Digital sovereignty and trustworthiness in the cloud.
Sharing infrastructure saves resources and also enables companies with little technical expertise and little effort to drive digitization forward. However, security, trustworthiness and transparency are essential to ensure that this does not lead to digital dependency. SecuStack enables companies to retain full control over their processed and stored data.
What is SecuStack?
SecuStack is a cloud operating system and enables, for example, the simple and secure provision of resources for the operation of cloud applications by means of "Infrastructure as a Service" (IaaS). As an extension of OpenStack, it is fully compatible with it. Transparently integrated cryptographic mechanisms now make the transfer, storage and processing of data and the networking of resources in an OpenStack environment consistently secure.
SecuStack thus enables various industries to enter cloud computing that have not yet been able or willing to use it due to strict security regulations or a lack of trust.
All benefits of SecuStack at a glance
Solid infrastructures
With the provision of virtualized infrastructures, SecuStack enables the setup of cloud computing environments while taking over the complete lifecycle management.
Secure container orchestration
SecuStack helps control and automate isolated computing tasks - especially in large, dynamic environments.
Encryption Block Storage
SecuStack secures user data and access restrictions through block-storage encryption
Cryptographic control
Due to the cryptographic mechanisms used by SecuStack, control over all keys is always guaranteed
Questions and answers compact
Why does the product exist?
Whether utilities (KRITIS), government agencies, ministries, research institutions or industrial companies, SecuStack enables various industries to enter cloud computing.
The connection of machines to digital processes brings with it a wide range of benefits and opportunities, but also an increased risk in terms of data security. SecuStack ensures the provision of a protected digital infrastructure and has a security-oriented platform. This enables the protected use of business and production applications. Transparently integrated cryptographic mechanisms now make the transfer, storage and processing of data as well as the networking of resources in an OpenStack environment consistently secure.
The product in real practice
The use of SecuStack creates the basis for sophisticated IT infrastructures for critical service providers (CRITIS) such as hospitals, banks, utilities, etc. Through the increased prevention against attacks, manipulations and failures, we ensure the proper operation of critical systems. SecuStack security mechanisms are in line with the fulfillment of the security objectives confidentiality, integrity and authenticity.
IAAS, PAAS, SAAS in comparison
IaaS: Infrastructure as a Service
The basic level of cloud computing is IaaS, because here hardware resources are provided in virtualized form. Whether storage space, processors or network - all computing instances can be added and also removed again in any quantity. This is why it is sometimes referred to as a virtual data center.
The cost advantages of cloud computing are most apparent with IaaS: Hardware in particular is very expensive to purchase, quickly becomes obsolete and should also be set up under particularly secure conditions (keyword: data center vs. company basement). If IT resources are provided on a virtualized basis and in line with demand, users generally make enormous savings.
PaaS: Platform as a Service
PaaS is the link between IaaS and SaaS and enables the interaction of the other two levels. This is because the development and runtime environments for software are provided at the platform level, building on IaaS resources such as operating systems. The other two levels, IaaS and SaaS, are usually addressed by APIs. Accordingly, software developers are primarily interested in PaaS.
SaaS: Software as a Service
With SaaS, programs are provided on demand - and usually directly to the end user. They are usually used via the Internet or a web browser. With SaaS, users can usually save on license fees and also do not have to pay for installation and administration.
Use Cases
Thanks to the flexible structure of the overall solution, many areas of application are possible, including those that may only take off in the near future. SecuStack is flexible in the breadth of application areas and at the same time can be specifically aligned to concrete industry use cases - as the following examples from practice show:
Use Case #1
Use Case #1
Authorities & administration
Use Case #2
Use Case #2
Police & civil protection
Use Case #3
Use Case #3
Utilities: Edge Cloud
Use Case #4
Use Case #4
Healthcare
Use Case #5
Use Case #5
VS Cloud for armed forces & authorities
Use Case #6
Use Case #6
Private cloud with client separation
Authorities & administration
Administrative modernisation cannot be realised without modern cloud technology. However, established hyperscalers do not seem to offer a sustainable solution here, as they are unsuitable for government and sovereign IT services from a political (digital sovereignty), business (vendor lockin effects) and data protection perspective.
As a security-hardened solution based on open source, SecuStack® offers full control and sovereignty on the technology used and the required operating mode - whether “on premise” for a dedicated private cloud or in established operator models with multiple customers under strict cryptographic client separation. Specialist procedures, web portals, online services and collaboration tools receive a fully auditable and innovative foundation with SecuStack®.
Police & civil protection
Police and security authorities depend on fast and legally certain communication, not only in the event of disasters or confusing situations. The daily work is carried out by the authorities via digital radio communication. Messenger apps are also becoming increasingly established, although not in the sense of WhatsApp and similar apps.
Typically, the infrastructure of the security authorities is operated by the country‘s own IT providers in order to ensure full control over the data. Messenger apps such as stashcat are administered centrally and the corresponding apps are installed on police-owned or private (BYOD) mobile phones. SecuStack® offers a reliable platform on which these services can run and be operated in a legally secure manner.
Utilities: Edge Cloud
The energy transition is probably the most important project in our society today. Besides environmentally friendly energy generation, the greatest challenge at present is intelligent distribution and storage. At the same time, energy demand is increasing due to new data centres being built to host cloud services.
With a SecuStack® Edge Cloud, energy providers rely on a model that uses surplus energy directly where it is generated. In small decentralised data centres, energy is converted into computing power without feeding it into the grid. This increases the efficiency of plants and reduces costs for providers and consumers.
Healthcare
Health and patient data are increasingly processed in hyperconvergent ICT infrastructures. Local and central systems merge into each other, cross-organisational process routines establish themselves. Today, the virtualised and centralised IT services are often still operated „on premise“ due to compliance specifications. Cloud migration is subject to extensive regulatory requirements.
SecuStack® enables operators and providers of software solutions to transfer their current solutions to a cloud operating model that meets the special security requirements of German legislation. A trusted cloud infrastructure is being created as a security-hardened open-source cloud that connects all areas of medical care, e.g., patient data systems, medical technology, evaluation analytics and medical robotics.
VS Cloud for armed forces & authorities
The ultimate in data security is the handling of classified information (CI). They are classified by sovereign authorities and contain sensitive administrative documents, military mission data or even state secrets. To protect them, security measures are taken that seem excessive and inefficient in the private sector. At the same time, they form the everyday basis of government action. The SecuStack® infrastructure layer, provided in cooperation with IBM, RedHat and secunet, is based on an extensively hardened open source approach. It uses advanced design principles and security technologies as in the already VS-approved SINA products. SecuStack® is intended to establish itself as a cloud solution for VS-approved information.
Private cloud with client separation
If the data and applications of several organisations are processed in a central cloud infrastructure, a strict separation of services and clients must be ensured. In existing approaches, the separation takes place on the physical level. Separate racks with independent and disjoint components such as virtualisation solution, network and hardware must be procured and operated for each client. Especially the licensing of the market-leading proprietary software solutions (e.g., VMware, Microsoft, Citrix, Oracle ...) generates considerable costs.
The SecuStack® technology enables client separation to be carried out at a higher level of abstraction. Strict cryptographic separation and flexible key management allow different clients to use the same components without compromising data protection and security. This significantly better utilisation of existing hardware resources and the lower licensing costs provide a considerable cost advantage.
© 2021 secunet Security Networks AG