VS-Cloud for Defense: the unique cloud solution for classified information
By employing security technology "Made in Germany" and open-source software, VS-Cloud is the reliable solution for processing classified information of the armed forces and the defence industry.
Digital innovation with open-source software
The innovative linking of enterprise open source software and professional services offers not only the necessary transparency but also independence from proprietary software stacks. Thus, VS-Cloud is the digital innovation for processing confidential data in the cloud.
Paving the way for digital sovereignty
VS-Cloud is a highly secure solution for data preservation and use of classified content. This makes it a trusted driving force for change and strengthens the digital sovereignty of Germany and Europe.
Specifications of the BSI
As a commercially available cloud solution, VS-Cloud has the best prerequisites for approval by the German Federal Office for Information Security (BSI). It also implements all federal regulatory frameworks. This is to the advantage of the armed forces and the defence technology industry.
Secure IT infrastructure
The hardware components of VS-Cloud meet the most stringent requirements for IT security. The software components used are specially tested, hardened and secured with cryptographic mechanisms.
Three strong partners
With IBM, secunet and Red Hat, you have strong partners at your side – with in-depth technological know-how, security-oriented consulting services and many years of experience in the development of highly secure technologies for processing classified data up to SECRET classification.
As a scalable open source-based infrastructure, SecuStack offers an optimal way to react quickly and efficiently to sudden resource changes. This applies, among other things, to data storage capacities, computing power and memory extensions. SecuStack's cryptographic client separation also enables scalability across clients and different security domains. This way, the advantages of a scalable cloud infrastructure can also be used for sensitive data.
An entire ecosystem of methods and technologies, and thus digital innovations, has emerged in the cloud. The aim of VS-Cloud is therefore to make these methods and technologies available for processing classified information. The use of security technology "Made in Germany", enterprise open-source software and professional services are the best prerequisites for the upcoming BSI approval.
At the heart of VS-Cloud is the SecuStack cloud operating system, which enables simple and secure provision of resources via Infrastructure as a Service (IaaS). Transparently integrated cryptographic mechanisms ensure that data transfer, storage and processing as well as the networking of resources in an OpenStack environment stay consistently secure. SecuStack takes into account cryptographic separation between clients and end-to-end encryption (E2EE), as well as other security and control features to protect against external attacks and threats.
In computer science, an "air gap" or "airwall" is understood as being a procedure that physically and logically separates two CIS systems with different levels of trust from each other, but still allows the transmission of user data. With VS-Cloud, the Air Gap can be implemented in the cloud system itself, hosted on-site in a customer data centre or at a later stage remotely as a managed service.
VS-Cloud is a software solution that provides a free architecture and interfaces for cloud computing services. With its modular architecture and open standards, VS-Cloud can cover the entire spectrum ranging from data collection from IoT devices to aggregation, analysis and evaluation by artificial intelligence.
By using SecuStack in the VS-Cloud solution, core aspects of Digital Sovereignty are fulfilled:
- Federally owned infrastructure
- Local operation by federally owned IT service providers
- No data transmission to the manufacturer
- Control of resources
- Ensuring testability and availability of updates along with their documentation
- Compliance with the legal requirements of the German Federal Office for Information Security (BSI) and implementation of all federal regulations
If the data and applications of several organisations are processed in a central cloud infrastructure, there must be a strict separation of services and clients. Until now, the separation on the physical level could only be achieved by having separate racks with independent and disjoint components, which incurs high costs.
By using SecuStack as an infrastructure component of VS-Cloud for Defence, it is possible to perform client separation at a higher level of abstraction. Strict cryptographic separation and flexible key management allow multiple clients to use the same components without compromising data protection and data security. This improved utilisation of existing hardware resources and the lower licensing costs provide a significant cost advantage.