What advantages do cloud standards and certificates offer?
Unless, it belongs to their core business, hardly any entrepreneur or decision maker is expert in the field of cloud services. This automatically means uncertainty when it comes to selecting the appropriate service. How can users know whether a service is legally compliant, for example, or will handle their data securely?
Certificates and standards gives initial guidance and facilitate expansion into this innovative technology. Based on a qualified and independent audit, they make statements about the security and trustworthiness of a service.
Now there is not "one certificate" or "one standard", but a variety of different standards and certificates with various areas of emphasis. Depending on what your requirements are, different standards or certificates can be consulted to help you make the right choice.
How do I know which cloud standards and certificates are relevant to me?
Various factors may be relevant to finding the right cloud provider for your business. To help you make the right choice among the various providers of cloud solutions, it is worth taking a look at their certification. You should ask yourself:
Do I work for a nationally or internationally operating business?
If your company is predominately active at national level, certificates with a regional focus on your country may be sufficient. If you work for a global company, you should also look for providers who hold European and international certificates.
Which certificates are most important to me in the use of cloud computing?
Different certificates also set different priorities with regard to the inspection and assessment of cloud services. While some certificates focus on data and information security, others put emphasis on transparency and service orientation.
You will find an overview of the most important cloud standards and certificates in the download section below.
The Trusted Cloud Data Protection Profile (TCDP) for cloud services is the testing standard for the data protection certification in accordance with the German Federal Data Protection Act [Bundesdatenschutzgesetz (BDSG)] developed as part of the Trusted Cloud technology program of the Federal Ministry of Economics and Technology [Bundesministerium für Wirtschaft und Energie (BMWi)]. It represents the legal requirements for subcontracted data processing as a testing standard and, in this respect, differs from data protection quality seals. TCDP is currently available in a 1.0 version that was published in Septembre 2016.
With the Cloud Computing Compliance Controls Catalogue - C5, the BSI (Bundesamt für Sicherheit in der Informationstechnik - Federal Office for Information Security) outlines the requirements which, in its view, cloud security must fulfil as a minimum. It also outlines the specifications for cloud security certification and is thus aimed at cloud service providers, as well as their auditors and customers.
This list is provided by the European Union Agency for Network and Information Security (ENISIA) and offers an overview of various existing certification schemes that may be relevant for cloud users. It describes the most important attributes of the individual certification schemes and answers questions such as: "What standards are applied?", "Who provides the certification?", "How is the cloud service provider audited?", "Who carries out the audit?"
The study provides an overview of the existing standardisation environment for cloud computing on a German, European and international level. It provides a strategic framework for action and develops regulatory recommendations for action in order to create the basis for a German roadmap for standardisation in cloud computing.