.png)
2 days ago
1
Classified information in this context is information that must be kept secret for the benefit of the Federal Republic of Germany. Anyone who processes classified information digitally must take extensive measures, comply with numerous standards, use approved IT security products and go through a challenging approval process. These regulatory and technical requirements have so far slowed down the use of cloud technologies in German public authorities and security-sensitive industries.
“The SINA Cloud is a game changer for handling classified information,” says Dr. Kai Martius, CTO of secunet. “Now, public authorities and companies subject to secrecy regulations can modernise their IT in a legally compliant and VSA-compliant manner – transparently based on open architectures and open source. The solution helps reduce dependence on non-European providers and is therefore coming at just the right time: in light of current geopolitical developments, sovereign digitisation is more important than ever, especially when it comes to classified information.”
Open source-based and flexibly scalable
Like all cloud solutions from secunet, the classified information cloud is based on open source components such as the proven OpenStack platform, with Yaook lifecycle management and the Linux variant ‘NixOS’, to which secunet makes significant contributions to the open source community. This ensures transparency and prevents vendor lock-in. The strong cryptography comes from the proven SINA high-security IT solution. Thanks to the implemented multi-client capability, classified data and applications from multiple end customers remain strictly cryptographically separated and can be processed together on a single infrastructure. Unlike retroactively hardened cloud platforms, this creates additional flexibility: any cloud-native services can run on the cloud, and VSA compliance is maintained when the cloud stack is expanded or updated. Provided that no changes relevant to secrecy regulations are made, re-approval is then no longer necessary.
Initially, a SINA Cloud on-premises solution will be available, which customers can operate themselves in their own data centres. A version operated by secunet as an Infrastructure as a Service (IaaS) solution is also in preparation for the second half of 2025. In this variant, the platform runs in secunet's certified data centres in Germany. This is particularly beneficial for customers who have to deal with classified information but do not want to or cannot build up the resources to operate their own cloud platform.
Efficient operation thanks to product approval
The SINA Cloud Security Layer is the first technology to successfully pass the BSI's new component approval process. In this process, individual components are approved for use with classified information rather than an entire product. In the case of SINA Cloud, additional IT baseline protection (IT-Grundschutz) aspects were included in the approval. The use of a supplied IT baseline protection profile provides a valuable tool for the release of IT for classified information. The last of three components of the SINA Cloud Security Layer has now been approved, while the first two were approved at the beginning of November 2024.
In the interest of promoting state sovereignty in the cloud environment, secunet will also make its high-security solution available to other sovereign German cloud providers and develop joint customer offerings in cooperation and partnership models.
Testing opportunities in the BSI showroom
At its location in Freital, the BSI operates a showroom for IT systems for classified information. There, users can obtain comprehensive information about the cloud and also test it. The offer is aimed at decision-makers, security consultants, end users, administrators and operators of classified information IT systems.
More information about the SINA Cloud is available here.
