INTERVIEW WITH THE CLOUD EXPERT
Frank Freitag discusses business-critical data in the cloud
Frank Freitag is a specialist for cloud software systems and individually developed SAP solutions. He worked at SAP from 1989 to 2020, gathering 31 years of experience in various areas and functions. During this time, he applied his know-how in the field of cloud computing and software architecture as a programmer, consultant in the USA, development manager as well as in the department “Customized Solutions”.
At SEQUELLO, he incorporates his experience into our construction logistics platform as an independent consultant. Today, we clarify the question of how trustworthy cloud software is in terms of business-critical applications and what advantages it offers.
Question (Q): Frank, before we get into the security aspects and benefits of cloud solutions. Can you give us a brief overview of this topic?
Answer (A): The market for cloud solutions is developing rapidly. In many areas, the share of cloud applications is higher than for on-premises solutions. (= software and solutions that are operated within the company network, note).
Q: Which use cases can be covered by cloud solutions?
A: In principle, a distinction can be made between three areas. With Infrastructure-as-a-Service (IaaS), you outsource individual functions of your own infrastructure. Services such as One Drive or Google Drive are examples of IaaS.
PaaS (Platform-as-a-Service) providers make a development environment available on the Internet. The SAP Business Technology Platform (SAP BTP), on which SEQUELLO is based, falls into this category.
The third use case, Software-as-a-Service (SaaS), refers to software that is developed and operated by the provider and used via the Internet. SEQUELLO, for example, falls into this category, but so do Gmail and many other applications.
Q: How secure is the data in the different use cases?
A: The short answer: data is very secure in the cloud. Especially in the business context, where a lot of sensitive data is stored and processed, cloud solutions have an advantage over on-premise use. In recent years, cybercrime has increased enormously. Municipalities, hospitals and many SMEs have been particularly affected and have been blackmailed with stolen data. These areas often lack the resources to keep up with the pace of development of security technology, which is why attackers often have a relatively easy time of it.
Q: So the concern that data in the cloud is insecure is completely unfounded?
A: Of course, there is never 100% guaranteed security. However, when you consider the sums that companies such as Google, Microsoft, AWS (Amazon, Note) or SAP spend to secure their data centers, servers and services, it must be clear that individual companies cannot keep up. Therefore, a cloud solution offers much better protection than the on-premise variant.
Q: I now realize that it is extremely difficult for unauthorized persons to view data in the cloud from the outside. But what about the cloud providers? How is it warranted that they cannot view any data?
A: There are various audits and certificates from external auditing companies that ensure that the data is not misused by the operator. In the case of SAP, you can find out in detail any information at the Trust Center regarding which external audits the company undergoes and which certificates have been acquired. Of course, it is possible for authorized employees to view the customer’s system for support purposes but only based on a ticket. The access and the actions of the support staff are always documented. This way, special care is taken to ensure that everything is done properly
Q: Besides the good security level, what other advantages does the use of cloud solutions offer?
A: Since the cloud services are operated via the Internet, the user can access data or use the software regardless of location. They can be used 24/7 and are also available +99% of the time because there is hardly any maintenance downtime. There are even systems that work with zero downtime and are always 100% operational.
Q: Taking a look at SEQUELLO, how does the protection of sensitive data work here?
A: Processing takes place via the SAP Cloud. Each SEQUELLO customer is connected via a private interface (API). These interfaces are secured according to the latest security standards (OAuth 2.0, note), and they define which data can be accessed via them. In contrast to the public API, not just any user can connect to the system, and access by foreign users is thus prevented.
In addition to the interfaces, there is also a sophisticated authorization and role system. The function of the “data separator” is taken by the company group (= the designation for the SEQUELLO customer in the network, note). Each user is assigned to a company group and can only view its data. This ensures that no external data can be viewed within the construction logistics platform.