Tech

Security in the Cloud: Swisscom Builds 'Swiss Cloud' Shielded From Outside Threats

Staff Reporter
First Posted: Nov 03, 2013 05:57 PM EST

Swisscom is building a "Swiss Cloud" that could loosen the grip of U.S. technology giants and attract foreign companies looking for a way to shield sensitive data from the prying eyes of foreign intelligence services.

Companies are increasingly turning to cloud computing - an umbrella term for technology services such as email and business software offered remotely via the Internet instead of on-site - to cut costs and add flexibility to their IT departments.

But revelations that the U.S. National Security Agency (NSA) secretly gathered user data from nine big U.S. tech companies including Google, Apple and Facebook has demonstrated that privacy for users of cloud services can be compromised, and some suggest customers could seek out alternatives to the dominant U.S. providers to try and protect sensitive information.

Swisscom's head of IT services Andreas Koenig told Reuters the telecom provider's decision to set up a home cloud was unrelated to the recent NSA revelations and driven more by a desire to cut costs and make its systems more dynamic.

Still, as the technology to protect against illegal threats progresses, Koenig says it will start to make more sense to store data in locations where strict privacy laws make it harder to retrieve sensitive information.

"Data protection and privacy is a long tradition in Switzerland, and that's why it's pretty difficult to get to something," Koenig said.

"But if legal requirements are there and we are asked by the judge to obtain or deliver certain information then we would obviously have to comply with it."

Unlike in the United States, where the 2001 Patriot Act and the 2008 Foreign Intelligence Surveillance Act (FISAA) gives U.S. intelligence agencies the power to carry out mass information gathering, Swisscom would have to receive a formal request from a prosecutor before allowing access to data.

Yet while Swiss privacy laws will govern data stored locally in Switzerland, Swisscom says it is hard to guarantee the security of data that crosses borders, such as information exchanged by employees working in different countries.

Concern over the extent of foreign intelligence access to data has unnerved many countries, including Germany, where state-backed Deutsche Telekom wants communications firms to collaborate to shield local internet traffic.

INFRASTRUCTURE SECURITY

Swisscom, which is majority-owned by the Swiss government, wants to be at the forefront of new technology to monitor and detect illegal threats, such as hacking.

"If you are a provider in a cloud environment you need to apply the highest standards of security you can get," said Koenig, adding the company was implementing new ways to look at intrusion and data threats.

He said improvements in technology such as HTML 5, a new programming language for websites that can support apps on many different platforms, would make it harder to retrieve data.

"It's like opening a data tunnel from the server to your screen and then displaying the data on your screen. That makes it pretty, pretty difficult for anyone to see what's there."

In Switzerland, which upholds privacy and data secrecy for its citizens and has long profited from providing discreet banking services to foreigners, the NSA surveillance furor is particularly sensitive.

The Swiss government is worried about surveillance of Switzerland's more than $2 trillion financial centre and is seeking measures to ensure against spying, Basler Zeitung reported last week, citing sources.

Swisscom is subject to regulation requiring it to store all client data in Switzerland. The company counts banks among its biggest clients, and the country's financial regulator FINMA also stipulates that data and data transfer must happen within Switzerland.

For now, the company is focusing on its Swiss-based clients but says it would have the capacity to support demand from foreign companies seeking a privacy haven.

Koenig declined to disclose how much Swisscom was investing in its cloud nor how much it was planning to charge potential clients for the service, but said it would be competitive with other providers such as Amazon Web Services and International Business Machines.

He said Swisscom's goal was to have 70 percent of its own IT infrastructure in the cloud by 2016, the equivalent of 200-300 petabytes of data. According to analysts at Deloitte Analytics, it would take 223,000 DVDs to hold just one petabyte.

See Now: NASA's Juno Spacecraft's Rendezvous With Jupiter's Mammoth Cyclone

More on SCIENCEwr