National Secure Cloud (NSC) and VS Workstation

Criteria

• Data outflow risk due to 'call home' functions

  The cloud stacks of hyperscalers harbor potential risks for the outflow of sensitive data, as they have "call-home" functionalities and are operated on multinational regions. In contrast, open source-based solutions such as the combination of NSC and VS-AP offer significantly more transparency and control - and therefore considerably reduce the risk of data leakage.

• Compliance with IT security functions (VSA Bund § 52)

  This is where the difference between proprietary solutions and the open source approach becomes clear: while hyperscalers' cloud stacks tend to struggle to fully meet these requirements, a US-free open source stack, combined with the ability to implement perimeter protection through an on-premise variant, provides a more reliable basis for regulatory compliance.

• Lifecycle management and security guidelines

  When evaluating lifecycle management systems with regard to security guidelines that require insight into the CVE (Common Vulnerabilities and Exposures) score of the code, clear weaknesses become apparent with binary, precompiled or proprietary software. Only open source code enables such guidelines to be fully implemented.

  In addition, security scans that are applied to binary files have technical limitations, which means that their results are often less meaningful. In contrast, tool chains for transparent quality assurance, such as those used by NSC or the NATO Software Factory, offer the necessary transparency and auditability - and ensure that a well-founded security assessment can be carried out before each release.

• Hardware security modules (HSM)

  There are justified doubts as to whether the crypto algorithms used in the hyperscaler stacks are actually implemented in certified hardware security modules (HSMs) - rather, it is assumed that they are purely software-based.

  In contrast, certified HSMs can be easily integrated into modular open-source stacks, which makes it possible to adapt them to national requirements. The NSC explicitly guarantees this.

• Authorized elements (baseline for IaaS cloud plus network)

  The hyperscaler stacks are likely to have deficits in terms of approved security components, as their closed architecture makes flexible integration difficult. Without open or modular software architectures, adaptation to specific national requirements - especially for the German market - is unlikely.

  In contrast, modular, open-source-based software architectures enable the targeted integration of components in accordance with the requirements of the BSI (German Federal Office for Information Security). This makes it much easier and more efficient to implement German compliance requirements.

FAQ

• Who are the target customers for the NSC?

  • Governments with high IT security requirements (including ministries and administrations)
    Digital and data sovereignty are top priorities for governments and their subordinate authorities. Avoiding vendor lock-in is equally critical. Instead, traditional hyperscaler products should be replaced or complemented with open-source applications such as the VS Workstation.
     
  • German Armed Forces (Bundeswehr) and other military organizations (e.g. NATO or friendly countries)
    Data sovereignty is equally critical in a military context. Additionally, international standards, such as those established by NATO, must be strictly adhered to. Consequently, the technical requirements for military organisations are significantly higher than for civilian applications. The NSC technology stack fulfils all these requirements. Current developments show that the German Federal Armed Forces (Bundeswehr) are already using the ZenDiS solution openDesk. The VS-Workstation is the ideal complement, offering full compatibility with openDesk.
     
  • Regulated industries
    Regulated sectors such as the pharmaceutical industry, allocate substantial financial resources to the development of medical products, which often undergo a highly complex approval process lasting several years. Maintaining confidentiality throughout the entire process – from conception to authorisation – is essential to safeguarding intellectual property and ensuring a return on investment.

• How does the architecture of the NSC differ from conventional clouds?

  Every cloud requires a hypervisor for virtualisation and resource orchestration. In contrast to conventional clouds, the NSC relies on a modular, microkernel-based hypervisor. The Trusted Computing Base (TCB) – comprising the software and hardware that must be trusted – differs significantly between the NSC and traditional clouds. Conventional clouds rely on monolithic hypervisors with millions of lines of code, whereas the TCB of the NSC’s L4Re Hypervisor consists of only around 30,000 lines of code. This much smaller code base enables complete evaluation
  and verifiability, while reducing vulnerabilities and susceptibility to errors.

• What is the multi-security domain cloud?

  The NSC is able to run multiple isolated networks or domains for different security levels on a single hardware platform, securely separating them using the L4Re Secure Separation Kernel. This has been approved by the BSI for classification levels up to SECRET.

• How can data be exchanged between the security domains?

  Structured data can be exchanged between security domains via SDoT Security Gateways. These gateways verify data based on predefined rules. Unstructured data – such as Word, Excel or other files – must be labelled using an SDoT before leaving the security domain. E-mails can also be exchanged securely in this way. These IT security products are approved by the BSI up to the classification level SECRET.

• How is security for cryptographic requirements guaranteed in the NSC?

  Comprehensive security solutions are provided, including a BSI-approved hardware security module for all cryptographic requirements. Client-side protection is also available through hard disk encryption and "File and Folder" encryption, meeting standards up to RESTRICTED.

• What are the key features of the VS Workstation?

  The VS-Workstation incorporates the core features of a digitally sovereign workplace designed for government clouds

  • Use of open-source software: 
    Public authorities increasingly focus on open-source software, which offers greater transparency and control. This reduces reliance on proprietary solutions from large international IT companies.
  • Data sovereignty: 
    Data is stored and managed in national or private data centres rather than foreign cloud services. This protects the data from unauthorised access by third parties.
  • Security standards: 
    Strict security and data protection standards are implemented to protect IT infrastructure from cyber attacks, including regular security checks and audits.
  • Interoperability: 
    Systems and applications are designed for compatibility and seamless data exchange. This fosters efficiency and collaboration between different authorities and departments.
  • Control over software and hardware: 
    Authorities maintain full control of their software and hardware, enabling them to make adjustments and close security gaps without relying on external providers.
     

  Advantages of a digitally sovereign workplace for public authorities

  • Security:
    By taking control of their data and IT infrastructures, governments can more effectively manage risks and strengthen their defences against cyber attacks.
  • Independence:
    Reduced reliance on international IT providers gives public authorities more freedom to shape their IT strategies independently.
  • Data protection: 
    Compliance with national and European data protection laws is made easier by keeping data stored and processed within the company's own territory.
  • Cost control: Open-source solutions often incur fewer licence fees and provide long-term cost savings.