Assuring and Implementing Cybersecurity and Data Protection for Public Clouds

Good afternoon. Our good morning, ladies and gentlemen, welcome to this. Could a cold webinar assuring and implementing cybersecurity and data protection for public clouds. How to ensure confidential cooperation by moving from infrastructure security to data security. This webinar is supported by auto and schwa cybersecurity. The speakers today. My name is Matthias Rek. I'm lead advisor and senior Analyst with Ko a Cole and I will be joined by Dr. Quin. He is director of cloud encryption at schwa cybersecurity.

Before we start some information about a Cole, the obligatory housekeeping notes, and the look at our today's agenda. A few words about cooking, a coal very quick. A call has been founded in 2004. It is headquartered in Germany with a team of international analysts spread across the world, including the us, UK APAC and central Europe. We offer neutral advice and expertise and barriers areas to companies, corporate users, integrators and software manufacturers with IM being the original starting point. We are now also working in the areas of information, security, GRC, and governance.

And generally speaking, we cover all the important topics in the areas concerning the digital transformation, our business areas. Again, very quick in research, we provide a wide range of strategic documents and reports, including our leadership compass, comparing vendors, market segments, but also a wider range of other documents, including advisory notes, leadership briefs, and executive views. We do events and I will get to that in the later slide. And the third areas advisory, the upcoming cooking call events.

We are in full swing of the consumer identity world tour with the USA leg already having been having taken place in the us in Seattle just a few days ago, we will be in Amsterdam in a few weeks. I will be happy to welcome you there because I will be doing some of the moderation there as well. And by the end of November, we will be in, in Singapore with the final leg of our consumer identity world tour. And we are looking forward to seeing you there as well.

In the end of November or the middle of November, we will have a joint event, the cybersecurity leadership summit in Berlin together with the cyber access summit, which will be also very interesting around the areas of IM and cybersecurity. In advisory, we provide vendor independent market expertise to customers and users, vendors, and we provide services from benchmarking to strategy support, and from architecture support and technology selection to project guidance. And that's it for the introduction of keeping a call, some guidelines for the webinar, you are all muted centrally.

You don't have to mute, unmute yourself. We control these features and we're taking care of that. We will record this webinar.

Actually, we're doing that right now. The podcast recording will be available tomorrow with PDF versions of the Slidex that we're currently using. And very important, there will be a Q and a session at the end. So we want your questions. So you can enter your questions anytime using the questions feature in the go to webinar control panel, and we really ask you and endorse you to do so, so that we have a great set of questions to start out from the beginning and the third part of the agenda. So this is the agenda.

My first part will be understanding and approaching the security and governance challenges of cloud environments, which will, will be more the Analyst point of view, very, very high level. And we will look into the challenges of cloud environments and security in general, and then Dr. Quin will join us and he will dive deeper into a concrete and very fascinating solution, how to securely share confidential data for trusted collaboration across any infrastructure while taking advantage of modern and agile cloud computing. And that will be the second part.

The third part will be the Q and a as already mentioned. And all three parts will be around some 20 minutes so that we end up with an hour or so, or a bit less.

Yeah, that's it for the agenda for the introductory notes. And that leads me to my part. I'll start right out. And then I will hand over to Bruno for his part with the more concrete solution. So business and it perspectives of moving into the cloud. This is the, the motivation slide.

This is, this is, that is where we come from. When it, when, when, when we're thinking about moving into the cloud, why, why we are doing that and why are we actually ready to also accept some more risks and how to deal with them? So we are looking at that from the business and from the it perspective. So if we look into business led initiatives, they focus on very clear purposes and the clear purposes are digital business on the one hand.

So really moving closer to the customer by moving closer to the internet or into the internet, to getting more direct contact by achieving more and new and extended digital business models and to deal with the customer in a more direct way. This, this means also the use of new applications and in general, to get and get better touch with the, with the customer who is then better connected.

And often organizations are actually going into the cloud or moving into cloud deployment models because they want to reduce business risk by lowering actually investments into hardware, software teams, and to be more agile. And that actually reduces business business risks, because you are more, you are faster, you are even able to fail once and to do it better and to improve and to reduce the business risk in general. The second part of course, is the it side. And that is actually more from the infrastructure from the operations point of view.

And that, of course, again, is cost reduction. That means that you don't have to provide your platforms, your hardware, your services yourself, but you can get them on a paper use basis where you can migrate your existing platforms too, and your applications, and in general improve your it efficiency because you don't have to order these boxes and run those, but you really moving into a newer, more modern deployment model. And of course, again, often forgotten is that when you move to a cloud service provider, they are building upon best practices and on good processes.

And that often means not always often means that, that you have a, a, a dramatic increase in increase in compliance and security when your own processes are good and in place as well. And then this is a, a shared responsibility. And in general, together, you get to a better compliance and security by using the expertise of the cloud service provider. So these are very, very good reasons to move into the cloud, but these, this move into the cloud also comes with the price of adding some cloud related business risks. Cloud related business risk are just be a very, very quick overview.

And then I will dive deeper into that. First of all. So I have four categories from where we look at first is business continuity. So make sure that even when you're in the cloud, you are able to, to perform business processes at the level of quality and availability that you want to, of course, I mentioned the better compliance in the cloud, but you have to make sure that you understand your own requirements, your own laws and regulations that you have to comply with.

And that the services that you use and provide are actually in compliance with these regulations, so that the complete package that you have cloud service plus your own services are yeah, compliant. Third part is cybersecurity. So to make sure that the service that you're using and providing and presenting to your customers, to your partners, to your employees are secure.

So to reduce the risk, or to understand the risk of exposure to malicious activities of external and internal threat actors and internal might be in the cloud service provider might be in your own organization or somewhere in between. Finally. And this is the focus also for today. We have seen that in the main headline of this and the topic of this webinar data security. So it's really about protecting the, the, the main asset of such a solution, the data loss leakage, or unauthorized access to applications or data needs to be prevented in an adequate like manner.

So this was the, the overview, and we will dive deeper into these four aspects. And also, especially into the aspect of data security as Bruno will focus on that and present a solution that cover covers this in a, in a holistic manner, cloud risks in detail, again, the same four headlines, but now we can get into more detail in general, you will see many of these requirements, these risks that you actually thought of, and that, that are part of your daily business.

And when you look at data security, there are lots of, of threats of risks that actually come also with the use of, of the cloud, which are inherent also to, to, to on-premises solutions. But of course, which are more prevalent when it comes to, to cloud service provider deployments. For example, if we take the example of ineffective IAM, I am standing for identity and access management.

If this is not done in a, in a well executed manner, that means you might have identities, which should not have any access to the, to the, to the service at all, or they have more access than they should have. So that means you really have to make sure that the IM provides a good user lifecycle management and a good access request approval and re-certification and removal and regime in place to make sure that identities only have on a need to know, need to use basis access to the systems.

And if we look at other aspects like for example, data interception, make sure that data is encrypted wherever it is possible. Otherwise the risk of data interception, that means the use and the access to data to unencrypted data, to readable data by, by unwanted parties might emanate and might actually manifest media laws, loss of crypto keys, ineffective data Deion.

These are the aspects that are relevant when it comes to looking at data security and the data security cloud risks, and actually one important risk that comes with data security is not in the, in the right column, in the data security column, but it's actually the second last box in the first column, ineffective data security controls might also lead to compliance risks, which might lead to a disruption of service, or even to fines when it comes to, to audit issues, to regulatory requirements that are not met in an adequate manner.

If we do a very, very high level risk assessment and look at the risks that are listed in the, in the left column of this table and map these to the four categories that we've just looked at, and we think of not having any controls in place, we really will, will see that there will be a high impact to all of these areas when it comes to looking at, in the individual risk.

Of course, we cannot go through all of these in this, in this webinar, but if we just take the last one compromise of log or general files and look at data security as the dimension to look at when it comes to cloud risks, it is obvious that if lock files or journal files, which might or most probably will contain sensitive data, be it a real business data or PII personally identifiable information that actually is, is, is at risk with the focus of data security on data security. If this leaks that might impose a high risk, high impact without any controls.

So implementing adequate controls is what is really required when it comes to dealing with these additional cloud risks. Because once you are moving into the cloud, this is something that you don't have full access and influence on. And that is something that you need to have done in an adequate manner, or that the, that you impose additional measures, which help you in reducing that risk. And if you look at actually reducing these risks, we as cooking a call, we think of a risk based approach to cloud services, security challenges.

And if we look again at the same dimensions we see there, it actually has been one added to the left. This is implement good governance, which is a meta approach, which of course is importance. First of all, understand what are your business objectives have a policy in place for the use of cloud services, understand service acquisition, cloud service acquisition as a part of the usual it procurement process. So that it's not done with the, with, with just with the credit card of the, of the business team, but really done in an adequate manner.

And if you require reliable information from your cloud service provider that you require independent certification, this is, these are four examples of good governance that are the basis for the other four that we have to look at. And again, if we look at data security risks, as the core of today's webinar, there are some examples of how we can mitigate these risks that we've talked about. So implement strong access control, make sure that only those have access to the information that should have access to it, encrypt data wherever possible.

And that is in transit at rest and during procession a processing so that it's only available to those who should have access. And if we look at encryption and think of the, the risk that we mapped in this very, very simple risk assessment scenario that we just did before, once these lock and journal files are encrypted and you don't leak the keys at the same time that this risk is actually mitigated in a very appropriate manner, because even though they are leaked, nobody can actually interpret and read these lock files and journal files.

So encryption of course, is a strong control or strong means here. So really understanding what is the right measure to implement and to use and to use a risk based approach. So start with the high risk and the most critical risks and to mitigate them. That is what we suggest when it comes to getting to a risk based approach to cloud services, security challenges.

And I've been talking about cloud risks up until now, but if we take this dimension, the final one, the managed data security risk risk, and look at it in general, we will see that this is of course a cloud specific risk, but it goes beyond that. And that is something where we'll where Bruno will talk about in more detail, as he wants to provide a, a, a more holistic view on that. But if we look at data security risk in in fact, this is not a specific cloud challenge, this is something that applies to data wherever it is processed. So it is actually data location agnostic.

So we really have to think of managing data security risks is something that needs to be done in the cloud, of course, but it needs to be done actually anywhere. So we need a, a single, a consistent approach to go and secure data everywhere where it's relevant. And that is on premises in the cloud, as I've mentioned. And this is where, where Bruno looks at also when shared with external parties, where you actually hand over complete control of the physical data to somebody else. So that it's really irrelevant how somebody can access this information.

So it really is about protecting data in those hybrid environments. So really managing data security risks across all, look data locations, and to ensure compliance in hybrid environments. And that is actually the point where I want to hand over to Bruno. Just one thing I just want to remind you of please add your questions into the questions panel into the, the go-to webinar panel so that we can build upon your questions later on after Bruno's part. And now I want to hand over to Bruno Quinn from hold about cyber security Bruno you there.

Hello, good afternoon. Also from my side, I want to show you now a little bit, a practical approach to cyber security and what we found with our customer base, how we can show up how security cybersecurity changed. If you are moving from an on-premise system toward a cloud system, let's assume we have a data center in your basement somewhere around, and I make bet that you all fear feel very secure in, in this data center, which is currently running in your, in your company. You all have infrastructure installed. You have platforms installed and applications installed.

And when we are talking about attackers, you all are very in mind that tech are coming always from outside. Therefore you are building up parameter security, different race. You have installed now for many years, a valid identity and access management system. And with this approaches with parameter security and you internal user rights management systems, you have, you have an, an it installed, which is solid, which is proven, which is somehow also hardened against attackers, which are coming from outside, or maybe also from inside.

But you all know that even in the best parameter security attackers will find some ways to rent in. And also in, in the best organizations, you will find inside attackers who will overcome the identity and access management rules very easily. But nevertheless, this is the on premise system, which is well known, and this gives you all. Or also myself gives us very good feeling. If you're talking about a data center in practice, when we are now one trying to communicate with other organizations, we are thinking about data emotion solution.

That means we provide sec high secure VPN, or even at encryption solutions, we provide also hardened operating systems and we provide firewalls like, which is also kind of security for applications. But we see if we have a look on this, what we are currently wanting to secure to make secure is the data itself. And this is where our really IP of a company is sitting. There's not the network infrastructure, it's not the platform or the server side. It's the data, what, what belongs to a company. And what's really, it's, it's, it's really worthful for, for our company.

Now we are thinking to move to a cloud platform. And any platform is, is somehow working in the same way. You have infrastructure as a service platform, as a search and also software as service, and you have your data. And if you now have a closer look, how we are going to implement now security inside a cloud platform.

First, what you're thinking is we do need something like an identity access management system, because this provides us the rules, the business rules, and also the internal rules to work with data and with our infrastructure. And we all, we all know that this was first done, 2011 with the first CA approaches cloud access, secure brokers with these first approaches, companies are able to provide the same rights and rights and rules management systems inside the cloud systems. But if we have now closer look, and we are seeing, okay, what is now changing in the cloud versus a on premise system.

This is the infrastructure and the complete lower level parties. If you're talking about it, you see that applications, platforms, infrastructure not further, further belong to a customer. They belong to a cus to a cloud provider. And these cloud providers are controlling it. They don't, you don't as a, as a user, you don't know on anything except your data in a cloud platform.

That means the only thing, what you really have to secure is you have to provide a data-centric approach because you cannot control infrastructure platforms, or sometimes also not the service itself, because services also sometimes external services, what you're using. And so everything, what you're relying on, on your, on premise system, which is provided on your on-premise system and indirect security for your data, this is not longer working on a cloud platform.

So you have to think about how we can implement a data security, where we are just securing the data itself, not longer, the indirect security via via network infrastructure, via platform platforms. This all is not longer working in a cloud system. So we have to think now, what is changing and what have, what do we have to do identity and access management systems. As we know, from, from for years in office, I don't, I just want to say for centuries, but it's also used for centuries, but it's for years now, we all know access rights management system in, in detail.

And we know all these benefits, what we gain around and the most important point is that all business workflows, all applications are relying on these IM systems and the rules on that. But now we have said, we have to think about data centric, security data centric means that we are just keeping care of the security of the data itself, wherever it's it's stored, wherever it is, running, whatever applications using it. And data-centric means we have to think about all these data, which are going, going now into the cloud.

And I don't want to focus directly on IOT and BIC data, but this is where the way is going on. But let's first think about just collaboration platforms, what we are, what we're looking on. A data-centric approach is a encryption approach by sure. But encryption is, is well known cryptography functionality, what we know all now for years, but it really secures you against internal and external attackers. What is different now is that symmetric that you do need now inside encrypted data away, how to work with encrypted data directly.

That means how to run your business with encrypted data, how to run a search inside encrypted data. That means how can we implement in a existing workflow in existing applications, encrypted data transparently that you can run your workforce with encrypted data. And this is something what we, we, we saw challenge. Now that means the requirements for real data protection solution. First of all, it must be from format independent. That means you have to, to encrypt, you have to secure all files, documents, videos, which are somehow served inside the cloud.

You also have to provide mechanisms that you can share in exchange, and even to collaborate with your partners, external internal partners in project basis, that means you want to run collaborations on the worldwide level. That also means if you have to think about what is the most popular collaboration platform currently, it's obviously 65 platform on premise solutions like SharePoint is working that same way. And this is therefore we have to look for that.

These collaboration platforms, these popular collaboration platforms are easily and transparently running with our approach or this a approach. You also have to provide such mechanisms, mechanisms for keywords or full text search for everything. What you use to, to search inside encrypted inside normal documents. You also have to, we also have to provide this functionality for encrypted documents now. And the most challenging part is we have to provide a way that you can run your workflows inside global public cloud platforms, but maybe you have to storage you to legal restrictions.

You have to store your, your existing data on regional database. That means you have to store your data inside Germany, but you want to run your, your workflows inside an, an American public cloud system like office 65. And now as the chair, the question, how are we going to do that? Just imagine you're writing a document. So on the left side, documents document is written in, in your normal word editor. And maybe we also have theme in, in cooking apart that you have to classify somehow the, the documents.

This gives you a very easy way you can do, if you don't have classification mechanisms, it's working also, but it's makes Matthias much more easier. If you already classify your documents, why you are tagging labeling systems. Now we want to upload this, this raw document inside a cloud system like office, or maybe also just in on-premise system, like chat. The system is working either way, same way, because SharePoint online or SharePoint and premise is working more or less in the same way. Whenever you are now uploading a document into a office 65 environment.

This ation platform is in very intelligent platform. It's looking inside the documents. That means it's building up a search index for search later on search, building up a preview index, building up cashes, building up everything you need to know, you need to have inside a collaboration platform when you really want to work on, on a general way inside the cloud system. But that means we are not allowed to, to upload any original data to the cloud system there.

Therefore, what have you done? We have used a kind of new approach. That means we are going to virtualize the document. What it's that?

It's just, just imagine you have written document on this side, the document exists of a piece of paper and written text on it. So you can also see it's its content and it's meta information of these, of these word document, the meta information. It's a piece of it's, it's a page, just the, the paper itself. And we are taking our out of the original data. Now the complete content. That means we have an piece of paper, what you're using, but we keep the metadata unchanged. So we are uploading just the word document, just with metadata to the SharePoint online or on premises.

SharePoint is just seeing here, use the word document coming. He's not able to, to, to, to read the text inside. So he's just taking this as a kind of, of placeholder document. And he's able to run his complete workflows on these placeholder documents. We call it virtual document or virtual file. The original data are now going to get encrypted on a asmatic way. And then we are going to recommend these encrypted data into smaller pieces.

So yes, menting is we are putting in inside a Scrabble machine, getting our junks so-called junks, which are configurable in sizes and so on. And these junks got stored on different storage system, configurable storage. So you can either store them in other cloud system or in the same cloud system, as you are working on, and you can, or you can store them on different storage systems. So maybe you have data storage inside your basement, in your form of a data center. Then you have original data sitting in the storage system as they are, but you can work.

You work with your workflows directly in the public cloud. This is, this could be done. A trusted gauge has a bandwidth. You can do this with 5,200 mega per one instance. If you like, you can run several many instances on default. So they have a really high, scalable functionality where you can access data inside the cloud. You can run your workflow inside the cloud. The existing workforce are still working with the, with this, what you're accessing, but whenever you're saying you want to access.

Now, the content trusted Kate is accessing the different chunks, putting them together to a encrypted document, decrypting them for the authorized people. Then we are providing a, the original data to them to really, to change it or wherever they want. It means we enable companies to work in, in public cloud system, but they can store their data on different store systems, either in cloud systems or on premise systems. What does it means? Existing workflows, existing applications are transparently working also with a place order with a virtual file directly, without any change.

If you make a double click on it, you can, as I said, we are resembling the different chunks, putting it together, decrypting it, and providing the word document for the user. If a attacker is going to attack now on this virtual file, he's just seeing empty piece of paper. And that's it. If you want to work on global basis with it, you can even provide policies where say, okay, it's maybe forbidden to download personal data, healthcare data to other regions other than Germany, but you can also download it and work on it if, if it's an authorized region.

So whenever you are in an otherwise region, like in Germany, you can access them. Otherwise you can't. So if you are somewhere outside, Germany, you access is denied. Even if you are allowed to work inside the workflow with it. So what have you seen? You've seen a solution which provide provides you the ability to run, to share, first of all, to share different data with partners.

That means Cate can provide internal, external project members, the access to confidential data, and therefore the ability tool that, that external internal users can work on collaboration basis on shared exchange directly on encrypted data. Even if you, they don't have to get access directly, they can, you can share systems on this side.

Also, if you, if you're using SharePoint solution, you see a SharePoint solution. This is a classic user user on premise. You and you see here, we provide here net in mode, other modes like whoever proximal also possible internet in mode, we provide a net in standard and in for, for SharePoint, that means we provide our own icons on this side here, you see, they are now trusted modes off. So the communication is currently not going via our trusted gate's going directly. So here you can only run with not encrypted data. You see the last three parts are not encrypted.

If you log on with the secure mode, you see first colors change and transparently. What you have done is the files got decrypted for the authorized people. It means everybo every time when trust case saying, okay, we authorizing a user, we provide full access for this user, to the content, to the listings and everything. What we have here, a user can have transparent access to them. If you don't like the, the different upload secure upload button parallel to, to the upload document of SharePoint, you can configure that only one button could be seen.

So this is completely configurable as you, as you see, it's adaptable for the customer's need without, just for on configuration level. So whenever, you know, accessing a document, say, okay, I want to download. I want to access this. You are just clicking on it. And it directly with a Microsoft word, if it's a word document, but you've also seen that we are able to provide different forms with it. So Axel and everything, whereas it's transparently included in such a solution.

Another interesting part is if you're saying it, you want to work with a, with a central SharePoint infrastructure, but you have different subsidiaries in different countries. And this different countries have legal restrictions that they are not allowed, that they're not allowed to exchange certain data with your headquarter. Maybe just imagine you have a subsid dream. And even in China, you have strong data description laws. That means, for example, in China, it's forbidden that Chinese per data leaving country, you can even work with them with your data center in Germany.

But what we are doing is with all the, all the original data stay inside this country, you can transparently work with a SharePoint, which could be used on a certain basis, but original data is never leaving the restricted country on this way. This provides you or provides companies a very, a very good way to, for return to invest. That means you are saving money because you don't have to install SharePoint, other systems, the infrastructure, all in the different countries itself. So what have you seen trust gate is, is, is a multiple use product.

So we have provide, we are providing a couple of solutions for that. That means office 65 solutions and also solution for SharePoint this on premise version of that side, that we can even run on premise and on, on cloud system on a complete secure way and even full text search.

I haven't shown you this full text search is running transparently with, with an encrypted documents and you can also run a federated search on encrypted and on, on non encrypted data, which are providing inside SharePoint secure data solutions is one of the easiest solutions is just for share exchange with external users, external companies, external partners, but provides you high security solution for really sensitive datas, which Ising to get, to get chat, the diet data diet solution. It's a special solution.

If you have high high security environments in your, in your company, normally this is, this is used in public services where you have restricted areas where just certain data are store insight on a high secure basis. And normally this is not allowed to export via even at just the data. So we provide solutions where you can use this as a data diet solution that a user in the high restricted area can take, take document and declassify for usage outside of the high security environment, the DLP solution provides customers.

The ability that they're able to control, who is sending what kind of documents via email, via attachments, because customers okay. You, we are now able to secure our data inside SharePoint, but nevertheless, people are still sending confidential data out, out via email. And so here, this solution, how we can control how we can provide customer the control of these attachments, that they're not allow restricted data to get outside the company. If you're talking about cloud, we also have to talk about mobile access.

That means just imagine your CEO is sitting on, on the airport and just want to have access to high, confidential axle sheet from the last quarter. And he also get access. If we provide a secure access on any mobile device for confidential data in read only mode on these, on these mobile devices. So this is an overview of what we have, what we are able to provide with our gate product. We are able to provide a complete set of different solutions for usage in security, sensitive environments.

So what have is in, we provide security solutions, which is combined with high performance and flexibility. It's what your products in new virtualization technology for data itself is a patent pen technology. We enable customers to work in public cloud systems and we enable them to store their data still in, in specific regions. And even the highest compliance requirements could be, could get fulfilled. And we provide you also easy management and usability for that. So this is the end of my part.

And now we are coming to the Q and a session, I think, Thank you very much Bruno for this, for this presentation, very interesting presentation. We are actually approaching our Q and a session. So please make sure you have provided all the questions that you want us to answer right now. We have a few questions already. So let's start with them. First question is transparent integration. Are you planning to include other applications just like SharePoint and office 365 into, into this concept? And how is this?

Is this an API that applications to, with when they want to integrate with your solution, which is really promising solution? Yeah, we are planning. We also have done implemented other other solutions already in right now because we are doing this with reference sites on the cloud platform itself. We are using for integration of these applications. So rest APIs, which is, which are currently standard in most of the applications and on the next on the roadmap is what we are going to do is that we are going to integrate direct SI service from within Azure, Google and Amazon services. Okay.

Okay, great. Thank you. So it's really something that you want to spread across a, a vast range of applications. Another question is I just read it out. I understand it to say hosted solution. Is it deployed across all regions for, and how, how is this actually? How do you, do you approach the, the hosting topic? Where do you put it? Or is this something that actually the, the customer decides The customer decides? Because what we are selling is a, is a piece of software. The software could be installed on premise on the customer side, or it can use it.

This is in future as our next release, which is coming tomorrow. So we are providing a marketplace edition first on Azure marketplace, where can run it inside his own subscription. And what he's able to do right now is can use this also on any virtualization environment, in any cloud platform. Okay. That sounds interesting. So it's really up to the, to the customer to, to decide where, where, where what to run and also to adapt to their actual organizational structure. Okay. Okay. Lots of questions. I'm coming in.

How is the encryption key secured when the data is actually accessed and shown to the user? So where is the key and how, who is the owner and how is it managed All keys belong to the customer? We don't have any key. So a customer takes over when we are going to install, takes over keys, private key store, and his private keys store. He's his own. He can use it and he has to take care also for he's responsible also for the keys.

So he has to back up it and, and the keys here, these are necessary if, if, if kind of, of catastrophic have to up everything, we just need these keys for restore out of the junks, all the original documents again. So this is, first of all, the keys itself, what we are doing is we are doing asy corruption. So every single document, every single file is encrypted wire. It's our own somatic key.

What we are doing is we are doing a kind of group encryption, which means, just think about if you have a role management system inside your organization, you're using roles for providing easier access to, to, to infrastructure and, and all these parts, same logic. We are also following that means we are providing group keys for accessing on group level for certain document. And what we are doing by providing is the ability to interact with your IM system that is, could be used directly inside trusted gate.

And, but we also provide high security solution. That means you can run your own anti dimension inside trusted gate itself, but it's not, not the easiest way to do it because it's, it's a lot of operational over that. If you're doing it this way, but most security, but we provide in this way, ways to use hybrid ways to intact between existing IM system and provide your own role, manage management systems inside RAs. So we can provide to interchange for interchanging, these different roles on an easy way. And you can, you can define your security level by your own key.

Symmetric keys are only stored inside trusted gate. The key store. This is what, what the customer belongs. Then the keys are just sitting inside trusted gate, except you want to use ANSM system. Then everything is thought inside ANSM system.

Okay, great. Sounds like you have spent some time on creating a, a, a, a thorough concept with, with this solution that you provide being such a, such a central component when it comes to access to, to critical or sensitive documents.

How can, can you explain a bit the, the failover concept? So what can business users or users in general do when trusted gate becomes unresponsive or unavailable, or is this also possible, or how do you scale it?

Yeah, this is pretty easy to scale because we are running on an application server. So we are complete J to implementation. We are running in microservices and it's mean we can also easy run in dock environment, but if you're talking about on premise, we are saying, okay, we are running on application service. You can easily scale up these parts. If you just implement other virtual systems spread over, you can use several instances in parallel, just put in standard load balancer in front of it and scale up. And therefore you also can use it in this side.

It's, it's also not hot functionality implemented inside the applications. Okay. Maybe then that's an interesting question as well.

The, the, the pricing, when it comes to having one solution, having a failover solution, having hot stand by just described what is not to name figures, but to give a, an impression of how, how, how much money does one have to spend. So we are just surprising on user base pricing and usage means in our case bandwidth, bandwidth, what is going through and bandwidth is related to CBU.

So we are, what we are doing is we are counting CBU course, which is related strongly to bandwidth, which is going through our Cate. Okay. Okay. That's quite straightforward. DLP what email products are supported out of the box it's of course, office 365, I assume. So it's outlook and in exchange, what else?

It's, it's outlook. It's outlook. What you're doing via supporting this, the other side and exchange this Microsoft work, what you're doing currently, because the C C five is currently the leading collaboration platform, what we are supporting. And this is why we're focusing currently on Microsoft solutions. Okay. Looking at the, at the end user, how, what, how much, what changes for the end user, I've seen the, a few more buttons within the, within the SharePoint desktop thing, but, but what else changes?

Is there something that they have to adapt to, which you have realized from, from other customers makes it a bit clumsy, or is it really straightforward? And transparent? Security is always has the success of security solutions stay falls with, with the transparency for the NS. So that means we are always trying to be completely transparent. I've shown you this picture on, on SharePoint. This is here, we're using in so-called at, in mode. We are using API mode, but we can also provide complete transparent mode with this quarter reverse proxy mode.

Just think about, you have reverse proxy sitting in front of your application, SharePoint and this way. And whenever yoga through whenever a file upload or file down is going to happen, policy is just giving us the packages. And we are going to encrypt that this is then the user will not see any difference to his, to his original user interface of SharePoint. On user side, we don't have to install anything, but just the DLP solution. We have to install and net in for the outlook client, but this is the only client interaction or in solution.

What we have on the DLP side, everything else is completely transparent for end users. This is our, one of our maxims just focus on server side technology and provide the user unchanged, transparent access to his applications. Okay. Quite connected to that. Do you have an estimate of how long it takes to, to introduce this solution in a company that is really heavy on SharePoint use? And normally we can say, we can do this in between one day. We provide the services for doing that our POCs, we can run on fixed price basis on one day on onsite one day, remote support. And that's it.

So it's really very easy. The most waiting time we have to see on customer side is, are always a question to open some parts in doing that to, to give us a, an proper certificate for installing the SSL connections and all this part. This is normal infrastructure requirements. What is as necessary. There's nothing to do with the product itself. It's just integration inside a enterprise environment. Maybe then it took maybe a date. That's it? Okay. You've described this, this, this, this chunking thing so that you cut data into, into yeah.

Into, into columns. And they, you, you distribute that across different services that I, I assume requires some expertise, but this is best practice that you provide to the customer anyway. Yeah.

Yeah, sure. We provide recommendations.

What, what you can do is the user can configure the junk size, for example, in configure where to store it. And he also is able to configure if he can, if he wants to use rate systems. So we provide flat flat distributions software distribution on this side, and we provide also redundant institutions distributions. That means you can easily run the rate systems on logical level from our product, but this is something, what, what is our service, which is provided to the customer that we help to install these, this infrastructure base. Okay. One. Okay. Thank you.

1, 1, 1 interesting question. When it comes to, to cryptographic theory is what happens when a, a, an algorithm is cracked and sometimes in the future, does this chunking mechanism help a bit also in these scenarios? So once you have just one chunk, you, you might not be able to script it no matter whether the algorithm has been cracked or broken.

Yeah, this, this was the, the original intention. When we, when we invented these chunks, chunking one request was from our customer side. Even if quantum computers will appear and maybe current computers will be able to correct the current corporate traffic algorithms with the current key length of what we are talking about, then it should not be possible to decrypt these functions. We have high security customers for doing that. And therefore, therefore we are using these chunking mechanisms where we are able to, to split up these encrypted files, into different junks, distribute them.

And therefore he, an attacker is not able to find a solution from, from just from single junks to decrypt the whole document. When it's a kind of physical, secure delay of what we are implementing. If you distribute these junks across the world, then you find all these different junks to, until he's able to DECP it again. Okay. Great. Final question. So that means if a, an algorithm has proven to be weak, there's also a chance that the, that there's a rein encryption with a, with an updated algorithm in place. Sure. Algorithms and key length are completely configurable insight Cate.

So you just users just choosing what kind of, of algorithm we prefer. For example, from, we are using for asset encryption, elliptic curves as a standard, but he's, if he prefers an RSA or something like that, he can just reconfigure it and use these kind of algorithms for doing that.

Okay, great. So, okay. That sounds perfect. We are actually getting close to, to the, to the end of our time, and thank you very much, first of all, to the participants for a great set of questions for the Q and a thank you, Mr.

Quinn, for, for, for presenting your product. If there are any further questions currently, we have covered them all. If there are any further questions, either to me or to Mr. Quinn from wooden Schwar cybersecurity, the mail addresses are on the front page of the presentation, and also of course, in the video. So please feel free to get in touch with them or with us. And I'm looking for it maybe to seeing some of you in, in Amsterdam in two weeks. And do you have anything to add Bruno for, for the customers that you want to know? Let want to let them know? No.

If everybody has interest, please contact us. We are glad to show you a demo or something like letting answer for the questions, if you like. Great. So we would be happy to welcome you all in another webinar soon. And I'm of course, very much looking forward to meeting some of you in real life, somewhere in the future. So that's it for today.

Thank you, Mr. Quinn, thanks for your all, all your time and your participation and goodbye Byebye.