Dec 232013

Computerwoche, a German IT newspaper, reports on the reactions of German CIOs to the NSA scandal. Some of them stated, the have not paid enough attention to the issue of surveillance, even knowing that it was taking place. One confessed, that they have been “naïve” regarding the dimension of data sniffing by the NSA.

Call for German Vendors

It is not the first time that security products of German venders were requested:

Till Rausch, CIO des Rüstungskonzerns Thales Deutschland, ist – nicht nur an diesem Punkt – weit weniger optimistisch: “Ich gehe davon aus, dass die großen Anbieter weiterhin dem Druck der Regierungsorganisationen nachgeben und Backdoors einbauen. Deshalb müssen Unternehmen zusätzliche Schutzmaßnahmen zur Sicherung ihrer Informationen ergreifen. Ich setze hier auf Sicherheitsmechanismen von kleinen Drittanbietern zum Beispiel aus Deutschland.”

Translation: Till Rausch, CIO of the defense supplier Thales Deutschland is – not only at this point – far less optimistic: “I ​​assume that the major vendors continue to give in to pressure from the government organizations and installing backdoors. That is why companies need to implement additional protective measures to secure their information. take. I opt for security mechanisms by small third-party providers, for example from Germany.”

The problem is that good security technology is expensive. If a vendor is not able to use economies of scale it is even more expensive. And at the end of the day technology will be bought on prices. Small third-party providers will be very expensive – if they are good and want to compete with the big ones. I see no hope in this – even less when looking at the small German market. And so do others:

Hans-Joachim Popp vom Deutschen Zentrum für Luft- und Raumfahrt: “Was bei näherem Hinsehen sofort auffällt, ist der stark eingeschränkte Wettbewerb in fast allen Herstellerbranchen der IT. Deshalb sind wir CIOs in der Durchsetzung unserer Anforderungen nicht gerade in einer starken Position. Wir müssen dringend mehr alternative Anbieter am Markt unterstützen, auch wenn dies zu einer Torpedierung unserer eigenen Standardisierungspolitik führen kann.”

Translation: Hans-Joachim Popp of the German Aerospace Center: “One thing which on closer inspection strikes immediately, is the very limited competition in almost all manufacturing sectors of IT. That is why we CIOs are not in a strong position to enforce our requirements. We urgently need to support more alternative suppliers in the market, even if this may lead to torpedoing our own standardization policy.”

Open Source seems to be a trustful alternative to them. My personal expectation is, that this trust will last only as long as it does not come to support contracts.

Effects on Cloud Business

I was very astonished to see different views on the reputation of cloud business:

Hanno Thewes, CIO des Saarlandes, glaubt, “dass das Vertrauen in Cloud und Outsourcing an Intensität verlieren wird”. Till Rausch sagt dagegen interessanterweise: “Outsourcing wird attraktiver, da Skaleneffekte die Kosten von Absicherung reduzieren.”

Translation: Hanno Thewes, CIO of the [federal state] Saarland, believes “that the confidence in cloud and outsourcing will lose intensity”. Till Rausch on the other hand, interestingly, says: “Outsourcing is attractive because economies of scale cut the cost of safeguarding.”

The latter is probably more wishful thought than logical. Giving your data to companies using economies of scale just brings in these companies within the focus of the NSA. Good luck with that.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>