ISO 27001: Trust is good, certification is better

IT security and data protection are fundamental cornerstones for every cloud provider. But how do companies know that what is promised on the website is true? This is where certification authorities come in, checking and certifying the facts. Examples of particularly relevant certifications in the industry are ISO 27001, one of the most important international IT security certifications, ISO 27018, the data protection standard for cloud services, and the Trusted Cloud label, which aims to create transparency and trust in cloud technologies.

The responsibility of cloud providers

IT security should have a high priority in every company. But this is especially true for cloud providers. Here, security problems affect not only their own business, but also the business of the companies that use the cloud service. Their customers and partners can also be affected as a result.

In addition, if IT systems and IT processes are poorly set up, the availability of the cloud services offered cannot be relied on properly. And any impairment of cloud services naturally has an impact on their users. A well thought-out and consistent IT infrastructure, on the other hand, reduces failure risks and potential follow-up costs.

Cloud providers therefore bear a high level of responsibility when dealing with their own processes and their customers’ data. They must build processes consistently, store data securely and protect the IT infrastructure against attacks. So there are many good reasons for companies to take a close look at providers.

But how can companies be sure that the provider delivers what it promises? They can take a look at customer references, for example. They can research whether there have been problems in the past and if so, how they were solved. They can rely on the reputation, and sound trust is good too, but certification is better.

To obtain this certification, cloud vendors have their information security management checked by external experts. This independent third-party testimony gives companies confidence in their choice of provider.

The importance of ISO 27001

ISO 27001 is the internationally leading standard for information security management systems (ISMS). In 2005 it was published internationally for the first time and in 2007 as DIN standard in German translation, and since then it has been updated again and again. Worldwide recognition is important, since cloud providers also offer their services mostly across borders.

This standard sets requirements for the establishment, implementation, maintenance and continuous improvement of a documented information security management system. These requirements vary depending on the structure and objectives of an organization, thus enabling flexible adaptation to specific business realities.

A risk management on the cutting edge

A balance of optimal use and optimal protection of data is aimed at. The integrity of the overall system is to be ensured, business secrets protected and work processes safeguarded from disruption. The approach is to identify and solve problems before security gaps occur.

The inventory of data, processes and hardware is determined, priorities are identified and made transparent, and the question is answered which data or processes are particularly sensitive and business-relevant and therefore require special protection.

Central to success is that not only the IT department deals with information security, but the entire company, i.e. all hierarchical levels and all departments are part of the process. Everyone must be involved, especially all areas of management.

It is also important to train employees and to create and practice emergency plans. Responsibilities should be clear and everyone should know what to do.

ISO 27001 also requires recurring checks by internal auditors to identify risks and optimize monitoring and protection measures. Thus, the IT infrastructure certified in this way is also prepared for previously unknown threats.

If a hacker should ever manage to overcome the security measures, the certified company is so well prepared that it can react quickly and contain the damage quickly by means of practiced procedures.

What ISO 27001 certification guarantees

The company …

meets the requirements and objectives of information security.
has developed a cost-efficient security risk management system.
has a clear guideline for planning, implementation, monitoring and improvement of information security.
complies with laws and regulations.
has the necessary competencies in the area of IT security.

Being certified means that the IT infrastructure has been tested and found to be resilient so that risks such as data loss, information misuse, cloud service failure or disruption of business activities are minimized. The security of data and systems is taken seriously. Not only on the website, but throughout the entire company.

OTHER IMPORTANT CERTIFICATIONS

ISO/IEC 27018

This standard defines a data protection standard for cloud services that specifically addresses the data protection requirements for cloud computing. It examines what protective measures the cloud provider has taken for personal data.

Certification means that legal requirements have been met and security risks minimized, and that a high level of data security and data protection is in place.

Trusted Cloud

Trusted Cloud is a label for cloud services on the German market awarded by the “Kompetenznetzwerk Trusted Cloud e.V.”. This is actively supported by the Federal Ministry of Economics Affairs and Energy. Its members include the Bundesverband IT-Mittelstand, the Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V. (Bitkom) and the Fraunhofer Society.

In addition to questions of IT security and data protection, Trusted Cloud also looks at other criteria relevant to cloud users, such as contractual conditions or the location of the data center. It is intended to give users the assurance that the certified cloud offerings meet the requirements of transparency, security, quality and legal conformity.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by us, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_YXMZ98M2VB	2 years	This cookie is installed by us for Analytics.
_gid	1 day	Installed by us, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
mautic_device_id	1 year	This cookie is set by the provider Mautic.This cookie is used for identifying visitor across visits and devices. Mautic cookies are used for supporting marketing activities.
mautic_referer_id	30 minutes	This cookie is set by the provider Mautic. This cookie is used for marketing purposes. It heps in tracking people submitting forms.
mtc_id	session	This cookie is set by the provider Mautic.This cookie is used for setting unique ID for visitor, to track visitor across multiple websites inorder to serve them with relevant advertisements. Mautic cookies are used for supporting marketing activities.
mtc_sid	session	This cookie is set by the provider Mautic.This cookie is used for setting unique ID for visitor, to track visitor across multiple websites inorder to serve them with relevant advertisements. Mautic cookies are used for supporting marketing activities.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-64546682-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
AnalyticsSyncHistory	1 month	No description

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
li_gc	5 months 27 days	No description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_chatwoot_session	session	No description available.
cw_conversation	1 year	No description

Cookie	Duration	Description
csrf_token	10 years	No description available.
new_session	session	No description available.
session_data	10 years	No description available.
show_cookie_banner	session	No description

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

On Demand Cloud

Private Cloud

Compute

Storage

Network

Database

Marketplace

ISO 27001: Trust is good, certification is better

The responsibility of cloud providers

The importance of ISO 27001

A risk management on the cutting edge

What ISO 27001 certification guarantees

OTHER IMPORTANT CERTIFICATIONS

Solutions

Compute

Dev Tools

Storage

Network

Community