At the same time, the private data room must of course be protected from external infiltration so that no malicious code can enter the secure data room. In this respect, if a high level of protection is required, incoming data must always be brought in through airlocks and data washing stations.

The information from the private data room only leaves the secure data room via approved predefined channels - it is neither organizationally nor technically possible to spy out such information. This includes all data in the Private Data Room, especially authentication data such as passwords, PINs for chip cards, etc.

Protection against spying is organized in such a way that it protects against attacks by IT administrators, unauthorized users and, as far as possible, against illegal data theft and negligence on the part of authorized users. This means that IT administrators and IT staff must never have access to the plain text of the data in the secure data room - not even through network analysis - but must still be able to carry out their standard system management tasks: e.g. backup recovery, checking IT availability, troubleshooting, etc.

Data exchange between different IT elements in the private data room is regulated in such a way that data transfer can also only take place in authorized channels, i.e. no data copies via screenshots or copying and transfer via a clipboard are possible.

Applications that have special authorizations can be technically authorized to do so. All applications in the secure data room are registered and authenticated. Every security-relevant action is logged. Actions that would change the security of the overall system require strong multi-factor re-authentication and, if necessary, four or more eyes.

Since IT management in the secure data room must be carried out without further IT knowledge, special security-conscious dialogs guide the user through the management process. The customer defines the protection requirements and determines whether all protection elements should be implemented or whether individual elements should be omitted for reasons of cost or convenience.

Sensitive information only leaves the secure mobile workstation via approved predefined channels - this includes network connections as well as local data carriers or printouts on external printers. Sensitive information includes all data from the secure mobile workstation that is worth protecting, in particular authentication data such as passwords, PINs for chip cards, etc.

Protection against spying is organized in such a way that it also protects against unlawful data theft and negligence on the part of mobile system users. The secure mobile workstation is also protected against infiltration from outside, so that no malicious code gets “inside”.

Data exchange between the mobile workstation and the network is regulated in such a way that data transfer can also only take place in authorized channels, i.e. VPN tunnels can be strictly specified and even certain strongly authenticatable network cards with predefined encryption properties can be required.

These are then normally also portable. Data copies through local transfers can be controlled as granularly as required. All applications at the secure mobile workstation are registered and authenticated. Every security-relevant action is logged. Situation-aware dialogs guide the mobile user through the special features of their mobile workstation.

1. protection against malware at the data access point 

• Check all incoming files for:
  

  - Obfuscation through encryption, archives, embedding.

  - Production of plain text, taking into account user dialogs for decryption.

  - Detection of embedded, executable code (exe, DLL, Java, macro, ...).

  - Cleaning of data with (embedded) executable code by mapping to suitable formats with suitable processes (depending on protection requirements through hardware separation).

• Control of all processes to be started and assignment to an application prevents malicious code.
• Seamless embedding of any third-party products, e.g. anti-virus programs.

2. protection through hardware control

• Identification and inventory of initial hardware.
• Extended functions for the personalization of hardware to differentiate between identical elements.
• Prohibition of unauthorized hardware.
• Protection against the unauthorized insertion or replacement of hardware such as hard disks, network cards, etc.
• Protection against hidden malicious code on authorized hardware (e.g. BadUSB).
• Protection against hidden channels when devices communicate with operating systems and applications.

3. protection through application control 

• Every application is “checked in” to the system.
• Each application is identified and authenticated before it is started.
  User authorizations on applications ensure that not every user can start particularly sensitive applications.
• Content filters regulate the rights space of the application - only special applications can access security-critical information such as root certificates.
• Each process start is clearly assigned to an application and a user.
• Fine-grained control of data exchange between the applications (clipboard, print screen, file access differentiated by drive, directory, read, write ...).
• The content-specific rights of the applications, which can also have a higher value than the user rights, make it possible to map secure processes together with the automation, in which the user cannot intervene. These processes are necessary, for example, for new data access in order to encrypt the data appropriately the first time it is saved.

4. content control and pattern check

• Content control of each file when reading and writing for fake file names, embedded executable code, ...
• Access rights to file types can be set individually per computer, per user, user group, per data location (incl. cloud, hardware, hard disk, directory name, logical or physical path, network shares), per file name, per application, per context of action - multiple wildcards are supported where appropriate.
• Content filters regulate the monitoring of file types in detail
• The content of each file type is checked:
  
  - Is the file content authentic?
  - Are unwanted elements embedded in the file?
  - Blocking of undesired file content, identification of desired file content.

5. protection against data loss 

• All channels for the “removal of data are checked and in accordance with the defined guidelines:
  
  - Blocked
  - Approved with assumption of liability and logging
  - Logged
  - Forcibly encrypted
  - Modified if necessary (e.g. shortened or changed in data format - e.g. printout prohibited)
  
  
• Audit-proof logging of all processes and content.
• Algorithms for secure deletion of data are automatically applied correctly for each data carrier.

6. protection through print control 

• Prohibition of unauthorized printouts.
• Authorized printouts are individualized with a watermark so that each page of each printout is visually different - the watermark can be machine-readable and / or human-readable if desired.
• Printouts are archived in the actual printed format in an evidence-proof manner - access to the archive can be individually protected by roles and also four- and multi-eye authentication.