Cloud applications have become a part of our everyday lives at home, on the move, and at the office: Streaming videos, exchanging photos and documents, e-mail, and much more are “in the cloud” these days. For companies in particular, the potential of cloud computing is huge.
Current statistics show how great this is: For example, six out of ten companies in Germany are already using cloud services, as a study by the IDC has found. In the United States, on the other hand, 71% of companies surveyed by American analysts RightScale are already in the cloud.
For us as a manufacturer of networking solutions, the concept of a Management Cloud is intensely interesting. The operation and installation of devices—in this case network components—is greatly simplified by cloud services. Even complex networks can be managed efficiently and with a minimum of effort through mobile devices like tablets or smartphones. The tools that used to be necessary for configuration, management and monitoring are now history, being replaced instead by a central cloud platform that can be located anywhere.
Entire wireless and site-to-site VPN networks can be quickly and easily put into operation, upgraded and monitored without IT personnel having to be physically on site. What is known as “zero-touch deployment” eliminates the time-consuming process of configuration, and products are put into operation straight out of the box. Device configuration and management is handled via the cloud. What used to be complex software applications are replaced by user-friendly and cost-effective cloud services. Replacing components now takes a minimum of effort. Small and medium-sized businesses benefit not only from cost savings, which can be immense, but also from a major improvement in performance thanks to management and monitoring functions that were formerly the exclusive preserve of large enterprises. Larger companies with a multitude of smaller, distributed sites benefit from enormous gains in efficiency that come with a management cloud.
It is no wonder that cloud-based network management is a subject of great interest to customers. According to a recent Gartner study on the subject of the cloud in companies, analysts expect a worldwide growth in “Cloud Management and Security Services” of 24.7 percent over the previous year.
Doubts about data protection
And yet these potential economic benefits are often confronted by concerns, and these are particularly pronounced in Europe.
These concerns seem to be even more pronounced in our home market Germany. In the Cloud-Readiness Study 2015 carried out in Germany, for instance, 68.1 percent of participants indicated that cloud services were not yet used at their company because of security concerns. Close behind this were exclusion criteria such as the “unresolved legal questions” (40.9 percent) and “data privacy” (38.7 percent).
Fears about a lack of data protection were reaffirmed by the European Court of Justice (ECJ) with its Safe Harbor ruling of October 2015. According to the Court, the very country that is home to the world’s largest and most successful IT companies does not offer adequate protection for the data of European citizens. What it comes down to is that our data is not as secure with U.S. companies as we would like, and we should think twice about transmitting our data to the United States for storage and processing there.
The knock-on effect for US companies and the dramatic consequences for their business models should be clear. But European companies have to rethink too, because whoever is storing and processing data in the United States on the basis of Safe Harbor today is open to prosecution and a painful fine.
Whoever has the key…
The significance of the end of Safe Harbor and the legal consequences for networks that are managed from the cloud are as yet unclear. But the technical risks are unmistakable:
For networks managed from the cloud, the configuration information for their routers, access points and switches, as well as their highly sensitive network keys, are all stored on the servers of the cloud service providers. If we assume that the legal situation allows foreign authorities or secret services to access these servers and the keys stored on them, then in the worst case all network traffic of the client company can be intercepted and read in real time. Even highly critical VPN connections could be decrypted with a minimum of effort.
This would be disastrous for any company where the protection of their business secrets and innovations is of fundamental importance for their long-term business success. They would have no chance of preventing unauthorized intrusions into their networks, with the concomitant risk of undetected data outflows and even sabotage.
But also for supermarkets that direct their electronic payment traffic over networks like this, the consequences could be severe. Or even for hospitals, where sensitive patient data would be accessible to foreign services at the press of a button.
The alternative: Cloud services under European law
A genuine alternative would be to use cloud services that are subject to European law. This was another clear indicator from the Cloud Readiness study. 83 percent of participants consider the most important prerequisite to be that the cloud provider should operate its data centers in Germany. For 80 percent of the respondents, it would be essential for the service provider to have its head office in Germany.
German politicians are of this opinion, too. In the summer of 2015, the German Council of the Federal Government’s IT Commissioner published a catalog of criteria for the use of cloud services by the German federal administration (link to PDF). A key element: If cloud services are to be used, sensitive data may be processed only in Germany.
All this clearly shows just how great the demand for German and European cloud offerings is. If the economic benefits of the cloud were to be combined with the rigorous demands on data protection, privacy and IT security, the results of future cloud studies are likely to look quite different.
The LANCOM way: “Made and hosted in Europe”
We too are working hard to enable the management of our devices via the cloud. The advantages for our customers are just so great that we need to offer this alternative in the future.
The LANCOM Management Cloud (LMC) made its first public appearance last month at the CeBIT in Hanover. Customers and partners experienced at first hand just how the network management of tomorrow feels, and what new possibilities it has to offer.
Along with the functional aspects, one topic was very much in the foreground: data security. And this is where we score a big point. The LANCOM Management Cloud is “Made & Hosted in Germany”. Server hosting for the Public Cloud version of LSM is based exclusively in Germany; no data is processed or stored outside the country’s borders. Critical configuration and encryption details are subject to German law, which keeps them safe from access by third parties. Consequently, this solution fully meets with the wishes of the customers mentioned in the Cloud Monitor 2015 study.
What’s more, large customers have the option to operate the cloud solution as a private cloud at their own data center. Data privacy doesn’t get any more secure than that.
See our web site for a preview of the LANCOM Management Cloud. The market launch is planned for this autumn.