this is just defined by your use case.
Okay. The next question I have here in front of me is so in case that would be a government request based on a court order to handle over encrypted data.
What happens obviously, a customer could follow court order, and this will be off if she doesn't want probably I think that that's, I assume the background of the question so, well, what's the answer in that?
Yeah. Now that we have three parties in this game, three parties means the customer owns his data. He owns also the only keys we have rolled off SWAT is trust providing software. And Microsoft is just providing, for example, a cloud environment cloud like Azure or teams or whatever. So we have three, three players in rod.
So if somebody from governance come and say, well, you need to, to hand out something, tried one or two others, not able to do anything because we don't own the customer keys. If somebody is going to Microsoft and caught somebody say, sorry, we don't have anything. The only one who is able to have to get access to the data, to the piece itself, it's the customer itself. You own Syracuse. You own the data and that's it.
Okay. Next question. The other thing that was an interesting one might be hard concept for you because it goes into licensing schemes as well, to benefit.
When you look at the simple play you touched with the Microsoft 365 environment. So it started isn't the ease free license is sufficient.
And the, can you do kind of customer due to us out of the five license, which tend to full include the full AIP capabilities? Or what is it? How is this?
Yeah, we are completely compliant with Microsoft. We are working very close together with Microsoft. We are co-sale partner for Microsoft. That means what we're doing is we are integrating also completely transparent inside the Microsoft applications and also security solutions. So whenever, for example, customers using data classification tools per say, okay, good, very nice. Because then we can run. We can use this data configure classification for automatic implementation of these classification rules inside trusted gate. So we can read it. We can completely transform it.
So we are completely transparent to Microsoft. We can run with you three.
Yes, because we just need, we just need the application itself and provide you high security solutions, which are independent, but completely compliant to for the Microsoft solutions.
Okay. Thank you very much.
We sent, we are, that was our list of questions we had. Thank you very much for all the insights you provided. Thank you to all attendees for listening to this KuppingerCole seminar. Hope to have you soon back in one of our upcoming events. Thank you. Thank you.