Bare.ID Aligns with the Federal Digital Strategy

Cyberattacks and the associated risks are more prevalent than ever in times of crisis: Both the COVID-19 pandemic and the conflict in Ukraine have demonstrated the urgent need for digitization in public institutions and critical infrastructure sectors (KRITIS). However, these sectors have also become frequent targets of cyberattacks.

The escalating threat of falling victim to a cyberattack highlights the increased necessity for any digitization strategy to be accompanied by a comprehensive cybersecurity strategy. As business processes and data become increasingly digital, the attack surface expands, demanding appropriate security solutions. Notably, American digital companies hold a dominant role in shaping digitalization in the European landscape due to their progressiveness. To avoid dependence on these non-European providers and to adhere to significantly higher data security standards in Germany and Europe, the federal government calls for support of the domestic economy, particularly in the cloud sector.

The Federal Government of Germany's international digital strategy places a significant emphasis on security and digital sovereignty. The strategy is guided by various stakeholders, including the Federal Association of IT-SMEs (BITMi), of which Bare.ID is a member. BITMi recently provided more information about the core objectives of its advisory role in a press release.

The issue of dependence on foreign entities due to foreign majority ownership is not unfamiliar in the context of Single Sign-On cloud solutions. Therefore, Bare.ID, as a cloud IAM solution, has centered its focus on digital sovereignty from its inception, making compliance its unique selling point (USP). We will delve into how full digital sovereignty can be realized and how Bare.ID adheres to this, thereby aligning with the Federal Digital Strategy.

Digital Sovereignty: What Must Be Ensured?

Various factors, both geographical and technological, play a role in achieving digital sovereignty and minimizing dependencies. Geographically, the aim is to significantly reduce reliance on third-party states, which, as mentioned, is still prevalent in the digital realm. This is achieved not only through national providers carrying the "Made in Germany" seal, indicating exclusive origin and location, but also through the retention of legal control within Germany at all times. Ultimately, it doesn't matter if data processing occurs in data centers on Swiss, European, or German soil - what matters is the jurisdiction under which the provider falls due to its origin. True digital sovereignty is achieved when there are blocking minorities and thus no majority shares for non-German shareholders. Another often overlooked aspect is supply chain analysis. Even if the provider adheres to all standards and regulations, dependence on non-German software suppliers impedes full sovereignty. To achieve digital sovereignty, these criteria must also be fulfilled.

In addition to the geographical aspect, data availability also plays a role. On the one hand, providers or solutions must ensure that availability or access is guaranteed even in times of crisis. This implies creating redundancies so that if one part of the system fails, another part can take over its tasks until it's restored or replaced. High availability also contributes to scalability, enabling simple growth as needed. This makes it easier for companies to adapt quickly to unexpected changes or spikes in demand. On the other hand, easy data portability is relevant: dependence on individual providers, referred to as Vendor Lock-In, should be avoided. Vendor Lock-In occurs when a customer is unable or unwilling to migrate away from a specific provider, whether due to contractual obligations or other factors like the lack of compatible systems from other providers or fear of disruptions caused by migration processes. Avoiding vendor lock-in allows companies to switch providers whenever necessary without major repercussions. This grants them greater flexibility in making decisions about their IT infrastructure and operations.

Implementing Digital Sovereignty with Bare.ID

Bare.ID provides users with the benefits of a premier Cloud Identity and Access Management (IAM) solution that complies with German data security and privacy requirements. Bare.ID places significant emphasis on adhering to German laws and regulations - from jurisdiction to the support team based in Germany, and the data centers controlled by German entities. This ensures that all user data conforms to applicable regulations while providing an additional layer of security against potential threats or vulnerabilities beyond German borders. Moreover, Bare.ID ensures that only suppliers and partners meeting German security standards are chosen within the supply chain.

To fully guarantee digital sovereignty, Bare.ID addresses not only legal and geographical requirements but also technological requirements effectively. At its core, the solution leverages the established open-source IAM framework, Keycloak, ensuring straightforward data portability. If a change in provider is desired, there is no Vendor Lock-In, and the customer can easily move their data to another provider. Alternatively, through the availability of the source code, they can work without a vendor, attaining complete independence.

Reliability is also ensured through high availability, achieved through multi-node operation with possible geo-redundancy architecture. Multiple nodes provide redundancy and fault tolerance, guaranteeing high system availability. If a node fails or an issue arises, another node takes over to sustain system operations without interruption or data loss. Additionally, at least two nodes are situated in a different geographic location in accordance with KRITIS regulations on geo-redundancy.

Press Contact

Bare.ID GmbH | Lisa Holzhofer | 0611 945 735 0 | info@bare.id | www.bare.id

Conclusion

In today's ever-changing technological landscape, digital sovereignty is becoming increasingly crucial for businesses worldwide. To achieve true digital sovereignty, it is imperative that majority shares remain under German jurisdiction. Companies must maintain full control over their IT environment while ensuring secure access with high availability and avoiding dependence on individual providers. This way, they can preserve genuine autonomy over their data while reaping the benefits of cloud computing solutions, such as scalability and cost savings. With the right implementation of these elements, businesses can confidently look to the future, free from unwanted limitations imposed by external providers or third parties.