WISekey Data Sovereignty Solutions for the Cloud by Carlos Moreira

WISeKeyâ&#x20AC;&#x2122;s High-Security Neutral SaaS and Data Storage Framework & Services The World Internet Security Company

A Unique and Innovative Approach to the Data Sovereignty Problem

The World Internet Security Company

Legal & Trust Framework

The Applications & Services

Overview

The Business Model & Go-to-Market with MS

The Infrastructure

Next Steps

The Cost/Flexibility/Security Data Sovereignty Problem of Cloud Computing and SaaS The World Internet Security Company

The Perception: "If you run a data center, please be aware that in our great country, the FBI can come into your place of business at any time and take whatever they want, with no reason"

•Many governments do not have access to infrastructure to implement large e-Gov deployments. • The alternative of hosting in another country entails big risks to their CIIP including loss of data sovereignty. • This results in projects being downsized or not being done at all. •Individuals and companies have similar fears, even if they have nothing to hide.

c s i h T

ld u o

c c o

i r u

ry t n u o c y

http://blog.wired.com/27bstroke6/2009/04/data-centers-ra.html

The Solution The World Internet Security Company

•

• •

A legal, policy, technological and infrastructural framework that allows governments to host their IT platforms from unique state-of-the-art data centers in Switzerland whilst applying their own law to the servers and data processed. Provision of identity management, data storage, data hosting and SaaS solutions from the world-renowned privacy, neutral and stability stalwart of Switzerland. An extension option of the Microsoft Azure Services Platform Copyright 2009 WISeKey -

The World Internet Security Company

The Legal and Trust Framework

Unique Legal & Trust Framework The World Internet Security Company

• Switzerland’s respect for privacy dates back to at least 1713. • Switzerland is today a stalwart of privacy, security and neutrality which is reflected in its culture, its law and its policies. • Switzerland is today host to most of the international organizations. • As a result, it boasts a highly evolved legal and logistical framework for its large diplomatic community. • WISeKey and the OISTE Foundation have worked since 1999 on the application and extension of the platform afforded by this combination of factors to the online environment. • This has resulted in an innovative application of a unique legal and trust framework to information technologies.

The Components of the Framework The World Internet Security Company

WISeKey has innovated by bundling a series of components to build this unique framework: – The Swiss and international legal systems – The OISTE Foundation and its Trust Model – The Swiss State-of-the-Art Infrastructures – Innovative use of Information and Security Technologies

The Swiss and International Legal Systems The World Internet Security Company

• Through a series of Swiss and International Legal Instruments, such as: – the Vienna Convention on International Relations and the Swiss Legislation – Swiss Diplomatic and Consular Legislation – Swiss Diplomatic Immunity Legislation

• A unique legal status may be established on a per-case basis that allows the extension of diplomatic immunity to specific environments (e.g. X servers in a data center). • To achieve this, specific legal and formal (in accordance with the law) as well as infrastructural and operational requirements must be met.

A Swiss Foundation Ensures a Reliable and Neutral Operational Framework The World Internet Security Company

• Operations must meet the high standards required by governments in the use of the diplomatic legal framework. •The OISTE Foundation (Organization for Secure Electronic Transactions) is a Swiss Federal non-profit Foundation •The OISTE Foundation has as its main purpose the promotion of secure electronic communications worldwide.

The OISTE-WISeKey Virtuous Cycle of Neutrality and Trust The World Internet Security Company

OISTE Foundation Policy Authorities

yti nu mmo Ct s ur T

• WISeKey’s customers can join OISTE and impose operational protocols on WISeKey for their specific case.

Representatives of the Trust Communities ensure WISeKey is providing the services appropriately

yti nu mmo Ct s ur T

• As a private company, WISeKey is mandated by OISTE to execute and operate projects that pursue OISTE’s purposes.

Policies and standards approved by the respective OISTE Policy Authorities

WISeKey is contractually bound to comply with the approved policies and standards.

yti nu mmo Ct s ur T

• As a foundation, OISTE has a duty to pursue its purpose: promote secure electronic communications worldwide.

Summing-up The World Internet Security Company

• The Swiss and international legal framework is applied in a manner that enables a unique data sovereignty solution. • The OISTE Foundation provides the operational framework that enables trust in the solutions and services provided. • The OISTE Foundation may also provide independent third party assessments on the overall security and compliance of the infrastructure, data, people and processes. • As a private-sector company, WISeKey provides the services in compliance with the customer’s requirements (imposed by contract with the customer and and by the Foundation). • The additional requirements to achieve the full solution include the infrastructure used. Copyright 2009 WISeKey -

The World Internet Security Company

The Infrastructure

Special Infrastructure Requirements The World Internet Security Company

â&#x20AC;˘ Normal data center environments cannot be used to meet the full set of requirements. â&#x20AC;˘ Through the integration of its operational framework and sophisticated infrastructures WISeKey is able to complete the requirements. Copyright 2009 WISeKey -

Infrastructure Scenario (many others are possible) The World Internet Security Company

In Switzerland

Azure Services Platform (e.g. for apps and services not requiring diplomatic immunity)

High Security Swiss Primary e-Gov Managed Hosting

Public Servants

High Security Swiss Secondary e-Gov Managed Hosting (Mountain Bunker in the Swiss Alps)

Citizens

Enterprises

High Security Swiss Tertiary e-Gov Managed Hosting nd (2 Mountain Bunker in the Swiss Alps)

Government in-Country IT Infrastructure

Data Center Specs The World Internet Security Company

3 Separate data centers – One high security data center in Geneva, Switzerland – 2 military-built high security data centers under the Swiss Alps at least 90 KM away from Geneva. – All data centers were built and are operated with high security operations in mind.

SLA Capabilities The World Internet Security Company

• The data centers are able to provide 24X7X365 service. • SLA’s can be adapted to the needs of customers and for specific application types (e.g. MS Exchange, Sharepoint, etc.) • Network Availability SLA of 99.99% per month • Power Availability SLA of 99.99% per month • HVAC (Cooling Temperature and Humidity) SLA of 99.99% per month. • Direct access to the data centers with an airport and customs control at walking distance from 2 of them. Copyright 2009 WISeKey -

Some of the Characteristics of the Data Center Infrastructure The World Internet Security Company

• • • • • • • • • • • • • • • • • • • • •

Underground “zero-risk” infrastructure. Highest protection against nuclear, biological or chemical attacks. Full EMP (electro magnetic pulse) protection. Strict access control, constantly accompanied by security personnel. External video supervision with automated detection. Security zones with explosion proof separations and bullet proof lock gates. Face recognition technology, video surveillance of any movement. Automatic control of visitors. 24h surveillance, ensured by a civil and military concept. Generators with an autonomous operation of several weeks. Battery power for 24h. Climate control with rehydration for ideal, constant conditions. Various micro-segmented air inlets at hidden locations. Atmospheric over pressure to prevent gas from entering the facility, full ABC protection. The high performance cooling system utilizes an underground lake to cool down all IT installations. Multiple, redundant communication Independent, dual phased IP connection to main provider. Single phase IP connection to second provider. Single microwave connection to second provider. Darkfiber connection between the two mountain facilities. BGP4 redundant IP concept in preparation. Managed multi-level firewalls and perimeter security for every communication path.

Diagram on one of Swiss Alps Data Centers The World Internet Security Company

The World Internet Security Company

The Applications and Services

WISeKey Understands the Challenges MS Customers Face The World Internet Security Company

1: KEY CHALLENGES The top layer of the model considers the key challenges that most local governments face. These are crosscutting issues that slice through services and structures. These issues challenge the chief executives and policy makers and cascade down and across the organization.

2: PEOPLE & PROCESSES Local governments do not serve citizens, control costs, balance budgets, or achieve operational excellence. People do these things, and organizations excel when they empower their people.

3: APPLICATION CAPABILITIES This comprises Microsoft and third-party solutions that government organizations need to operate effectively, from core business applications through to applications that enable citizen and business connections, improve business processes and performance, and citizen relationship management.

4: TECHNOLOGY Microsoft’s end-to-end infrastructure provides a security-enhanced, scalable, and easy to manage foundation on which government organizations can overlay the applications they need. It is divided into core infrastructure, business productivity infrastructure, and application platform infrastructure. Microsoft has developed an optimization strategy for each of these areas to help governments create a ‘people-ready’ organization that empowers staff with the right tools and information to improve services, increase citizen satisfaction, and reduce cost.

The Data Sovereignty Framework is able to address this Complexity using the MS CSP as an example The World Internet Security Company

Citizens Integrated services

1.Service Quality

2. Productivity

Businesses Reduced Administration & red tape

3. Oversight Local government applications

Efficiency Civil Servants effective tools, single view of the truth

Politicians Clear timely information

The Global MS Partner Network can also benefit The World Internet Security Company

• Both MS and Partners that have gone through security clearance could gain access to the facilities. • Even local in-country data center providers could benefit by having a disaster recovery or business continuity site in Switzerland. • The Swiss services could be resold by MS partners as a value added service to government and enterprise customers. Copyright 2009 WISeKey -

The Framework and Services can be integrated into the Azure Services Platform The World Internet Security Company

Imagine, as basic examples: • An extension of Windows Live ID for customers that want to keep their personal identification data under Swiss jurisdiction and infrastructure. Windows Live ID “plus”?

• An option for Healthvault users who wish to keep their health data under Swiss privacy laws in a high security location. Healthvault “plus”?

The World Internet Security Company

The Business Model and Go-to-Market with Microsoft

Possible Scenarios The World Internet Security Company

• WISeKey as an MS partner providing a value added solution. • WISeKey and MS providing a joint and integrated solution for segments (e.g. e-gov). • WISeKey and MS providing online services such as SaaS for ID services, data storage, backup, healthvault, anti-counterfeiting services, etc., • WISeKey and MS providing an Azure “plus” to partners and customers. Copyright 2009 WISeKey -

Next Steps? The World Internet Security Company

The World Internet Security Company

• Find and install the first customers by WPC in July. • Launch a first phase at WPC in July • Launch a second phase at Telecom 2009 (5-9 October) – WISeKey will be a part of the Swiss Pavilion – Will count with the visit of the Swiss President – Leverage the Swissness to add the “plus” of the Swiss cross to the joint value added solutions. Copyright 2009 WISeKey -

The World Internet Security Company

Further Ideas/Questions?