In this article, you will find out:
- which ISO certifications deliver for optimal data protection and IT security.
- which of these certifications Open Telekom Cloud already has.
- what effect the new Trusted Cloud seal will have on unified European data security.
Trusted Cloud Seal is on its way
When choosing a cloud service, price and performance top the list-- but what else should you consider? Across Europe and especially in Germany, IT security / data protection is also high on the list of priorities for potential cloud users.
As with any contracted IT service, basic legal requirements must be covered for the cloud and this includes IT security and data protection.
Every company must comply with these requirements for their business-related data. If IT resources are contracted to an external supplier rather than dealt with in-house, these obligations are passed on to the contracted company. The customer (the EU calls them a “controller”) must ensure and monitor that the IT supplier (the “processor”) fulfils the legal regulations.
From an IT security point of view, it isn’t particularly helpful for IT providers to have their customers forming an orderly queue outside their data centres (“The next tour in English starts at 2:45…”). Thanks to independent third-party certification, lawmakers have found a solution to allow controllers and processors to meet their legal obligations.
The mother of all certificates: ISO 27001
ISO 27001 is today’s standard certification. It stipulates the requirements for an information security management system that covers the IT risks within the entire organisation. Even in the age of the cloud, it still has its uses. As a minimum, cloud providers should have achieved this.
When looking for specific cloud certification, companies are confronted with different national, international, and trade association initiatives.
Cloud Security Alliance: Star Certification
The Cloud Security Alliance’s (CSA) Star Certificate is recognised internationally. Many providers use this self-assessment option in which they certify themselves. Open Telekom Cloud commissioned a third-party audit by TÜV Austria and achieved CSA Star Level 2 Gold (the certificate expired on July 22, 2021). Any provider’s certification status can be checked on the CSA website. Furthermore, release management for each cloud is part of the certification. This means whenever new features and services are introduced, the certification is still valid.
Further certification from the ISO family
ISO 27017 and ISO 27018 certificates, offshoots from the ISO family, have become widely recognised for data security and protection in the cloud. These de-facto standards are currently referred to as non-binding certificates with no real substance but they are frequently required. Open Telekom Cloud has also successfully completed this certification process in December 2016.
German initiative: Trusted Cloud
An initiative by the German Federal Ministry for Economic Affairs and Energy (BMWi) is currently making waves in Germany. Deutsche Telekom representatives have also been involved in the Trusted Cloud initiative and testing criteria has been developed. The introduction of the certification was confirmed in September and an accreditation body is currently being chosen so official certifications can start during the course of the next year.
The best thing about this certification is that providers who carry the Trusted Cloud seal have a sort of all-round worry-free service. If German Federal Authorities or German firms use providers with this certification, they are certain to be on the safe side, knowing that providers will (for them) fulfil all the data security and data protection requirements laid down by law in Germany. The Trusted Cloud seal is therefore an entry card to Germany for cloud businesses.
The trend is not confided to Germany, though. Trusted Cloud is as been recognised by the European General Data Protection Regulation (GDPR), passed by the EU in April. GDPR will replace the current Data Protection Directive which has been the standard since 1995. The requirements of the GDPR are already built-in to the Trusted Cloud Seal, making Trusted Cloud certification an entry card for European business.
With Trusted Cloud, the confusion around data protection and IT security will come to an end. In fact, the new seal will significantly simplify cloud agreements, ensuring both sides that they made the right decision.
Do you have questions?
We answer your questions about testing, booking and use - free of charge and individually. Try it! Hotline: 24 hours a day, 7 days a week
0800 33 04477 from Germany / 00800 33 04 47 70 from abroad