Event Recording

Microshard Technology: An Enabler for GDPR/Schrems II Compliance

Log in and watch the full video!

This session will examine the ruling of 16 July 2020, where the Court of Justice of the European Union (the Court) in its Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”) invalidated the EU-US Privacy Shield adequacy decision.

  • GDPR / Schrems II - Cloud challenges companies facing day by day 
  • Where innovation bridges the gap required for cloud adoption/migration
  • How these new tools compliment and elevate existing standards in encryption/sensitive data transit/storage
  • Microsharding - The answer to all hybrid and multi cloud challenges? 

How and why Microsharding was developed as a concept and a short summary of ShardSecure by Co-founder & CEO, ShardSecure - Bob Lam

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
So welcome everyone to, to my presentation also virtually welcome everyone, and I am Pascal Go. I'm head of EA at Chart Secure and I am, I want to bring you a new subject today, which is, which is m shortening technology. And we talk about a bit on how we can help companies basically also or enable them for GDP and to compliance. And what Ming does basically is the company started two 19, that was, was it founded? And it's the complete development team is in Sweden. So it's also have a big European touch there. And the headquarters is in New York. So that said, we supporting companies on data, resiliency, security, and easily move their data with their data into the cloud. So that is what we supporting them with.
So cloud adoption is now in question, right? So we have the implications of shrimps two ruling on cloud adoption are groundbreaking. So what if you remember in March this year, there was a new EO commission with the US together where, where the trends Atlantic data privacy framework have been re rebuilded basically. And, and now Mr. Mr. Biden have done handed in on the 14th of October just now a new, the executive order to that. So now we have that in the, in the U commission to prove all that. And the ed PB is involved and all the kind of things. However, there is already some groups there as well. They're thinking about. So privacy groups there, they have proven it a bit and they already think about in inefficiency. So that is something where, and I put that now in questions, but we know Maximilian shrimps. So is there shrimps three?
That's, that's what we should ask ourselves by now already. So it will not solve all our problems that is already clear. It will take another six months now until we have have an idea where it goes. And then we need all the legal documents as well because that's not legally proven yet. And what are we basically helping with is there is a use case from the Ed PB board use case number five, which is saying which, which is recommending splitting data. And that splitting data is actually what we do with micro charting and giving their companies out there an answer to unlocking cloud adoption's benefits. So how does this work? Quite simply here on the, the left side on my slide shred mix distribute, That's actually what we are doing. So if you think about a megabyte file coming to, to the short secure engine.
So we are compressing the file and then we shred the file in four byte. Tiny, its that four by tiny digits. You can think about that one make file would be approximately over 260,000 little tiny fires. You cannot even can imagine that. But, and then we mix that stuff. So we put that all together in a, in a bucket and then mix it and add some poison data to it so that poison data, poison is maybe not the best word for it. It's not really poison data. It's like I I always call it a bit twin data. So it's basically the same. They're looking exactly the same as compressed, enter shredded data. So you cannot decide if it's now the real data in there or is it not the real data in there, right? And that helps you to, that helps to make it more secure that that people, they would imagine finding that data cannot put it together again.
And after that mixing, we distribute the data into the cloud environments from company like aws, Azure, Google, ibm, Yeah, Alibaba is out there as well. But yeah, probably not for us Europeans even, even it would be safe. We are probably not using it, right Anyway. And also you can add this data on-prem. So you could have like, let's say you have five different ones, you could have 20, 20% there, 20% there, 20% there, and 20% still OnPrem for the auditor. So that will also support you to get the auditor check button at the end. And that is how we deliver confidentiality in there with the four bite micro shorts we are doing with the mixed, mixed that Microsofts into multi containers and distribute them into the storage locations in the different storage locations. And you see there, there is the OnPrem and there as well.
We are working here with, with secure connections most of the time it's s3, S3 is famous as to as to most Esther most secure api. We have now a days of course there's TLS encryption and so on. And how it works is that short secure is a vm. You can think about a VM out of out of three as a minimum that you have availability as well. And you can also have that as a clustering disaster recovery possibility that you also have this pointers. They are, they're responsible to put the data together again that they are safe as well on the separate locations. You have a data center and Berlin data center and Munich, whatever. And we are only, you can think about that as a gateway, right? And then we add some integrity to that. So what we are doing is we make some hashing for the files they're getting out there for the shredded files.
So if anyone, and that happens to 80% nowadays still that an administrator is moving files from an encrypted server to an unencrypted server and you, you don't recognize because you don't know that the other server is unencrypted. So that happens a lot. Or people tampering this data, data getting deleted, data getting encrypted. So that's with the integrity, we always be sure that the data is a hundred percent there. And on top of all that we adding a layer of resiliency to that. So imagine about rate, rate systems. So we do some parity checks in the cloud to make sure that you can also lose a complete cloud instance or some buckets there. And that we do either one or you can lose 50% plus one. So that's giving another extra layer of security for companies nowadays to go into the cloud. But also being able to use the cheaper cloud providers.
For instance, if you, if a cheap cloud provider sometimes, hey, is the availability there is the flexibility there and so on and so, but here, you don't have to worry. They can just reassembled by our software. But there's other, there's the market drivers I wanna share with you as well. We had the data privacy on the GDPR side or shrimps too. We have the business continuity, business continu, that's the resiliency, what I just talked about. That's a so-called self-healing mechanism. What we do there, giving the resiliency in the cloud and cloud storage, ransomware, cloud storage, ransom is quite clear. The data out there is unsensitive, you cannot use them. That they're, they're desensitized basically. And if you think about random, where there's also a solution for that, what we are working on right now, but it's not, not what I can talk about here yet, but visit me on the booth, I'm happy to talk about it.
And on top of that, encryption, replacement, encryption augmentation, it's rather, we don't wanna say, hey, we completely replace encryption, but we add an extra security layer on top, right? Theoretically we can. But if it comes to regulations nowadays the encryption is mostly needed. So then just use your encryption, but don't think about too much about your key rotation, key management you have and stuff like that. That will reduce a lot of your complexity in your environments because we, with the treaded data, no one can do anything about it. And then secure and hybrid multi-cloud adoption layers, of course that is the secure cold storage, migration, cloud, backup, security, a lot of companies are doing their security there. Gdpr, cross border data protection, that's just a use use case. What I wanna share with you, there's the business challenges, what we have today out there, which is where data owners don't have complete control about their and about their data.
Li liability on the technical challenge side, there's data owners, they are dependent on security from, from cloud providers for instance. And that is what we are trying to solve. Just an example. And that we are solving with our deployed shot, secure, spread the data, putting it out in multiple cloud, public cloud clouds. And most of the time in Europe I would see shot secure rather as an on-prem deployment. Could be preferred, of course we can be in the cloud as well, but in Europe it's often that people wants to have it on-prem because of compliance approaches in that time. And what we actually actually do for, for the customers is making that sensitive data. Desensitized data owners retain control of their data and improve data protection and resiliency.
And that is what, what would happen with your compliance scope. That is your compliance scope before you use short secure. But if you use short secure, you have only the infrastructure with the applications with the data, as soon as it touches short, secure in getting shred mix and distribute, then you don't have to take care anymore. What happens with the data in the cloud or anywhere where it's stored. And that is a customer from us, that's a managing director and and C of O Hill advisors. He said, I'm, he said, I'm impressed with how short secures innovative data security platform can protect the most sensitive resources in the cloud environment. That's what he said to us. And that's a 60 billion billion company, a hedge fund company. And what they actually, what the requirements were was to do so to secure sensitive data stored in AWS S3 buckets and secure cloud for ransomware. So cloud data for ransomware. And the solution for that was actually to deploy it to, for secure critical data and regulated data and databases hosted in the cloud to enable the secureness there.
Another example is a customer, which is a European healthcare company, 3 billion company. And that requirements, there was more about critical clinical data. They wanted to have the PII data in the cloud, but encryption was for them just not sensitive enough. It was or not secure enough because people can actually maybe get the encryption broken. Think about quantum computing nowadays, what happens there? I saw, I saw an interesting roadmap that in 2 25 we have this 4,000 ish qubits where we can break this 256 bit. I just don't, don't get me directly, don't take me a hundred percent clear here, but that is what I heard. Yeah. And that is a, that was a solution for, for that clinical customer as well to, to be able to, to eliminate, eliminate data sensitivity of the micro charting technology and the ability to leverage US cloud providers and scale there. Yes, and I would like to stop here and come to my, for my presentation and I would like to have it a bit open because I have hopefully another five minutes or six and yeah, if there's any questions now I'm happy to, to answer.
Okay. You got a couple questions.
Thank you very much, Pascal. So the question is, you're indicating that also computing power of a quantum computer cannot make this data readable again, is it correct?
I would say yes.
Okay. Thanks
Okay, thank you. So the, the, the fragmentation part is the same for every customer I presume, but the mixing and distribution part is different. So is is, is that under the customer's control? How, how does this make sure that somebody else cannot buy a virtual appliance and effectively steal your data?
That's a very good question. Thank you for that. And yeah, the, the mixing part is actually the same for every customer, just to correct that a bit. But you're right on the distribution it's different for every customer, whatever they're deciding what they, where they put the data in the storage when it comes to the pointers, the pointers we call it what reassembles the data or what is actually knowing where the data is and how they are. And without the pointers, you don't get it together. And this, during the gen generating this pointers during the data goes through shred mix and distribute. That is unique per customer instance. So every customer have their unique pointers. So if you don't have that pointers from that customer, A, you cannot reassemble even if you, even if the software is getting completely stolen and everything doesn't matter, you need this specific pointers to, and customer B'S pointers doesn't help you. Does that answer your question? Yes, yes.
So basically you're offering a kind of gateway between the out storage provider and your applications, et cetera. I don't see the real benefit over a gateway which will encrypt everything. So using some symmetrically algorithm that's by definition not liable to quantum decryption. So that would serve the same purpose using standard technology. So what is the real benefit for privacy of, of charting?
Yeah, we make it a bit more, I would say a bit more easy for the customer because they, I mean encryption nowadays is, it's not just a click in the cloud, right? You have to, if you work with with hyperscalers like Azure or AWS or others, it's always, you have to trust the provider first of all, that the encryption is, is done correctly. That's the first thing you should ask yourself. Are they really encrypted as it should be? And f and second all is the key. The key rotation thing is a lot of a big complex thing as well. Key rotation, key management, what you have to what, what, what, what we are suffering from because it costs a lot of money. And then,
Sorry to interrupt, but that's the same problem with your list of pointers, how you chart, it's again, the key management problem.
Yin no, and yes, I would say you have this, What we are doing with the pointers is that the pointers are always at the customer side, so we don't store the pointers. So you and you don't have to take care of it. You don't, you don't, in in encryption you have the secure rotation. You have to, okay, I have to have my private key somewhere in house, right? And then you have to have the provider that gives you the possibility to have the key in house there. You need third party tools sometimes and sometimes not. And that is solved with us because that, that pointers is basically generated in memory well and in some way other places securely. I don't explain it here too detailed, but that keys are stored always at the customer side automatically. You don't have to do anything for that. Even when shot secure is in, is in the cloud, there will be a solution quite soon where the pointers are also at the customer side and not stored anywhere in the cloud.
I think we have question, We have time for one more question and there's one online. The user is asking how big is the storage space overhead example, Will these scale for big data, are those blocks stored as files?
Can I read? Yeah. How big is the storage space overhead is that one? Yeah. How big is the storage space overhead? For example, will this scale for big data, are those blocks stored as files? Okay. Yeah, To the first question, there's not a big overhead, especially when it comes to the, to the, to the poison data. There's a, there's a little poison data is enough to add. Sorry, there was a question.
Yeah, it's less than 1% I just heard from, from my CEO here sitting in, in the, in the, in the audience. And from a will this scale for big data, yes, it will scale for big data. We have, we have already tested that with more than eight petabytes of data. And are those lops stored as files that BLS are stored as files? I don't know. I think that's, Do you know that I think it's stored in a kind of, it's stored as files, but it's like you cannot read that files. It's just a nonsense what you see there. I'm not sure how maybe we, that question I need to take home can and, and answer it maybe later. But that is like, I think it's files, but they are, if you open, it's like text files and they look all the same and there's, there's looks like data you, you cannot re really read because that's like meshed theaters and compressed as well and poisoned it on it.
Well thank you Pascal.
Thank you. One final question. Sure.
You gave two examples of customers. One was basically storing data in s3 and, and they were happy to do that. It would be helpful to understand the kind of data that the other customer was, was, was storing, was it sort of S3 or was it database or was it files? What's, what's good? What, what kind of data is it good with?
Yeah, we, we, we work with structured data. We work with unstructured data, streaming data. So that's, that's data what we work with. Yeah. But data address is the most easiest data of course. Yeah.
Okay. Thank you.
Well thank you so much. If there are no further questions.

Stay Connected

KuppingerCole on social media

Related Videos


Recap Cybersecurity Leadership Summit 2022


Key Findings on Malign Information, Misinformation, and Cyberattacks

Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity .

Webinar Recording

Effective IAM in the World of Modern Business IT

Digital Transformation promises lower costs, and increased speed and efficiency. But it also leads to a mix of on-prem and cloud-based IT infrastructure, and a proliferation of identities that need to be managed in a complex environment. Organizations adopting a Zero Trust approach to…

Analyst Chat

Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in…

Event Recording

Assessing your Cybersecurity Tools Portfolio: Optimize Cost, Increase Security

Most organizations don’t suffer from a lack of cybersecurity tools. They suffer from the cost and administrative burden of running too many of these. They suffer from the lack of integration. They suffer from the lack of skills in optimally configuring the tools and analyzing the…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00