In this overview, you will find – without claiming to be exhaustive – introductory information about the Security of cloud services.
Cloud computing offers numerous potentials in terms of flexibility, cost advantages, and other factors. The possible uses range from simple data transfers to data backup in the cloud to the use of software as a service, where an external IT service provider operates software and IT infrastructure. In this way, depending on the constellation, costs can be reduced, for example, by requiring fewer local IT resources.
In addition to the pure IT infrastructure, the cloud also forms the basis for entirely new process designs or business models. A typical example is collaboration tools, applications that enable various actors to work together on specific data or projects stored “in the cloud.” Further examples can be found in faster image processing in the medical field, more efficient order processing in agriculture, or in logistics – the possible uses are ultimately virtually unlimited.
As with any IT application or infrastructure, cloud services are associated with various security issues. In addition to technical and organizational aspects, these also include legal issues such as protecting personal data. In the public discussion, the range of cloud security assessments ranges from blanket rejection to the consideration that a single company can only achieve the high level of Security of a specialized cloud provider with great effort.
Cloud Security And Standards
Accordingly, cloud providers are also required to monitor and implement existing and changed legal requirements continuously.
In recent years, various approaches have developed on this basis, detailing the security requirements for cloud services and providers. The typical requirements range from compliance with basic IT security standards such as the ISO / IEC 2700x series to the use of state-of-the-art encryption methods and protection against, for example, DDoS attacks to ensure availability.
The basic idea behind the corresponding standards is, on the one hand, the definition of state of the art, to which reference is made in various legal bases and which can thus be relevant as a benchmark concerning questions of liability or decisions on fines. On the other hand, standards can also be contractually agreed upon between the provider and user if required, which is particularly common for projects in the B2B area.
Labels And Certification
In areas ranging from product quality to organic food, numerous certifications and labels are intended to increase customer confidence in certain products. In most cases, these are awarded by private-sector organizations based on previously defined catalogs of requirements. Corresponding offers also exist concerning the Security of cloud services.
However, in cloud services, in particular, the security requirements are comparatively extensive and complex. Therefore, in connection with labels, it should be noted that providers or services without a specific brand are not automatically “unsafe.” A title can be the first indication, but the actual security requirements and measures require an in-depth analysis on a case-by-case basis for all cloud projects that go beyond standard applications.
In this respect, the respective standards and catalogs of requirements can be used in several ways, for example:
- For cloud providers as a basis for implementing and documenting security measures according to the state of the art
- As a basis for a corresponding certification or the receipt of a label as a cloud provider
- Independent of labels in the sense of a checklist for the consideration of security aspects in the context of cloud project.