Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
So now it's my pleasure to introduce professor Dr. Reinhard posh. I had the pleasure of hearing him speak in Australia two years ago. It's been many years since I've lived in Australia and it was, I was invited back to the seat of federal government there. And I have to say that Brian Hart was one of the most impressive presentations. So I'm looking forward to hearing him speak today. Thank you. Thank you for inviting me. And I nearly should apologize of having for having slide after the last presentation, but I have prepared them.
So I will show you them processing information on behalf of states, researching is not new. Many, many people are doing that. Intercepting and surveillance is not really new. Let's that should go.
Is that, is that the right thing to move? Do I, do I have to press harder?
Or, or is it the wrong device One? I do. Oops. Now. Okay. Somehow it works now coming from Austria. So it's not politically incorrect to mention this one in more than a hundred years ago in the areas of ish, Austria asked British post to open quite a number of letters as they come in to find martini a wanted person by, by this, you could say services of Austria.
Now, if you replace now, the players British posts by some companies and asking for help between states or countries, we are not so new also that they mention, if you read this article is quite impressive. Now, what is new with Sunden is the, the, the perception of this dimension, everyone now is aware of that.
And my, my talk today should focus or I'm trying to focus on how can we make use of that? What, what is the impact is that who, who is take, who is the, the ones potentially taking advantage on potentially being disadvantaged by that?
And I'm, I'm, I I'm just listing some professional programs. You all have heard about that. Go in similar directions and you will see, this is the task of these of work. And it's known, you know, as my previous, as you heard on the previous talk now, who is really threaded by that the general public gets alerted in a, I would really say over alerted by this because it's information, they cannot really use. They get some alert, they don't get medication, they don't get advice on how to deal. Potentially. There's nothing to do about that.
It's just the press, you know, bring that and gradually they will lose attention and that's possibly the worst thing. They will lose attention and not take care anymore. Businesses, at least in Europe. And that's a big difference between Europe and us are going extreme. There's one set of businesses that say, no, don't react, stay exposed.
You know, it's not only versus NSA. The NSA is not the, the, the real problem. The problem are those who are doing the same things for other purposes or for purposes, NSA does not name. And there's the other set of companies, companies that are overreacting and possibly losing competitiveness. If the reaction is we have heard about cloud, it stay away from cloud, then possibly someone really should have paid.
If you view it from the, from, from a us perspective, someone possibly really should have paid Snowden to do that because it's raising the, the, the competitiveness in, in this dimension. I'm just putting your ideas.
You know, it's, it's not my, I'm not even saying it's my view. I'm, I'm putting other views on, on this item so that you get a little tuned on, on possible effects. We have politicians are producing fast and sometimes superficial reactions, which is also a problem. And governments do not have control of over the suppliers. And that is in effect. We know from the internet since long, it's just becoming, we are just becoming aware right now.
And one, one aspect I will go back later on a little bit is for just imagine you have the cloud, you have the internet and you have a search warrant. Now, if you have government data in the cloud and you have a search warrant, what does it mean? One country is searching against a different country now under a perfect legal and necessary cover. And that is what we have to work on. We have to work on, on, on schemes, on solutions and the situation creates or demonstrates unequal chances us versus other states. The it's not so much discussion.
You know, Snowden is a discussion in, in us, but the, the reaction versus cloud, et cetera, it's not so much discussion in the us. It's small business against big industries. Big industries know how to defend, but small business are threatened. And when it comes, not only to, you know, spy in terms of political things, but, but getting the need out of it in terms of IPR, then it becomes crucial. Some intended effects question, mark, you know, I'm, I'm citing some something you can read on the internet or on papers.
And one thing is, and I'm come back to that biggest concern of NSA officials say is that foreign individuals or group targeted for surveillance may now switch to more secure communication methods, which means more effort, obvious, more effort in terms of surveillance, but is that a threat? Is that a good thing? It depends on what, from what angle you looking from. And my question is, how long will this sustain? How long will we stay alert?
How, how can we use this method? Would we have been given for free to alert our businesses, to alert our people do more in security? How long can we use that? How can we, you know, balance this on a long term run again, business insiders, that snow effect is crushing tech firms in China, that this China versus us has been known for long. But now going that into a broad way has commercial effects, which have not been foreseen or have not been seen before many considerations focus on the, the effects of the us only.
However, the impact on the rest of the world is probably much higher. And I, I just mentioned this cloud security search warrants, cetera, et cetera, which has basically nothing to do with Snowden, but it it's suddenly coming up. And we have been indeed discussing that in the cloud, in the European cloud initiative, how we can cope with that. And I think it's a good, it's a good, good moment to put these arguments in.
Now with that, I'm moving a little bit into how, how can we, how may we react as states as companies, etcetera, cetera, we are now in the area where cloud and mobile mobile is really taking off this. Year's the first year where more mobile devices like tablets, et cetera, are sold than PCs. And that is changing. If you look into technology a lot, it's, it's, it's really a different technology. If you look into the security, if you look into the system now for most things, 90 or more percent data is open anywhere. So we can use it. Open data is not a problem, but there is a rest.
And how do we handle the mixture and the into we waving situation with the rest. There's a need of confidentiality. And when you have a need of cancer confidentiality, the first thing is you need identity. It doesn't make sense to have confidentiality without having identity, because if you are communicating in a perfect encrypted way to someone who don't, you don't want communicate with what's the hack. Now what it also shows us. You can exchange British post by GFE the, the, the, the, this element, which terminates SSL.
When you go to Google services, just one example, you know, you can put different ones and then communicates internally. So what what's happening on the right hand side is not in the power of the user. And cloud means you have many, many people working together. You have a very dynamic situation and you have no control on the user's side in at least in the public cloud, which means security is not within the yellow space, but security is also against, in, in terms of excluding the provider. You need confidentiality, which excludes the provider.
Otherwise it's impossible as the, the, the mass grows handling of security becomes more or less impossible. And that brings us to encryption. That brings us to crypto effort. And indeed Europe might be, or might become sort of a leader in that direction, because it's more traditionally more popular the encryption in the private sector, in, in the professional ITD than it's in other areas of the world. But the problem there is how do we keep the usability? How do we keep the usability when it comes to key management, cetera, et cetera, there's always turning down things or trends to be.
We have research like homomorphic encryption. Yeah.
I, I don't think that I should tell you what homomorphic encryption is, but it doesn't work. It doesn't work like you don't have to resources to do that, which, but, but there, there, there are lights there. For example, we have tools right now where you can re-encrypt. So I can give you data, which is encrypted. And I can give you a set of people. You can rein encrypt that data for, if you thinking about cloud, it means I can give you the data to hold and you distributes to my audience without you being able to access them while processing in them is a little more difficult.
But the question is, how do we get in control as a member state as a, or as a, as a country? How do we keep under control the whole thing as a company or as a state?
Now, one thing before we talk about control is we need to talk about jurisdiction. Now it's not about countries. It's more about which jurisdiction am I in? What law can I expect to be enforced? And it's might be a more, I, I used here Austria, not, not before, because it's sort of central in the European map, but become, because I'm coming from that direction.
Now, I might be very confident if, if I only commute, if I know my data has not, has not been communicated outside my country. And just imagine banks, internet banking, knowing there is a mechanism that, you know, this data did not go away or come from outside, that would dramatically change the security of electronic banking.
Well, another set might be EU. You know, if I know the data has always been communicated within the EU, and I'm not only talking confidentiality, I'm primarily talking other things like not being forged, cetera, cetera, this might be very valuable. And the third might be, you know, friendly countries like the greens ones, and it's arbitrary. You can make any set, any set. What important in, in, in any such innovation you envisage is that it can grow within the existing system. You can start from any point. Everyone has its own view.
If you view that from Australia, you, you, you might view Australia will be your red spot, hopefully, and that, that must live together. And it must also grow. You cannot switch a country, you know, just on a big bang, but you could, some providers could voluntarily, or even by an legal convention, follow a rule and technology and protocols could assist. And I'm not going into details, but jurisdiction awareness is something we definitely will have some point in time, at least to my opinion, to incorporate as we go with cloud. Otherwise it will be very, very complicated.
I will have a, a demonstrative slide in a few minutes. So I still have four minutes to go. One element.
I said, insecurity, identity is key. And we are right about finishing the I regulation, which is identity and, and signature. It's a European wide seamlessly applicable legislation. And it's right now in, in its last phases of being born.
And I, I think this will help us a lot. It still has to prove that it's works on a day to day basis. And it still has to prove that it's swamping over to the private sector, it's targeting the public sector, but it has to prove that it's also good there. Another thing.
Well, as I, I will be back to the biggest concern. We need to invest in technologies that both target the mobility and the provider in terms of cloud provider, independent security, you cannot live with a situation where your cloud provider is also the security provider. And that is sort of tricky. When you think about 90% in 10%, 90% open data, 10%, something else. Now that needs that your, your, your, your file system, your databases are aware of this and sort of your data have a flag that they belong to the 10 or to the 90, but there is avenues to that.
And this is just a buzzword as we have seen. Now, the next real challenge will be document collaboration. If you look into Google docs, if you look into office 365, we will, in 10 years time not process our documents on our PCs, it will be sort of collaboration, but how do we handle not getting exposed?
There, that's a huge, a huge task to do. You know, we have HDML five and things like that. That help a little bit. We have browsers side encryption, but there's a lot of things to do. And as always, the, the, the announcements are much faster than the technology. And as we have seen recently, companies are forced to comply. There has been this court decision that Microsoft must release data, even if they are not held in the us. And it's not about Microsoft, everyone is, is bound to that. And I'm again, just putting the, the slide on that. What does it mean?
It means that we have to work on a cloud strategy that ensures that governments have their requirements openly demonstrated. And that also the European structures like the regional funds, the structural funds, which huge money are bound to use. These requirements are bound to use these government requirements. And that it's seamlessly in Europe because we cannot afford that every country has its own strategy. That is not, not the cloud for Europe. That is much smaller thing.
And I know about, I know what I'm talking about when I say it will be a hard task to, to bring that notions into C into a F into a F et cetera, et cetera. Now, let me stop at this point in time and say, let's help that it will sustain awareness. That is the contribution. And if you look to that bus, that's running the us. I think there's a potential that at least for some time, we will keep awareness of that. Thank you.