The secure cloud solution

Cloud solution for digital sovereignty and trustworthiness
Sharing infrastructure saves resources and also enables companies with little technical expertise and little effort to drive digitalisation forward. However, security, trustworthiness and transparency are essential to ensure that this does not lead to digital dependency. The SecuStack cloud solution enables companies to retain full control over their processed and stored data.

What is the cloud infrastructure solution SecuStack?
SecuStack is a cloud solution which, as an "Infrastructure as a Service" (IaaS), enables simple and at the same time secure provision of resources for the operation of cloud applications.
As our cloud infrastructure is an extension of OpenStack, it is fully compatible with it. Both the transfer, storage and processing of data and the networking of resources within an OpenStack environment are made consistently secure by means of transparently integrated cryptographic mechanisms. SecuStack thus makes it possible for numerous industries to enter cloud computing and is particularly interesting for companies that have not yet been able or do not want to use a cloud solution due to strict security regulations or a lack of trust.

VS-Cloud for Defense


SecuStack application areas
Whether utilities (CRITIS), public authorities and ministries, research institutions or industrial companies, SecuStack is suitable for use in various sectors...
The decision for a cloud model or a cloud service is an individual and demand-oriented decision that must be made depending on the industry and regulations. In all cloud models, scalable computing resources are pulled together in a network, bundled and shared. Classic cloud computing.
They allow the execution of workloads in the respective system and consist of a special combination of technologies, locations and ownership rights.



We have compiled a list of the requirements and regulations that apply to which industries, especially in the CRITIS environment. SecuStack enables security-compliant and trustworthy cloud computing for a wide range of industries.
Standards | IEC62443, ISO27001, ISO 27018, ISO 27017, (BSI Standards, BSI-IT Baseline Protection) C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Production (MES - performance analysis, material management, detailed planning/control etc.; automation control system). Office IT, ERP |
Standards | ISO27001, ISO 27018, ISO 27017, ISO/SAE 21434, ISO PAS 5112, (BSI Standards, BSI-IT Baseline protection), C5:2020, TISAX, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, UNECE R155, UNECE R156, IT Security Act, BSI Act, BSI CritisV |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Connected Car. Production (MES - performance analysis, material management, detailed planning/control etc.; automation control system). Office IT, ERP |
Standards | BSI Standards, BSI-IT Baseline protection, C5:2020 |
---|---|
Regulations | GDPR, VSA, BSI Act, BSI CritisV, specific state legislation |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Local authority application systems. Office IT |
Standards | ISO 27001, ISO 27018, ISO 27017, BSI Standards, BSI-IT Baseline protection, C5:2020 |
---|---|
Regulations | GDPR, BSI legislation, BSI CritisV |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Broadcasting systems of main news channels. Office IT |
Standards | ISO27001, ISO 27018, ISO 27017, BSI Standards, BSI-IT Baseline protection, C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV, TKG, TMG |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Control centres, mobile radio operation, transmission systems, network nodes. Office IT |
Standards | ISO27001, ISO 27018, ISO 27017, PCI-DSS, C5:2020, (BSI Standards, BSI-IT Baseline protection), IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV, banking legislation (Bafin), VAIT, BAIT, MA Risk, Basel3 |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Investment banking. Retail banking and payment. Office IT |
Standards | ISO27001, ISO 27018, ISO 27017, BSI Standards, BSI-IT Baseline protection, C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Guidance systems on motorways. Control systems of logistics companies. Office IT |
Standards | IEC62443, ISO27001, ISO 27018, ISO 27017, ISO27019, (BSI Standards, BSI-IT Baseline protection), C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV, EnWG, IT Security Catalogue, GDEW |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Control systems and automation systems for grid and system management, grid status recording and evaluation, grid protection. Systems for feed-in management (forecasting), schedule management, load forecasting, procurement. Office IT |
Standards | ISO27001, ISO 27018, ISO 27017, (BSI Standards, BSI-IT Baseline protection), C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Production (MES - performance analysis, material management, detailed planning/control etc.; automation control system). Office IT, ERP |
Standards | ISO27001, ISO 27018, ISO 27017, BSI Standards, BSI-IT Baseline protection, C5:2020, IDW PS 951, IDW PS880, DVGW W 1060 |
---|---|
Regulations | GDPR, IT Security Act, BSI Act, BSI CritisV |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Control and automation systems. Systems for forecasting, operational planning, simulation/optimisation, asset mgmt, laboratory, diagnostics/analytics. Office IT |
Standards | ISO27001, ISO 27018, ISO 27017, DIN EN-80001, BSI Standards, BSI-IT Baseline protection, C5:2020, IDW PS 951, IDW PS880 |
---|---|
Regulations | GDPR, SGB X, IT Security Act, BSI Act, BSI CritisV, Hospital Future Act, Patient Data Protection Act, MPG, MDR |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Hospital IT (operating theatre, emergency medicine). Hospital IT (radiology, ultrasound, endoscopy, laboratory, pharmacy, archive, reporting, etc.). Office IT, research etc. |
Standards | ISO27001, BSI Standards, BSI-IT Baseline protection, C5:2020 |
---|---|
Regulations | GDPR |
Standards RZ | ISO/IEC 27001, EN 50600, TSI.Standard, DCSA eco |
Typical Use Cases | Educational portals |
Standards | ISO27001 |
---|---|
Regulations | GDPR |
Standards RZ | ISO 27001 |
Typical Use Cases | Predictive Maintenance, Fraud detection, Robotic Process Automatisation, Datamining, OT, IOT |
Use Cases
Thanks to the flexible structure of the overall solution, many areas of application are possible, including those that may only take off in the near future. SecuStack is flexible in the breadth of application areas and at the same time can be specifically aligned to concrete industry use cases - as the following examples from practice show:

Authorities & administration
Administrative modernisation cannot be realised without modern cloud technology. However, established hyperscalers do not seem to offer a sustainable solution here, as they are unsuitable for government and sovereign IT services from a political (digital sovereignty), business (vendor lockin effects) and data protection perspective.
As a security-hardened solution based on open source, SecuStack® offers full control and sovereignty on the technology used and the required operating mode - whether “on premise” for a dedicated private cloud or in established operator models with multiple customers under strict cryptographic client separation. Specialist procedures, web portals, online services and collaboration tools receive a fully auditable and innovative foundation with SecuStack®.

Police & civil protection
Police and security authorities depend on fast and legally certain communication, not only in the event of disasters or confusing situations. The daily work is carried out by the authorities via digital radio communication. Messenger apps are also becoming increasingly established, although not in the sense of WhatsApp and similar apps.
Typically, the infrastructure of the security authorities is operated by the country‘s own IT providers in order to ensure full control over the data. Messenger apps such as stashcat are administered centrally and the corresponding apps are installed on police-owned or private (BYOD) mobile phones. SecuStack® offers a reliable platform on which these services can run and be operated in a legally secure manner.

Utilities: Edge Cloud
The energy transition is probably the most important project in our society today. Besides environmentally friendly energy generation, the greatest challenge at present is intelligent distribution and storage. At the same time, energy demand is increasing due to new data centres being built to host cloud services.
With a SecuStack® Edge Cloud, energy providers rely on a model that uses surplus energy directly where it is generated. In small decentralised data centres, energy is converted into computing power without feeding it into the grid. This increases the efficiency of plants and reduces costs for providers and consumers.

Healthcare
Health and patient data are increasingly processed in hyperconvergent ICT infrastructures. Local and central systems merge into each other, cross-organisational process routines establish themselves. Today, the virtualised and centralised IT services are often still operated „on premise“ due to compliance specifications. Cloud migration is subject to extensive regulatory requirements.
SecuStack® enables operators and providers of software solutions to transfer their current solutions to a cloud operating model that meets the special security requirements of German legislation. A trusted cloud infrastructure is being created as a security-hardened open-source cloud that connects all areas of medical care, e.g., patient data systems, medical technology, evaluation analytics and medical robotics.

VS Cloud for armed forces & authorities
The ultimate in data security is the handling of classified information (CI). They are classified by sovereign authorities and contain sensitive administrative documents, military mission data or even state secrets. To protect them, security measures are taken that seem excessive and inefficient in the private sector. At the same time, they form the everyday basis of government action. The SecuStack® infrastructure layer, provided in cooperation with IBM, RedHat and secunet, is based on an extensively hardened open source approach. It uses advanced design principles and security technologies as in the already VS-approved SINA products. SecuStack® is intended to establish itself as a cloud solution for VS-approved information.

Private cloud with client separation
If the data and applications of several organisations are processed in a central cloud infrastructure, a strict separation of services and clients must be ensured. In existing approaches, the separation takes place on the physical level. Separate racks with independent and disjoint components such as virtualisation solution, network and hardware must be procured and operated for each client. Especially the licensing of the market-leading proprietary software solutions (e.g., VMware, Microsoft, Citrix, Oracle ...) generates considerable costs.
The SecuStack® technology enables client separation to be carried out at a higher level of abstraction. Strict cryptographic separation and flexible key management allow different clients to use the same components without compromising data protection and security. This significantly better utilisation of existing hardware resources and the lower licensing costs provide a considerable cost advantage.
All benefits of SecuStack at a glance
With the provision of virtualized infrastructures, SecuStack enables the setup of cloud computing environments while taking over the complete lifecycle management.

SecuStack helps control and automate isolated computing tasks - especially in large, dynamic environments.

SecuStack secures user data and access restrictions through block-storage encryption

Due to the cryptographic mechanisms used by SecuStack, control over all keys is always guaranteed

Send us an inquiry via the contact form. We are happy to help.