Jakub Jirsák - stock.adobe.com

'Sealed cloud' promises better data security

TÜV SÜD’s Singapore Sealed Cloud does not grant administrators access to data, reducing the possibility of hackers breaking into databases using compromised administrator credentials

German certification, auditing and advisory firm TÜV SÜD has set up a “Singapore Sealed Cloud” that it claims will offer enterprises a highly secure cloud storage service.

Powered by patented technology from Uniscon, a company that TÜV SÜD had acquired in 2017, the service allows data to be transferred and processed in encrypted form on the cloud, with both content and its associated metadata protected during data processing.

Andreas Hauser, director of digital services at TÜV SÜD Asia-Pacific, told Computer Weekly on the sidelines of an Industry 4.0 conference in Singapore that unlike public cloud services, data held at Singapore Sealed Cloud cannot be accessed by administrators and cloud service providers themselves.

“The point is simply that when you have critical applications or data, there’s typically an access point used by administrators to access the data. With this technology, cloud providers and administrators cannot access your data even if they wanted to,” said Hauser.

Noting that no system or cloud service is fully secure, Hauser said even if the Singapore Sealed Cloud was hacked, the perpetrators would only be able take off with one dataset, rather than an entire database, “because there isn’t a super-user who can access everything”.

And once a dataset has been breached, it will be deleted within seconds and a duplicate dataset can be restored from another server, he said, adding that there is also no way for anyone to access the data through rogue data processing.

Such safeguards will help to prevent large-scale data exfiltration attempts, such as the one that hit a Singapore public healthcare group in July 2018 when the non-medical information of some 1.5 million patients were stolen in a well-planned cyber attack.

Investigations into the attack by a government committee of inquiry revealed that the attackers had entered the healthcare group’s network through inactive administrator accounts, among other security lapses, including a server that remained unpatched for over a year.

Hauser said although TÜV SÜD is not aggressively selling the secure cloud service, which is being used by the likes of Deutsche Telekom, as well as hospitals and government agencies in Germany, the company is using it to process data for its smart healthcare showcase.

“We’re also about to work with a manufacturer to make sure their data is secure by integrating this service into their processes,” he added.

Heightened focus on security

The launch of Singapore Sealed Cloud is timely, given the heightened focus on cyber security in the wake of growing cyber threats in Singapore. “There is now a clear push from the government, and there are also more security standards being recognised in Singapore,” said Hauser.

Read more about cloud security

  • Gartner has urged organisations to consider additional controls, which may technical, contractual or even organisational, to secure sensitive data hosted on the public cloud.
  • Despite outpacing the rest of the world, the majority of organisations adopting cloud in Europe, the Middle East and Africa lack basic security, a report reveals.
  • The use of encryption in the cloud has seen double-digit growth in the past year due to a number of security-related drivers.
  • CISOs in Australia and Singapore are concerned with cloud security, with many believing their CEO has breached cyber safety guidelines.

One such standard is the Multi-Tier Cloud Security Singapore Standard (MTCS SS) that the Singapore government has been championing for several years now.

First announced in 2014, the MTCS SS drives cloud adoption across industries by providing clarity around the security provisions of cloud service providers. These include cloud governance, infrastructure security, operations management and cloud-specific information security, across three levels of security.

The Infocomm Media Development Authority (IMDA) has also worked with Singapore’s Ministry of Health to provide guidance on where various forms of healthcare information and data may be hosted on different MTCS levels.

As of 28 May 2018, a total of 130 cloud services from suppliers such as Amazon, Microsoft, Google, Alibaba and SoftLayer have been MTCS SS-certified by accredited certification bodies.

Read more on Cloud security