Securely and with a good feeling in the cloud

Everyone is talking about the cloud. Mostly positive - but negative headlines are also doing the rounds. For example, the fire at a data center in Strasbourg in March 2021 brought home the reality that the cloud is also infrastructure and not a globally distributed service that nothing can harm so quickly. The major cloud providers are making efforts to distribute cloud services across multiple data centers, but are caught between the distance and the resulting physical delay and the redundancy of the services offered.

In our daily contact with our customers’ CIOs, we are often presented with guaranteed availability from cloud providers - but this should not be forgotten: There is a huge difference between the availability of services and the total loss of a company’s data - for whatever reason - which cannot simply be represented in a percentage figure of 99.xxx.

To ensure that data security does not become a lottery game with a greater or lesser probability, the infrastructure of a cloud provider, as well as the company’s connection and all processes, must be checked.

We believe that every company should seek support for the steps from the conclusion of the contract to the end of the contract with a cloud service provider. The certainty that an independent third party will carry out an assessment of the commissioned services and connections to the cloud with security criteria according to the required protection needs gives CIOs and CSOs the necessary security.

A cloud assessment looks at the following areas, for example:

Cloud service and scoping: Are all services set up correctly and integrated into the processes? Are the required certifications for the industry available, e.g. TISAX in the automotive industry? Have all network diagrams and functional descriptions been created?
- Cloud Governance, Risk & Personnel: Has a governance strategy been set up? Have tools for monitoring and reporting been implemented and integrated into the security strategy? Are regular risk and security assessments carried out? Are financial controls for cloud services set up correctly?…

• Access Management: Are the security guidelines and the roles and rights concept adapted to the cloud environment? Is encryption within the cloud and in transport ensured and represented by an encryption concept? Are backdoors available for administrative purposes?
  Data Security: Which data is worthy of protection in the cloud? How does the cloud provider protect the data and ensure security and integrity? How is the encryption concept integrated and implemented via transport to the end device?…
• Network: Is there an understanding of the paths and interfaces how each data packet is transported from the corporate network to the cloud service provider and back? Is DDOS Protection implemented, especially through private ports? Is the need for express routes clarified and implemented?…
• User Device Management: Are there workflow diagrams between devices and networks? Has an MDM policy been adapted to the cloud environment? Has a Cloud Access Security Broker been implemented? If so, who manages the policies?…
• …
  These are just a small sample of the questions that arise before or during the journey to the cloud. We like to work on these questions with our cloud experts in our customers’ in-house and develop solutions, step by step - and thus ensure a secure cloud environment.