Chocolate Cloud is the first Scandinavian company to be Intel SGX white-listed for production

After a year-long process, Chocolate Cloud has become the first Scandinavian company to be white-listed for production in Intel SGX. Intel SGX is an architecture extension designed to increase the security of application code and data by using secure enclaves within the CPU.

Chocolate Cloud uses Intel SGX in two solutions. One of them is the secure key-value store solution for the Cloud using Intel SGX capabilities to create enclaves within the Intel chip itself to guarantee that data is not only communicated securely to the Cloud, but also that its processing and storage maintains the highest level of confidentiality and privacy. This is very important for the sensitive data streams from emerging Smart City and Big Data Cloud applications. This was developed as a part of the H2020 SecureCloud Project supported by the European Commission.

Chocolate Cloud also uses Intel SGX in a premium Tier of the upcoming software solution for secure Multi-Cloud storage: SkyFlok. SkyFlok is designed to help small business owners run their business smoothly by offering them an easy to use desktop application to store and share data privately across multiple data storage providers across the globe. With SkyFlok users have full control over their data’s geo-location and can select the location of the Cloud, where their client data is stored. We give business owners an enterprise grade storage at a small-business price to allow them to safely share and communicate files with their colleagues and clients without compromising data on transit…and complying with GDPR regulations!

Chocolate Cloud appears in the local news due to a project recently supported by the Danish Market Development Fund

Getting closer to launching its very first software product which goes under the name – SkyFlok, Chocolate Cloud has already grabbed the attention of the media.  A local Danish newspaper published on their website an interview with Chocolate Cloud’s CEO Daniel Lucani in which he reveals more details about SkyFlok and the support given to Chocolate Cloud by the Danish Market Development Fund.  

Recently Chocolate Cloud received DKK 2.7 million in support from the Market Development Fund, money which the company needs to further develop the product, and like Daniel Lucani estimates will create 85 positions in the company during the course of the next five years. SkyFlok is a multi-cloud solution developed by Chocolate Cloud which is going to make file sharing completely safe, preserving users’ valuable data and protecting it from all potential threats. It is a B2B solution which works similar to Google Drive and Dropbox where the companies would need to have a monthly or annually subscription. The technology used for developing this product is the one that makes it special. Once a file is uploaded, SkyFlok, shares that file data in smaller parts, mixes them together and share them between the user’s cloud providers. Doing so an attacker needs to compromise multiple locations before having any chance to look at your data. In addition to choosing between different combinations of cloud systems, users will also be able to choose, where they want to save their data physically, as they can avoid ending in countries, where data security is not at the level they want.  

SkyFlok is a solution that can be used from companies located in different parts of the world. It is a useful product for many reasons.  “In Europe, for example, The EU’s new personal data regulation, which comes into force May 25, 2018, will create a big a need for Skyflok”, says the CEO Daniel Lucani. There are big fines for non-compliance and companies should make sure they protect their data and follow the new regulations.  

You can find the published article in Danish here:  https://nordjyske.dk/plus/aalborg/ivaerksaettere-vil-saette-hackere-ud-af-spillet-i-skyen/92a13035-62b6-4462-94d5-a3292601f1f1.  

Chocolate Cloud is one of the companies chosen for co-financing by the Market Development Fund

The Market Development Fund has chosen to support 20 promising projects with total financing of 46.4 million. kr., which will help companies’ innovative ideas to come to the market faster and achieve success.

The aim of the Market Development Fund is to promote growth, employment, and export, particularly for small and medium-sized enterprises in areas where Denmark has particular strengths and potential.

Chocolate Cloud’s project, a Multi-Cloud Storage for Data Privacy, Ultra-Reliability and GDPR, is among the 20 selected projects to get support from the Market Development Fund.  The purpose of the project is to test a multi-cloud storage solution that allows saving data on different and geographically selected clouds for increasing data security and contributing to the compliance with the new General Data Protection Rules. The solution will be tested by national as well as international companies to take advantage of the global market potential. 

Business Minister Brian Mikkelsen:

“The government will strengthen Denmark as a production and innovation country. The accelerated technological development means that our innovative companies will soon be on the market with their new solutions. Otherwise, they will be overtaken by global competitors. This is especially true for providers of new digital solutions where development is extremely fast. This can help the Market Fund. “

There are 13 digital solutions among the 20 supported projects, which are part of the 46.4 million. kr. One of the solutions gives companies better control over where their data is stored. Another makes use of 3D scanning and robotics to automate some of the processing in the pig sector, which today is a workforce process. The fund also supports several projects in the medical field, including a project to help people survive cardiac arrest.

“The Market Development Fund has chosen to support 20 projects targeting a variety of markets. The fund enables companies to test and adapt their products and solutions to the market needs so that the potential of the solutions can be met “, says the Chairman of the Market Development Fund Carsten With Thygesen.

10 steps to prepare for the European Union’s General Data Protection Regulation

In less than 6 months, all companies operating with data belonging to residents of the European Union will be expected to meet the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018. The requirements are tough, the penalties are big and if you haven’t started preparing for the new rules, it is time to do it as soon as possible in order to avoid a big fine which can go up to 4 % of your company global revenues.

In our previous article “European Union’s General Data Protection Regulation -what is it and what are the key changes?” we discussed in detailswhat is GDPR and what are the key changescoming from the new regulations. Now we are going to focus on some of the most important steps you and your company need to take to prepare for the upcoming rules in data protection.

1.Educate yourself and your team

In order to meet the new data protection requirements, it is essential that you and your team know what GDPR is and understand the requirements. One of the main goals of GDPR is to make businesses accountable for breaches and loss of data. That is why it is very important to have a full understanding of the risks and pay great attention to the security features.

2. Create a data protection plan

You might already have a data protection plan in place, but you will need to review and update it to ensure that it meets GDPR requirements.

3.Ensure individual rights

You should make sure that your procedures cover all the rights individuals have. The GDPR includes the following rights for individuals:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling

4.Prepare for the rules regarding the children’s personal data

In case your organization collects personal data of children you should definitely start thinking about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

5.Prepare for ‘Privacy by Design’

Under GDPR, you will have to show that you have integrated data protection into your processing activities. You should have clear policies in place to prove that you meet the required data protection standards under the GDPR.

6.Review and update your privacy notices and policies

One of the incoming GDPR requirements calls for clear and plain language in the provided privacy information. Your policies should be transparent and easily accessible.

7.Hire or appoint Data Protection Officers if needed

You should appoint A DPO to take responsibility for data protection complianceif you are:

  • a public authority (except for courts acting in their judicial capacity);
  • an organization that carries out the regular and systematic monitoring of individuals on a large scale;
  • an organization that carries out the large-scale processing of special categories of data e.g. health records.

8.Get ready for GDPR international data transfers

In order to ensure that the level of protection under the GDPR is not undermined, the GDPR imposes restrictions on the transfer of personal data outside the European Union.

Under GDPR, you may be able to transfer personal data.

  • subject to appropriate safeguards
  • on the basis of the ICO’s decision regarding levels of protection in specific territories

9.Set up a process for ongoing assessment

To make sure that you remain in compliance, you will need to monitor and make continuous improvement.

10.Small organization? Ask for help, if needed!

Small organizations are also going to be affected by GDPR. Some of them might not have the resources needed to meet the new requirements. If your organization is one of them, you might search for outside resources to get advice or help from technical experts to go through the process and minimize internal disruption.   

European Union’s General Data Protection Regulation (GDPR) -what is it and what are the key changes?

Strict new rules for protecting customer data are just around the corner. Companies which collect data on people in the European Union countries will have to prepare to comply with the new regulations starting in May 25, 2018. The General Data Protection Regulation’s (GDPR) aim is to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

The penalties for non-compliance are going to be quite big and that is why it is essential for every organization to understand correctly the requirements and to be prepared before the new rules’ start date.

So, what exactly is GDPR, how is it going to affect the organizations and what are the key changes are the questions we are going to answer in this article.

GDPR was adopted in April 2016 by the European Parliament, replacing out of date data protection directive from 1995. It requires businesses to protect the personal data and privacy of EU citizens for transactions which occur within EU member countries. The GDPR also regulates the exportation of personal data outside the EU. Companies operating with consumers data in all 28 EU countries will need to meet the same standard which is relatively high and will require most of them to invest a lot of money to meet the standard’s requirements and to administer.

GDPR Key Changes

  • The biggest change in data privacy comes from the increased territorial scopeof the GDPR. Whether the processing of personal data by controllers and processors takes place in the EU or not, the regulations will apply to each of them.
  • Under GDPR organizations in breach of GDPR can get penaltiesthat can be a fine up to 4% of annual global turnover or €20 Million (whichever is greater).
  • Consentmust be clear, accessible and as easy to withdraw as it is to give it.
  • Breach notification, done within 72 hours of first having become clear with the breach, will become mandatory in all member states.
  • Another key change is the right to accessfor data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a free of charge copy of the personal data in an electronic format.
  • Data erasure or the right to be forgottenentitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
  • The right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine-readable format’ and have the right to transmit that data to another controller or in other words ‘data portability’ is another key change under GDPR.
  • Privacy by designwhich is becoming part of a legal requirement with the GDPR calls for the controller to implement appropriate technical and organizational measures in an effective way in order to meet the requirements of this regulation and protect the rights of data subjects.
  • Data Protection Officers (DPO)– Controllers will no longer be required to notify their data processing activities with local DPAs. Instead, there will be internal record keeping requirements and DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations.

Chocolate Cloud’s team presenting at the 5G Summit in Dresden

The 5G Lab Germany at TU Dresden organized the IEEE 5G Summit for the second time in Dresden. This was held on September 19, 2017 at International Congress Center Dresden, Germany. It addressed a holistic approach on 5G system design, ranging from silicon hardware, wireless, networks, edge clouds towards Tactile Internet (an internet network that combines ultra low latency with extremely high availability, reliability and security)  applications.

The new technical requirements must be carefully extracted from a deep understanding new applications, from Tactile Internet to distributed cloud storage. New key technologies in network architecture, air interface, and cloud systems will be key to achieve the new requirements of these applications. Random Linear Network Coding is one of the key technologies for 5G networks and distributed cloud storage… and a Chocolate Cloud is an expert in it!

To demonstrate the power of RLNC for repairing damaged equipment or data corruption in distributed cloud storage, our team created a demo where visitors of the event were challenged to try and be faster than the system repairs lost data, by shooting storage nodes and reaching the so called ‘Hall of Fame’ of our demo. Only a few succeeded during the IEEE 5G Summit, but all of them got the opportunity to explore the speed and efficiency of the cutting-edge technology like RLNC compared to traditional solutions using Reed-Solomon codes.

RLNC can repair losses and data corruption from hardware failures much more efficiently (using less network resources) and by distributing the processing costs across various devices (less complexity in various devices, less use of memory in any single device). RLNC not only optimizes the storage but also opens opportunities to aggregate multiple sources of data to speed up download of content – a very important feature as 5G networks are increasingly combining their storage and network applications and aiming for lower latency (faster response to users).

An enterprise-oriented overview of cloud computing

ENTERPRISE CLOUD COMPUTING

Enterprise cloud computing refers to the special case of using cloud computing for competitive advantage through the decrease of costs, as well as for business innovation in terms of speed and agility where collaboration among business partners and customers is highly improved. 

According to surveys, more than half of all enterprises consider the cloud to be a crucial part of their business models and they are willing to devote 50% or more of their IT budgets to the cloud. 

Enterprises run 75% of workloads in the cloud, shows the “RightScale 2017 State of the Cloud Report”.

The need of outsourcing the workloads to the cloud comes along with the need of choosing a suitable cloud strategy. Surveys show that in 2017, 85% of enterprises have chosen a multi-cloud strategy.

CLOUD COMPUTING BENEFITS

Enterprise Cloud Computing offers many benefits to an organization, including faster access to infrastructure, greater scalability, higher availability, faster time to market, business continuity etc. (see “Cloud Benefits 2017 vs. 2016” figure).  A safer computing environment is provided by the use of virtual servers, which reduce the threat of an on-site attack on the physical storage devices within a data center. Enterprise cloud computing also provides the capacity for flexible data security policies. The security decisions can be made based on many factors, including the user’s role within the organization, the user’s current access location, the type of data accessed by the user and the type of the device that is used.

CLOUD COMPUTING CHALLENGES

According to RightScale 2017 State of the Cloud Report, the top 3 challenges for cloud computing are – “Lack of resources/expertise”, “Security” and “Managing cloud spend”. In 2017,all of the cloud challenges, except “Governance/Control”, declined across the board.

IMPLEMENTATION OF CLOUD COMPUTING WITHIN AN ENTERPRISE

With Enterprise Cloud Computing, the difficulties which normally occur with the configuration, expansion and replacement of traditional on premise IT systems and components can be removed, since the IT infrastructure can be expanded or contracted on demand through virtualization. The typical challenges like physical data loss and malicious on-site attacks to the IT infrastructure can be eliminated by implementing the cloud computing framework. Cloud computing provides faster, safer and cheaper delivery of IT services within an enterprise which makes it more and more relevant for every organization.

Source: RightScale 2017 State of the Cloud Report

Presenting the Secure Cloud project at the NetFutures 2017 concertation meeting

Chocolate Cloud’s CEO Daniel Lucani was invited to present at the CloudWatch Concertation meeting as part of the NetFutures 2017 Conference. The conference, held on 28-29 June in Brussels, aimed to identify the direction market players need to take to make the cloud a trusted and resilient commodity that can enable innovation in Europe.With the market in mind, participants came together in a series of thematic break-out sessions to identify future priorities for interoperability and security standardization efforts.

During the Achievements and New Directions for the EC Clusters” session, newly-funded projects were invited to present their objectives and identify how they can contribute to the already active clusters. The session also showcased the achievements of the clusters since their launch and focused on revising objectives based on the activities of new projects and EC expectations.

As a part of the H2020 Secure Cloud project, our CEO presented the project and talked about some of the main challenges in cloud computing – data protection, security and privacy with emphasis in the use of Intel SGX hardware capabilities to enable secure processing as an critical and unique feature to future Cloud services.

Don’t WannaCry? So BACKUP!

May 12, 2017 saw one of the biggest global cyberattacks in recent years. The WannaCry ransomware cryptoworm managed to infect more than 230,000 computers in over 150 countries within a day.  WannaCry targeted computers worldwide running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It spreads across local networks and the Internet to systems that have not been updated recently and can infect any exposed systems.

To avoid infection users can take some simple steps, such as: 

  • update to the latest version of Windows
  • use antivirus software
  • do not open unexpected email attachments
  • don’t download pirated movies, music or software 
  • and of course: BACKUP all your files.  

A ransomware attack leaves you with very few options for getting your files back.  One of them is to pay the ransom, although you can never be sure that you will receive the decryption keys as you were promised. The other option is to restore a backup.  If you value what is kept on your computer, it is wise to take steps to protect your files from unexpected loss.  

Many users regularly backup their files to their computer hard drive. In case of a total computer breakdown though this will not protect your information. Saving data to a separate location is a much better way to protect your files and can be also easily done if you have an external hard drive to back up onto.

However this method is as secure as the device you are backing up to.  When you save your files on a physical device, you need to keep the device in a different location than your computer and that can easily lead to damaging it or losing it. Besides, you may always forget to copy your files as often as you should which leaves a big amount of recent work unprotected.

A more effective and safe method of securing your valuable files is online backup. In case of a ransomware attack as WannaCry, which damages your computer and all your files, you are still going to have remote access to your information from any device with internet access. This means you can get your files quickly and easily restored to your computer from a secure online server.

Here at Chocolate Cloud we are aware of potential threats facing your data and we know how important it is for you to protect it. That is why we are working every day to provide data privacy and secure backup to our customers.

Want to learn more about Chocolate Cloud’s solutions and how we can help you protect your data, please contact us at: info@chocolate-cloud.cc.

Security in Cloud Computing: Chocolate Cloud’s Multi Cloud Manager

Cloud computing and cloud storage services have transformed the world of data storage for companies. Users can now store a vast amount of data in a cloud, without additional hardware or software costs, enabling fast and easy access to one’s information from anywhere. Although it is a very convenient way for storing data, there are always potential problems with utilizing and relying on only one cloud storage provider. Surveys show that two of the biggest challenges in cloud computing in 2017 are the lack of expertise and lack of security.  

Over the years we have witnessed cloud storages shutting down their doors for their customers as well as many hacker attempts to compromise data. We even witnessed the Amazon S3 system outage in 2017. This comes to show that there are a lot of threats out there users need to be aware of, and the best way to avoid them is to choose very carefully their cloud strategy.

Now the question is how can cloud storage users avoid the danger of losing or not being able to access their valuable cloud files because of the issues mentioned before? The answer is to utilize multiple cloud accounts in a combination with effective cloud storage manager like Chocolate Cloud’s multi cloud manager. Surveys show that in 2017, 85 % of enterprises have implemented a multi-cloud strategy.

Users are now able to use multiple cloud storage accounts together and access all of their cloud files with the ease of a single cloud management interface, while at the same time dependency on one cloud storage provider is being reduced. A good cloud storage aggregator like Chocolate Cloud’s solution allows users to manage several cloud storage providers and the information stored on various clouds. Using our solution to distribute coded data across multiple locations means that attacker needs to compromise multiple locations before having any chance to look at your data. Your data is completely safe and you are the only one who has full control over it. Utilizing multiple cloud providers along with efficient cloud storage aggregator is the ideal solution to avoid any possible threat that might come across with relying on a single cloud provider.

Want to know more about how we can help you protect your sensitive data, please contact us at info@chocolate-cloud.cc .