July/August 2020

| INTERVIEWS & REPORTS | www.smartmachinesandfactories.com July/August 2020 | 33 | T he three pillars of data security cover data at rest, in transit and in use: Protecting data at rest - encryption or tokenisation, so that even if data is copied from a server or database, a thief cannot access the information. Protecting data in use - tough, because applications need unencrypted data, meaning that malware can access the contents of memory to steal information. Protecting data in transit - making sure unauthorised parties cannot see information as it moves between servers and applications. Cloud computing allows institutions to store their data and run applications on external servers. Instead of owning servers, companies “rent” server space from cloud providers, usually in packages that include other services, such as protection against cyberattacks. Even so, many organisations are reluctant to migrate their most sensitive applications to the cloud because of concerns about data exposure. Nevertheless, cloud computing has exploded, creating a massive global market worth hundreds of billions of euros. Analysts expect the coronavirus pandemic to accelerate that growth. European firms have watched from the sidelines as a handful of American and Chinese companies, known in the industry as “hyperscalers”, have gobbled up the global market. Amazon Web Services accounts for over three quarters of the US tech giant’s operating profits, and remains the biggest player, but Google, Microsoft and the Chinese Alibaba are catching up. Digital sovereignty It is not just the prospect of European businesses losing out that has policymakers worried. A growing dependency on foreign tech companies raises perceived security risks. Last year, Germany’s chief data protection watchdog warned that sensitive German police data stored on servers held by Amazon Web Services was at risk from snooping US authorities. The European Securities and Markets Authority has similarly warned about the lack of transparency inherent in outsourcing to the cloud. Could a scaled up European cloud provider conform to European regulatory norms, and yet stand a real chance of competing in this market? A European cloud initiative aims to achieve just that. Gaia-X is not a cloud service in itself. Set up as a non-profit, it is conceived as a platform joining up cloud-hosting services from dozens of companies, allowing business to move their data freely with all information protected under Europe’s tough data processing rules. It means that individuals, organisations and communities stay in complete control over stored and processed data and who is permitted to have access to it. The project is led by the International Data Spaces Association (IDSA), a founding member of the GAIA?X Foundation. IT infrastructure specialist Cloud&Heat is among the pioneers playing a major role in shaping the project and helping to implement it. IDS reference architecture on data sovereignty will be a central element of the GAIA?X architecture of standards. “The IDS reference architecture serves as an initial impulse for GAIA?X,” said Dr Smart Machines & Factories investigates a new European initiative aimed at challenging the dominance of a few large American and Chinese data handling companies. Data Security – the battle of GAIA