Bundesverband IT-Sicherheit eV (TeleTrusT) publishes “Cloud Security” guidelines. Cloud computing is now a widely accepted IT operating model and is used by most companies.
Many IT providers have changed their strategy to "Cloud First", some even to "Cloud Only". The threat situation has also changed: cloud platforms are increasingly in the focus of cybercrime. The secure use of cloud services is therefore a central component of the IT security of companies as a whole. The TeleTrusT guide "Cloud Security" is primarily aimed at small and medium-sized companies. It includes a systematic examination of the risks involved in using cloud services, broken down into general IT risks, cloud-specific risks and legal requirements. The security advantages of cloud services are also emphasized.
Freely available guide for companies
The guideline shows technical, organizational and legal measures to reduce and control the identified risks. In addition to mechanisms and configuration options that are an integral part of cloud services, the focus is on external security mechanisms: Identity Providers, Cloud Access Security Brokers (CASB), Cloud Encryption Gateways, E-Mail Security Gateways, Cloud VPNs, Cloud Firewalls, Confidential Computing , Backup and contingency planning.
In the area of organizational measures, the distribution of tasks between provider and user as well as the drafting of contracts are discussed. The guideline concludes with a consideration of attestations and certificates in the cloud environment.
Assess the cloud environment correctly
Oliver Dehning, head of the TeleTrusT-AG “Cloud Security”: “Cloud computing is now a widely accepted IT operating model. Most companies today use cloud services in some form. Many IT providers have changed their strategy to "Cloud First", some even to "Cloud Only". According to Gartner, global spending on public cloud services will amount to USD 2021 billion in 304,9, a growth of 18,4% compared to 2020. The pace of growth will be accelerated by the corona pandemic. By 2024, the share of spending on cloud computing is expected to grow to 14,2% of company spending on IT, compared to 9,1% in 2000. For companies, the question therefore hardly arises whether cloud computing can be used, but rather how – especially with regard to IT security. The threat situation has also changed: cloud platforms are increasingly in the focus of cybercrime.”
Secure use of cloud services
The secure use of cloud services is therefore a central component of the IT security of companies as a whole. Small and medium-sized companies in particular must be supported. They often do not have the necessary capacity to develop their own expertise. The TeleTrusT guide "Cloud Security" is therefore primarily aimed at small and medium-sized companies. It is intended to provide an overview and assistance for the secure operation of cloud services.
More at TeleTrust.de
About Bundesverband IT-Sicherheit eV (TeleTrusT) The Bundesverband IT-Sicherheit eV (TeleTrusT) is a competence network that includes domestic and foreign members from industry, administration, consulting and science as well as thematically related partner organizations. With its broad membership and partner organizations, TeleTrusT embodies the largest competence network for IT security in Germany and Europe. TeleTrusT offers forums for experts, organizes events and participation in events and expresses itself on current issues of IT security. TeleTrusT is the holder of the "TeleTrusT European Bridge CA" (EBCA; PKI trust association), the expert certificates "TeleTrusT Information Security Professional" (TISP) and "TeleTrusT Professional for Secure Software Engineering" (TPSSE) as well as the trust mark "IT Security made in Germany ". TeleTrusT is a member of the European Telecommunications Standards Institute (ETSI). The association's headquarters are in Berlin.