IT security must not disappear into thin air in the age of cloud computing

Vienna, 11 July 2016. The level of data protection between the USA and Europe is variable – so the European Court of Justice confirmed. Anyone who transfers personal data to the USA must expect penalties. European companies, however, also transfer – still legally – highly sensitive data about their current IT security to mainly cloud-based service providers in the USA. The data protection concerns associated with this are immense. A safe alternative is to entrust this to a European provider which does not use the cloud either. RadarServices, a Viennese IT security start-up company strictly adheres to European data protection regulations and the “anti-cloud principle”.

“The demand for IT security services based on the anti-cloud principle is very high. Our European-style approach prevents the otherwise uncontrollable data transfer to foreign authorities or other institutions,” explains Harald Reisinger, Managing Director of RadarServices. The IT security start-up company, based in Vienna, is the first one to offer the services strictly according to the European data protection regulations and furthermore as “anti-cloud services”, which means without any data transfer from a client company. And it is having pan-European success: the business model convinced Invest AG to invest and Telecom Liechtenstein to forge a comprehensive strategic partnership. Orders worth millions have now been placed from Germany.

Background: The ECJ declared the Safe Harbour agreement between the USA and the EU as invalid, pointing to the lower level of data protection of the American legal system. The transfer of personal data to the USA with reference to the Safe Harbour agreement is now penalised. At the same time, however, European companies are using American cloud service providers, due to a lack of alternatives until now. For example, they transfer data on the current status of their IT security to the USA on an ongoing basis for analysis purposes. This IT security monitoring processes logs, security incidents and information on vulnerabilities from the IT infrastructure of the companies. The information is assessed by external systems and – if it stands out – examined by experts there. Whilst this should mean that possible cyber attacks are detected and IT security increased, a new danger is created: once the data leaves a company, and furthermore leaves Europe, it is just as poorly protected from access and further use by US authorities as personal data is. This also applies if the analysis centres of the US security providers are located in Europe – even here access by US authorities on the grounds of the Patriot Act is possible at any time.

Since the end of 2011, RadarServices has been assembling its own team of experts in IT security monitoring, which it employs in Vienna, in what is now the largest Security Operations Center (SOC) in Europe. With measures such as the anti-cloud principle, the European approach differs here significantly from its American competitors.

At the beginning of 2015, Invest AG, Austria’s largest private equity investor, acquired an interest in this still owner-managed company. “RadarServices employs security intelligence experts who have won multiple awards internationally, who monitor and evaluate the IT security of client companies every day,” says Leo Strohmayr, board member of Invest AG. “In addition, it develops its technology in-house, based on the research findings of its own research team. In this way, the company is a match for its American competitors in terms of technology and know-how,” says Strohmayr as an explanation for Invest AG’s investment.

Since 2016, Telecom Liechtenstein has been offering the services of RadarServices to its customers. Mathias Maierhofer, CEO of Telecom Liechtenstein, comments on the decision behind this strategic collaboration: “The approach of RadarServices reflects exactly our customers’ understanding of information security. We see very high potential for the services in Liechtenstein and Switzerland.”
Harald Sommerer, former CEO of Zumtobel Group AG and member of the Advisory Board of RadarServices since 2014, explains as follows: “Global players that have experienced various data protection regimes and compared them with the high European standards know the difference. For them “IT Security made in Europe” is a particularly important asset.”