Only the customer owns key: 100% Data sovereignty
Who owns the keys has access to the data
The idea behind the data encryption is simple. Only who owns the cryptographic key has access to the data. Therefore, our customers create their own keys with our software and only they control the keys. Each customer can verify this or have it verified.
Besides controlling the cryptographic keys the customer has to be able to control the algorithm. Only then he can be sure that there are no backdoors in the security solution and that the keys are used as the required standard defines it. This requirement is called „Cryptographic Trinity“.
As in a Closed-Source solution the algorithm cannot be controlled, the complete eperi Gateway basis was published under Open Source license at the eperi and the BSI homepage. Verifiable for everybody.
If the provider of the system to be protected also provides self-operated security solutions and not customer-controllable, the security of the overall system cannot be guaranteed. This is valid e.g. for hardware based cryptographic solutions (HSM) in the Cloud. The user cannot be sure that the HSM is operated unchanged and secure and that no backdoors exist in the solution. The customer has no control over the algorithm used for en- and decryption.
Data sovereignty is a legal term meaning the „sole access right to an IT system, excluding unauthorized Third Parties“ (Source: Luch, MMR 2011, 75f.). Only if the data is securely encrypted prior to storage, the data owner can exclude the access of „unauthorized Third Parties“ like attackers and administrators. Then the data owner gains data sovereignty. In addition to encryption, also further mechanisms like backup, user administration etc. do have to be used. The data encryption is the most important element here.
Order Data Processing means processing person-related data bound by instruction by another authority. Responsibility for permissibility and correctness of the data processing remains permanently with the customer. A respective contract defines this. These contracts are supposed to settle the question of liability between customer and (Cloud) provider, which usually is not entirely possible. The arising gaps are a real problem. If person-related and critical data is securely encrypted by the customer prior to forwarding to the provider using a secure method and – if required – additionally anonymized thus that no reference to persons can be constructed the classification as order data processing is not applicable any longer. The eperi Gateway enables this. An order data processing free Cloud can be created thus.