Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
Keynote at the European Identity & Cloud Conference 2014
May 13-16, 2014 at Munich, Germany
So I'd like to introduce you now, please. Hiker HRA is from the state of Reinland PNET. Do I get that right?
My, my Australian pronunciation of German is just horrible despite long association with very fine speaking Germans. So HRA is going talk to us today about the public service response to the kind of information we've seen come out of the Snowden revelations. It's been a big topic in many countries, particularly in United States. We've seen a significant set of dialogue about this. Very confused, very mixed, every lots of people feeling quite conflicted and various different ways. So hyper fascinated.
He, what your expression is. Thank you. Thanks. Thanks a lot.
And yes, dear audience, in the light of Snowden's revelations, do they change the way with you information security? So dear ladies and gentlemen, I would like to address this topic as it representative of the state of rhino pate, one of the German states and at the same time, COO and secretary of state in the minister of internal affairs and Homeland security and the state of rhino pate, the ministry in charge of security matters. So I would like to thank you for this invitation to Sam here, which wa I was pleased to accept for three reasons.
Firstly, because I was interested in the subject and the specific focus on the conference of European identity and cloud conference. So I was curious and secondly, because Munich is always worth with it. So I think that's your opinion as well. And thirdly, because invitation was put to me in such a charming manner that I was unable to refuse. So I have no slides, but I have speech. So I thought you saw a lot of slides the whole day tomorrow and Wednesday as well. So I thought it's good pause with slides and now you have to listen to a speech.
So first the question, if I have to answer the questions as to whether Mr snow's disclosures have changed our view in the public sector, on it, security in a radio broadcast or internet chat, my answer would be a simple and straightforward. Yes they did. And I might add that.
In fact, he did not reveal anything that we didn't not already know or at suspect only how massive or how offensive CI was. So who or what is Edward snowed, a hero or a traitor, an UN Wheeler of trust or a mudslinger a material or a hypocrite fuse on the septics de word strongly. That will also be true for those present here. And there is no clear cut answer at any rate. Edward Snowden has become word famous. And the irony of the matter is that he, the whistleblower has turned to Russia for protection against persecution by the United States.
He has caused significant turmoil across half the globe and specifically amongst the governments of Germany and its European neighbor states. So internationally, the disclosures of massive spying activities has triggered nearly a crisis in German American relations.
Meanwhile, the discussion has turned to more fundamental aspects of the activities of intelligence services. In few of the fact that other nations amongst them, or example the people's Republic of China or Russia are also striving to establish strategic positions in the I C T world. Yet the focus is clearly on the us anti-American opinion leaders and feelings have full mistrust, instant of transatlantic friendship, and as is reflected in the recent discussions about the transatlantic trade and investment partnership, free trade agreement.
So far, the only positive outcome has been apologize on the part of the us president as yet. No agreement has been reached between Europe and the United States on a no spy agreement or some sort of code of contact for the mutual intelligence agencies and services. This is also a matter of regaining national and technologies of ity.
Considering that standardization harmonization are playing a critical role in the digital world on the domestic front that's the other side, there has been a massive distraction of trust in information and communication technology by the citizens, by the users as whole amongst or also the business community alike. This loss of trust is significant public information. Technology must be secure. The state has a responsibility for sensitive data.
This includes for example, tax authorities, police ju judiciary, and is therefore essential that we should rebuild trust to this end full investigation is required with this in mind. An inquiry committee at the federal level has now been set up in the common German federal parliament, the Deutsche Bunda, which regrettable got off to a somewhat bumpy start had no agreement could be reached as, as to whether or not at which Snowden should be testify before the committee.
So at any rate events have sparked a widespread security debate focusing on new it security legislation, data protection designed to efficiently protect citizens and industry against spying central issues in this debate are the hardware and software standards to be applied. How cloud solutions are to be treated in this context, whether we should reconsider the way we use mobile voice and data com communication systems and whether encryption technologies should be applied. So further questions to be asked are towards extent.
We can obligate us American cooperations to uphold European data protection standards and which control options we have at our disposal to verify compliance with signed contracts. But did these discussion really ornate, ornate only from Mr. Snowden's disclosures? I think I may speak for all CIOs, both and the private and in the public sector. When I say that we have long since realized that society and the business community are highly dependent on well functioning information technology and secure information infrastructures.
And that gaps in the security of these systems will render us defenseless, guaranteed security in the cyberspace and protecting critical information. Infrastructures has become a matter of vital importance for a well-functioning society in the 21st century. What is new, however, the widespread public discussion and interest in these matters and the past, the matter of it security was if, if you will permit the expression dear and precious to us frequently, I saw myself faith with the questions. Do we really need these secure architecture today?
The question is often asked the other way around, what do we need I could to do in order to be protected or safe? First, the behavior yesterday, we have had a meeting of the state secretaries in ran Nate, and we discussed about the using of mobile devices in meetings, for example. So what measures should be taken first of all, the following must be noted given the increase bus and the number of severity of cyber attacks among with an in increasing professionalism of cyber criminals.
And the fact that perpetuators taking ad advantage of new technologies within a short period of time, a higher level of government commitment and closed corporation with industry and science is essential to counteract these developments. So dear ladies and gentlemen, any it system can, can be compromised and the use of it equipment should be therefore always be based on an ovulation of the risk.
There, we have to make a difference or distinction between safety and security, especially when we focus. For example, on industry 4.0 or critical infrastructure we have in our states, cyberspace has many users, both private citizens and businesses with the wedging interests.
The fact that private use and business is often seamless Leslie interwoven, for example, when using smartphones and take further risks from the point of view of information and security, let me use the example of cloud computing, cloud computing to illustrate the new opportunities, but also the risks, risks inherent, and this new technology and how we, as a smaller German state government strive to raise security standards to the largest possible extent. Last year, we were the first German federal state to obtain BSI certification for hub breed cloud system.
So for information for you, rhino P innate is a state with 4 million inhabitants, one of 16 German states in the th Western Germany bordering on France.
Luxembourg Belgium is striving to maintain highest security standards, but in corporation with the other German states and the following hepatitis underlie the current discussion about cloud computing in Germany and in the German states, given the pressure resulting from the need to comply with the public depth ceiling and those associated comprehensive retention programs on the part of the federal and state governments, the issue of whether or not cloud computing will be used in public administration as long since being decided a level of data protection that, that second a level of data protection that certified the needs of public administration cannot be achieved in a public cloud.
And which service may be globally distributed cert the private cloud model presents an appropriate option for public administration in order to tap into the extensive potential.
This new technology offers in terms of effectiveness, cost savings and efficiency enhancement will at the same time meeting all requirements for data privacy and data security, and fourth currently unresolved, unresolved it security issues present the major challenge and fifth and last cloud computing as a catalyst for modernization of the administration and the government, and is therefore of strategic importance for the public sector. So the ity aid state agency for data and information short form LDI at the central it service provider of this federal state, we have two data center.
So I shorten it at this moment and we realized during the first stage of migration completed by the end of last year, no former year, the adult set of 30 administrative processes of rhino pate administration, which had until that time run on 339 servers, we consolidated on this platform during a second fast, further administrative processes on the administration, as well as processes of customers, of other federal states.
We integrated into the cloud services coast efficiently and in line with demand with this current platform as a service model, thereby creating a leading edge, a coast efficient solution for public administration in our state. And now, yes, we exported it in the other states as well.
So we are able to, with this regard that the public administration in the cloud infrastructure is confidentially availability and integr as well at the CS, the associated data, privacy and security concerns of the commissioner for data privacy and freedom of information of the, our state in ality net said security was a special focus on the development of the cloud system architecture and therefore work on the project was carefully monitored with regard to these objects and conducted and such way.
The cloud infrastructure was certified in may 213 by the federal office for information security and occurrence with the ESO 27 1 on the basis of it baseline principles. That was the first certification of a cloud service ever granted in Germany. And we are a bit proud of it. You can imagine this.
So, and is due to the systematic implementation of the guidelines for the virtualization of the it baseline security guidelines of the BSI and our LDI security policy and the action catalog, which is derived from the BA it baseline security guidelines. So this standard is yes, we try to, to export it. Now we established the working group now at the federal level with other German states, and we try to standard desires legalize and do something like PR for cloud and the public sector for cloud computing and the public sector.
And we try to find levels for security and we try to make PR also for certified cloud architecture. And we think that is also a trust management for citizens and business who have to deal with our authorities as well. Various legal issues have to be in considered in connection with the use of cloud computing, contracting liability, copyright law, data protection, law, fiscal, and commercial law license law, and as well as legislation on administrative pros and public procurement. And now the federal government is also planning it security law, special law for it security.
And we work also within these working groups at this governmental and legislative process. So we do it not alone. We do it in cooperation and cooperation in it, infrastructure. It security in a federal state of Germany is very, very important. And therefore we have an it planning council, which is based on the German Grun gazettes and the basic law for the federal Republic.
And there we have operative it approach in the area of the provision of infrastructure services, such as also already been widely adopted for a number of years in the area of cross data development and updating of specialists in the administrative process. So we are part, or we are one state of 16 in the federal department, and we hope that we can give an impulse and input in this discussion.
So, and we said, cloud computing has the ation potential to radically changed to the pro vision and the use of information technology, especially in the public sector. However, information security is a key factor for us. If it services from the cloud are to be used, are to be used reliably. So sorry. And I hope it was an interesting yeah. View and the view of us and the yes, from the point of federal state government in Germany and what a state CIO has to do the long time. Thank you very much. Okay.
So Hika, we, we have here at blueprint that you have for government, how do you think this applies to the enterprise world? Is there something here that we can take away for the enterprises that are here in particular?
Yes, We do it not alone. So we do it in corporation with German it enterprises. So I can say that our cloud, we, we show it on the CB this year. So we do it in corporation with T systems. So I can say this year, our cloud, that's not, it was our idea, but we do it in a good corporation. Thank you. That's cool. Thanks.