Deutsche Telekom subsidiary T-Systems is showing that US big tech companies can’t always have it their own way in Europe when it comes to data provision. Business technology journalist, Antony Savvas looks at how data sovereignty is and should be providing good openings for telcos.
While the big cloud companies like Microsoft, Amazon and Google have big pockets to buy up market share in data services through the building and renting of huge capacities of data centre space, they can’t count on enterprises simply wanting a one-stop shop to store and manage their data.
Security and privacy
Both data security and data privacy are key reasons why, and this has just been demonstrated by a deal signed by T-Systems with Google Cloud, the world’s third biggest public cloud services provider behind Amazon Web Services and Microsoft Azure.
T-Systems, one of Europe’s largest IT services firms, which marries its data solutions with the communications footprint of Deutsche Telekom and other telcos in the provision of services to its end clients, is seemingly now in a strong position to take advantage of demand for safer cloud solutions.
US data thirst
It has formed an alliance with Google Cloud to build a sovereign German cloud to support the needs of German enterprises, the German public and health sectors and international firms that store data in Europe, to help them comply with the European Commission’s General Data Protection Regulation and address fears around the US government’s thirst to get access to foreign citizens’ private data on demand.
We’ve just commemorated the twentieth anniversary of the 9/11 terrorist attacks on the US, and unfortunately one of the fall-outs from those attacks was the increased use of US federal legislation to potentially go after everyone’s data, no matter where they reside.
Patriot games
The introduction of the US Patriot Act meant that any US firm was obliged to hand over requested personal and business data to US enforcement agencies on demand, no matter where that data was stored in the world and whether such handovers broke local laws.
The Patriot Act, which was ostensibly brought in to help the US fight its enemies and organised crime, can of course technically be used against anyone, and the US government hasn’t stopped there.
More recently it brought in the US Cloud Act, which mandates US companies to again hand over data they control stored on any server located in any cloud data centre. This legislation is primarily designed to fight crime and defend US interests, but it is seen by an increasing number of businesses and foreign government agencies as a data security risk.
China’s backdoors
Of course, some other countries have similar laws that allow their governments to snatch people’s data for “national security” reasons, not least China, which requires foreign cloud service companies to provide the government with backdoor access to data on request.
This was one reason why many Western countries rejected, on US request, China’s Huawei as a provider of 5G network equipment, but not much attention was brought to the US’ similar government data grab laws at the time.
It can also be said that the amount of global data controlled by the world’s biggest cloud providers (from the US) far outstrips that controlled by the likes of China’s rival cloud companies Alibaba and Tencent.
Gatekeeper
Realising the potential problem to its business, Google Cloud is building new data centre capacity and other infrastructure in partnership with T-Systems, who will act as gatekeeper to that data and which will presumably be out of reach of the US government.
The companies say they will jointly develop a “large spectrum” of next-generation sovereign cloud solutions and infrastructure, including wide-scale data centre capacity.
This will allow customers to host their sensitive workloads on an in-country cloud, with service management and the operation of the cloud supervised by T-Systems.
T-Systems will manage a set of sovereignty controls and measures, including encryption and identity management. In addition, it will exercise a control function over relevant parts of the German Google Cloud infrastructure.
Adel Al-Saleh, CEO of T-Systems, said: “Our joint strategic goal is to support the digitalisation of European companies and the public sector as they move operations to the cloud.
“With Google Cloud we will provide clients with full control over their data, software and operations.”
Austria and Switzerland
He added that the two firms were already looking to move into Austria and Switzerland with similar cloud sovereignty services.
Thomas Kurian, CEO of Google Cloud, said: “The sovereign cloud solution will provide public and private sector organisations with an additional layer of technical and operational measures and controls, that ensure German customers can meet their data, operational and software sovereignty requirements.”
The new cloud will initially be rolled out across the healthcare, automotive and public transport industries and the general public sector.
What the US government makes of the deal is anyone’s guess, but no one country’s data laws should take precedence over everybody else’s, and that should be an opportunity for other telcos looking to grow their cloud business.
IoT honeypots
Governments aren’t the only ones after our data, with hardened criminals stepping up their efforts to get it.
During the first six months of 2021, Kaspersky honeypots (software that imitates vulnerable IoT devices set up by the security vendor on the internet) have detected more than 1.5 billion attacks against Internet of Things devices. This was more than twice as much as the previous half year in the last six months of 2020.
IoT devices such as smartwatches, door locks, fitness trackers and many others are now everywhere, helping to attract the criminals.
Kaspersky said the number of total infection attempts on its honeypots reached 1.515 billion, which compares to the 639 million attempts the previous six months, a very big jump in a short period of time.
Infected devices are used to steal personal data and mine cryptocurrencies, as well as being used to launch DDoS (distributed denial of service) attacks.
The figures demonstrate that while many telcos are rightly quickly jumping into the rapidly growing IoT market, they better watch out for the security downside that is emerging just as fast.
The author is Antony Savvas, a global freelance business technology journalist.
