deen
Share
close
Share
close
  • Sprache / language
  • deen

Digital Sovereignty
for our Country

Digital Sovereignty
for our Country

National Secure Cloud (NSC) and VS Workstation

The rapid pace of digitalization and growing cyber threats demand IT solutions that not only meet the highest security standards but are also flexible and user-friendly. This is especially critical for government agencies and armed forces, who work daily with classified information in accordance with the Classified Information Directive (VSA) and require a high level of sovereignty.

Daily Cyber Attacks on Corporate and Government Networks

The German Federal Office for Information Security (BSI) records 250,000 new malware variants every day. In the federal administration alone, an average of 775 emails containing malicious software are received daily. The BSI blocks access to 370 websites from government networks every day. Cyber espionage has become a daily occurrence. Here are some examples from recent years:

  • Attack on the civilian operations of defense contractor Rheinmetall (2023)
  • Attack on the SPD headquarters and defense companies by the Russian military intelligence service (2024)
  • Cyberattack—suspected to originate from China—on the UK Ministry of Defence (2024)
  • Attack on the IT infrastructure of Germany's CDU party, forcing it offline (2024)
     

Our Response: The NSC in Combination with the VS Workstation

A tailored cloud infrastructure and a secure working environment designed to meet the demands of government agencies, militaries, and regulated industries – delivering maximum data sovereignty and protection up to the classification level of SECRET.

The National Secure Cloud

  • a highly secure cloud infrastructure
  • meets the requirements of the Federal Office for Information Security (BSI)
  • high performance, interoperability, and scalability
  • security domains and secure domain transitions for government agencies and military

The VS Workstation

  • modular solution based on European open-source applications
  • scalable for large organizations with thousands of users
  • supports handling classified information up to the SECRET level
  • compatible with ZenDiS openDesk

FAQ

  • Who are the target customers for the NSC?

    • Governments with high IT security requirements (including ministries and administrations)
      Digital and data sovereignty are top priorities for governments and their subordinate authorities. Avoiding vendor lock-in is equally critical. Instead, traditional hyperscaler products should be replaced or complemented with open-source applications such as the VS Workstation.
       
    • German Armed Forces (Bundeswehr) and other military organizations (e.g. NATO or friendly countries)
      Data sovereignty is equally critical in a military context. Additionally, international standards, such as those established by NATO, must be strictly adhered to. Consequently, the technical requirements for military organisations are significantly higher than for civilian applications. The NSC technology stack fulfils all these requirements. Current developments show that the German Federal Armed Forces (Bundeswehr) are already using the ZenDiS solution openDesk. The VS-Workstation is the ideal complement, offering full compatibility with openDesk.
       
    • Regulated industries
      Regulated sectors such as the pharmaceutical industry, allocate substantial financial resources to the development of medical products, which often undergo a highly complex approval process lasting several years. Maintaining confidentiality throughout the entire process – from conception to authorisation – is essential to safeguarding intellectual property and ensuring a return on investment.

  • How does the architecture of the NSC differ from conventional clouds?

    Every cloud requires a hypervisor for virtualisation and resource orchestration. In contrast to conventional clouds, the NSC relies on a modular, microkernel-based hypervisor. The Trusted Computing Base (TCB) – comprising the software and hardware that must be trusted – differs significantly between the NSC and traditional clouds. Conventional clouds rely on monolithic hypervisors with millions of lines of code, whereas the TCB of the NSC’s L4Re Hypervisor consists of only around 30,000 lines of code. This much smaller code base enables complete evaluation
    and verifiability, while reducing vulnerabilities and susceptibility to errors.

  • What is the multi-security domain cloud?

    The NSC is able to run multiple isolated networks or domains for different security levels on a single hardware platform, securely separating them using the L4Re Secure Separation Kernel. This has been approved by the BSI for classification levels up to SECRET.

  • How can data be exchanged between the security domains?

    Structured data can be exchanged between security domains via SDoT Security Gateways. These gateways verify data based on predefined rules. Unstructured data – such as Word, Excel or other files – must be labelled using an SDoT before leaving the security domain. E-mails can also be exchanged securely in this way. These IT security products are approved by the BSI up to the classification level SECRET.

  • How is security for cryptographic requirements guaranteed in the NSC?

    Comprehensive security solutions are provided, including a BSI-approved hardware security module for all cryptographic requirements. Client-side protection is also available through hard disk encryption and "File and Folder" encryption, meeting standards up to RESTRICTED.

  • What are the key features of the VS Workstation?

    The VS-Workstation incorporates the core features of a digitally sovereign workplace designed for government clouds

    • Use of open-source software: 
      Public authorities increasingly focus on open-source software, which offers greater transparency and control. This reduces reliance on proprietary solutions from large international IT companies.
    • Data sovereignty: 
      Data is stored and managed in national or private data centres rather than foreign cloud services. This protects the data from unauthorised access by third parties.
    • Security standards: 
      Strict security and data protection standards are implemented to protect IT infrastructure from cyber attacks, including regular security checks and audits.
    • Interoperability: 
      Systems and applications are designed for compatibility and seamless data exchange. This fosters efficiency and collaboration between different authorities and departments.
    • Control over software and hardware: 
      Authorities maintain full control of their software and hardware, enabling them to make adjustments and close security gaps without relying on external providers.
       

    Advantages of a digitally sovereign workplace for public authorities

    • Security:
      By taking control of their data and IT infrastructures, governments can more effectively manage risks and strengthen their defences against cyber attacks.
    • Independence:
      Reduced reliance on international IT providers gives public authorities more freedom to shape their IT strategies independently.
    • Data protection: 
      Compliance with national and European data protection laws is made easier by keeping data stored and processed within the company's own territory.
    • Cost control: Open-source solutions often incur fewer licence fees and provide long-term cost savings.

Want to know more?

You'll find the details in our brochure.

National Secure Cloud
PDF / 3 MB
Download
Your Contact for NSC
Patrick Rund

Senior Manager Digitale Transformation

Send message

Our Partners

Contact