30. May 2023 | Partner News, Press Releases

Secure and sovereign: CANCOM presents prototype of its trust platform

  • CANCOM intensifies collaboration with HPE to add advanced security and sovereignty features to its cloud service offering
  • In development is a secure cloud environment with automated trust platform based on the CANCOM Dynamic Cloud
  • Customers benefit from even more secure IT operations with full control and traceability of where data and workloads reside

In collaboration with Hewlett Packard Enterprise (HPE), CANCOM has developed the first prototype of a secure German cloud environment with an end-to-end trust chain from chip to application. A trust platform continuously and automatically provides a technical “trust chain” across infrastructure, operating systems and workloads. The future offering, consisting of cloud security and sovereignty features, is aimed at all players with an increased need for secured workloads, especially the public sector, healthcare or finance. CANCOM is thus responding to the growing demand for greater security and sovereignty in the use of cloud services.

Data sovereignty and security are decisive factors in ensuring the future innovation, competitiveness and resilience of German and European companies and organizations. On the one hand, it is a matter of being independent of cloud and technology providers and retaining control over one’s own data. On the other hand, not only must the security of data and applications be guaranteed, but it must also be possible to trace where data and workloads are located at any time. Data sovereignty is also an important aspect in order to comply with legal IT compliance requirements.

CANCOM already offers its customers IT operations from German data centers with certified information security and availability in accordance with the applicable EU regulations as part of its Infrastructure as a Service offering. Now, hybrid IT service provider CANCOM has joined forces with global edge-to-cloud company HPE to develop a prototype for an innovative sovereign cloud offering that balances the use of cloud technologies and services with data sovereignty and security.

The further development of the CANCOM Cloud portfolio is aimed primarily at customers who have an increased need for secured workloads. This applies, for example, to players in the public sector, healthcare or finance. Not only do they need to know where data and workloads are at all times and ensure their security, but they also need to be able to prove this. The new innovative Zero Trust security and sovereignty features of the CANCOM Cloud will make this possible. In the future, they will enable companies to verifiably verify and attest to the location of data, thereby increasing their security at the same time.

Even for non-regulated industries, the sovereign cloud offering is highly relevant in view of the acute threat situation from cyber attacks due to the additional security layer.

Go-ahead for expansion of digital sovereignty partnership

The joint innovations to strengthen enterprise data sovereignty build on the long-standing successful partnership between CANCOM and HPE. At the same time, they are just the beginning of a long-term development partnership and collaboration in the area of digital sovereignty.

“Digital progress must be in harmony with data sovereignty. The goal is to provide our customers with a secure and sovereign cloud ecosystem that combines full control and traceability over the location of their data and the execution of applications. Strengthening sovereign IT operations and increasing the data security of German companies and organizations is particularly important to us,” says Winfried Grünert, Vice President Modern Datacenter at CANCOM.

“The procedure implemented together with CANCOM is based on the proven open source identity framework SPIFFE and its reference implementation SPIRE. It technically enforces verification and proof that a service is actually what it claims to be and that the computer on which it is running is not compromised,” says Hartmut Schultze, Business Architect, Hewlett Packard Enterprise. “As of today, this will be most relevant for customers with particularly high sovereignty and security requirements – but we expect such requirements to become standard in hybrid multi-cloud environments in the future.”

Zero Trust across all workloads

The sovereign cloud service concept developed by CANCOM in collaboration with HPE is based on a highly standardized and automated zero-trust security architecture and open stack technology. With it, they realize a secure cloud environment with a trust platform, which continuously and automatically provides a technical ” trust chain ” across infrastructure, operating systems, and workloads – in line with the credo “never trust, always verify”.

In order to ensure sovereignty, the location, platform and identities of the workloads involved must be technically attested as part of a common “trust chain”. The confirmation of the integrity and security of software services is therefore carried out by means of platform-independent, cryptographic identities via an open source system co-developed by HPE – comparable to a digital “ID card check”, in which the identities are continuously checked before certain services can be used.

Flexible booking via the CANCOM Cloud Marketplace in the future

While HPE supplies the required architecture modules and technology for the CANCOM Cloud, CANCOM takes over the provision and management of the cloud platform. It is planned that customers will be able to book the enhanced features as digital services via the CANCOM Cloud Marketplace and thus integrate them simply and easily into their existing IT landscape.


As a leading Hybrid IT Service Provider, CANCOM accompanies organizations into the digital future. We support our customers to simplify complex enterprise IT and increase their business success through the implementation of modern technology. In order to comprehensively meet the IT needs of companies, organizations, and the public sector, CANCOM delivers tailor-made IT end to end from a single source. 

The CANCOM Group’s range of IT solutions includes consulting, implementation, services, and the operation of IT systems. Customers benefit from the extensive expertise as well as a holistic and innovative portfolio that covers the IT requirements that are necessary for a successful digital transformation. As a hybrid IT integrator and service provider, we provide an integrated range of services and solutions including business solutions and managed services, such as cloud computing, analytics, enterprise mobility, IT security, hosting, and as-a-service offerings. 

The more than 5,600 employees of the internationally active CANCOM Group, with around 80 locations in the DACH region, Belgium, Slovakia, Romania and the Czech Republic, as well as an efficient partner network, ensure market presence and customer proximity. The CANCOM Group is managed by Ruediger Rath (CEO), Jochen Borenich (CSO) and Thomas Stark (CFO). The company’s headquarters are in Munich. CANCOM generated annual revenues of around €1.5 billion in 2023. The Group parent company CANCOM SE is listed on the Frankfurt Stock Exchange in the TecDAX and SDAX (ISIN DE0005419105).