Cloud Security

SRC expands compe­tencies in Cloud Security

Cloud computing sets high standards for IT security

Cloud computing and cloud security has long since become the norm, and more and more companies are outsourcing parts of their infra­struc­tures and services to the cloud in order to be able to act more flexibly.

However, the security challenges in the cloud go beyond tradi­tional IT security require­ments. For example, it must be techni­cally guaranteed that only autho­rised persons have access to the sensitive data. Special care must be taken to secure the cloud management interface. The biggest organ­i­sa­tional challenge is the distri­b­ution of security respon­si­bil­ities among several parties. This is exactly what must also be taken into account when drafting contracts and fulfilling compliance requirements.

Incorrect config­u­ration of cloud accounts — billions of data freely acces­sible in the Web

A recent incident also shows how sensitive this issue is. Due to faulty config­u­ra­tions of Amazon Cloud Simple Storage Services (Amazon S3) storage units and web servers, a number of confi­dential documents ended up freely acces­sible to everyone on the net. These included payrolls, confi­dential patent appli­ca­tions and secret construction plans for products in the devel­opment process. According to the report of the security company “Digital Shadows”, about 1.5 billion data have landed on the net. Especially confi­dential data, such as internal reports, photos of department stores or data centers or lists of security holes in internal company software, can be misused by attackers for hacker attacks on the company or for theft.

SRC employees acquire Certificate of Cloud Security Knowledge

SRC accom­panies its customers in these challenges with compe­tence. For this purpose, several employees have acquired the Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance.

The CCSK is the first Cloud Security Certificate offered by the world’s leading cloud security provider, the Cloud Security Alliance. The Cloud Security Alliance is a non-profit organ­i­sation and develops — in cooper­ation with ENISA — the vendor-independent standard for cloud security. By acquiring the certificate, SRC employees gained the necessary breadth and depth of knowledge to implement holistic cloud security programmes to protect sensitive infor­mation according to globally recog­nised standards.