SRC expands competencies in Cloud Security
Cloud computing sets high standards for IT security
Cloud computing and cloud security has long since become the norm, and more and more companies are outsourcing parts of their infrastructures and services to the cloud in order to be able to act more flexibly.
However, the security challenges in the cloud go beyond traditional IT security requirements. For example, it must be technically guaranteed that only authorised persons have access to the sensitive data. Special care must be taken to secure the cloud management interface. The biggest organisational challenge is the distribution of security responsibilities among several parties. This is exactly what must also be taken into account when drafting contracts and fulfilling compliance requirements.
Incorrect configuration of cloud accounts — billions of data freely accessible in the Web
A recent incident also shows how sensitive this issue is. Due to faulty configurations of Amazon Cloud Simple Storage Services (Amazon S3) storage units and web servers, a number of confidential documents ended up freely accessible to everyone on the net. These included payrolls, confidential patent applications and secret construction plans for products in the development process. According to the report of the security company “Digital Shadows”, about 1.5 billion data have landed on the net. Especially confidential data, such as internal reports, photos of department stores or data centers or lists of security holes in internal company software, can be misused by attackers for hacker attacks on the company or for theft.
SRC employees acquire Certificate of Cloud Security Knowledge
SRC accompanies its customers in these challenges with competence. For this purpose, several employees have acquired the Certificate of Cloud Security Knowledge (CCSK) from the Cloud Security Alliance.
The CCSK is the first Cloud Security Certificate offered by the world’s leading cloud security provider, the Cloud Security Alliance. The Cloud Security Alliance is a non-profit organisation and develops — in cooperation with ENISA — the vendor-independent standard for cloud security. By acquiring the certificate, SRC employees gained the necessary breadth and depth of knowledge to implement holistic cloud security programmes to protect sensitive information according to globally recognised standards.