Bare.ID matches the federal government's digital strategy

Cyber attacks and the associated risks are more present than ever, especially in times of crisis: Both Corona and the war against Ukraine have shown how urgent digitization is in public institutions and CRITIS areas, but at the same time how often these areas are targeted by cyber attacks.

The constantly increasing risk of becoming the target of a cyber attack explains the increased need for every digitization strategy to also be accompanied by a comprehensive cybersecurity strategy. The more business processes and data are digitally mapped, the higher the attack surface and the need for adequate security-relevant solutions. In principle, American digital companies have a dominant position here in shaping digitization in Europe due to their progressiveness. In order to prevent dependence on these non-European providers and to meet significantly higher data security standards in Germany and Europe, federal level is therefore required to promote the domestic economy, especially in the cloud environment.

The international digital strategy of the Federal Government of Germany therefore also focuses on the issue of security and digital sovereignty. The strategy is supported by various stakeholders in an advisory capacity, including the Bundesverband IT-Mittelstand e.V. (BITMi), of which Bare.ID is a member. Just recently, BitMI announced in a recent press release More detailed information about the core objectives of the advisory function is known. The problem of dependence on third countries due to foreign majority shares is no stranger even in the area of single sign-on cloud solutions, which is why the cloud IAM solution Bare.ID focused on digital sovereignty right from the start and has made compliance its USP. How digital sovereignty can be fully realized and how Bare.ID implements this and thus pursues the federal government's digital strategy is discussed below.

Digital sovereignty: What must be guaranteed?

In order to represent digital sovereignty and thus minimize dependencies, various factors play a role, both geographically and technologically. Geographically, dependency on third countries, which, as mentioned, still exists strongly in the digital environment, is to be significantly reduced. However, this is not only done by national providers with the “Made in Germany” seal of approval, which exclusively determines origin and location, but the implementation of digital sovereignty means much more, namely that corporate control also remains in Germany at all times. In case of doubt, it doesn't matter whether the processing takes place in a data center on Swiss or European or German soil — the decisive factor is what jurisdiction the provider is subject to due to its origin. Digital sovereignty only exists when there are blocking minorities and therefore no majority shares for non-German shareholders. Another aspect of this that is often overlooked is looking at the supply chain. Even if the provider himself complies with all standards and regulations, a dependency on non-German software suppliers blocks complete sovereignty. In order to achieve digital sovereignty, this too must meet the appropriate criteria.

In addition to the geographical aspect, data availability also plays a role. On the one hand, providers and solutions must ensure that availability and access is guaranteed even in the event of a crisis. This means that redundancies must be created so that if one part of the system fails, another part can take over its tasks until it is restored or replaced. High availability also contributes to scalability, as it allows easy growth as needed. This makes it easier for companies to adapt quickly in the event of unexpected changes or spikes in demand. On the other hand, simple data portability is becoming relevant: A dependency on individual providers, i.e. vendor lock-in, should be avoided. Vendor lock-in is the situation in which a customer is unable or unwilling to migrate away from a specific provider, whether due to contractual obligations or other factors such as the lack of compatible systems from other providers or the fear of interruptions due to migration processes. By avoiding vendor lock-in, companies can switch providers whenever they think it's necessary without major impact. This gives them greater flexibility when making decisions about their IT infrastructure and operations.

Implementing digital sovereignty at Bare.ID

With Bare.ID, users get the benefits of a first-class cloud identity and access management solution that meets German requirements for data security and data protection. Bare.ID attaches great importance to compliance with German laws and regulations — from the jurisdiction to the support team based in Germany and the data centers that are under German control in German companies. This ensures that all user data is compliant with applicable regulations and at the same time provides an additional layer of security against potential threats or vulnerabilities outside German borders. Bare.ID also ensures that in the supply chain only suppliers and partners are selected in accordance with German safety standards.

In order to guarantee complete digital sovereignty, Bare.ID meets not only legal and geographical requirements but also technological requirements in the best possible way. At the core of the solution is the established open source IAM framework Keycloak, which ensures easy data portability. If a change of provider is desired, there is no vendor lock-in and the customer can simply take their data with them to another provider. Alternatively, thanks to the available source code, he can also work completely without a vendor if required and is therefore completely independent.

Failure safety is also guaranteed by high availability, which is ensured by multi-node operation with a possible georedundancy architecture: Several nodes are used to provide redundancy and fault tolerance, and high system availability is ensured. When a node fails or a problem occurs, another node takes over to keep the system running without interruption or loss of data. In addition, there are at least two nodes in another geographical location in accordance with the KRITIS georedundancy regulation.

Conclusion

In today's ever-changing technology landscape, digital sovereignty is becoming increasingly important for companies around the world. In order to guarantee true digital sovereignty, it must therefore be certain that majority shares remain in the German legal area, companies retain full control of their own IT environment, but at the same time also offer secure access with high availability and avoid dependencies on individual providers. In this way, they are able to maintain true autonomy over their data while taking advantage of cloud computing solutions such as scalability and cost savings. With the right implementation of these elements, companies can look to the future with confidence — free from unwanted restrictions from external providers or third parties.

‍