IBMs Cloud services were recently certified with the BSI C5 catalogue –> link
BSI (Bundesamt für Sicherheit in der Informationstechnik) is the German cyber security service provider of the confederation. Their goal is the secure usage of information and communication technology. BSI wants to make aware that IT-security is an important topic in our days and that each company is self-responsible for their IT security strategy.
C5 (Cloud Computing Compliance Controls Catalogue) – 5 ‘C`s’ – specifies an overall valid base-line for cyber security a Cloud provider should fulfill. The security of Cloud providers that are not C5 certified is not generally bad… the problem is that providers interpret security in slight different ways.
C5 makes those requirements now measurable, comparable and easier for customers to judge the providers security.
The catalogue relies on well-known security standards such as ISO/IEC 27001 with modifications and additions.
C5 differs to other security standards with additional parameters for the environment:
- data location
- service delivery
- mandatory disclosure
This is a step into the right direction – well done IBM!
Security of a cloud enabled system is still the biggest factor for companies to not move their applications into the cloud.
When we drive a cloud POC with our customers, security is always the most sensitive topic. Comparing cloud providers is rather challenging, as the description of security related actions in whitepapers differs in content and quality.
C5 makes it now easier – you do not need to go through all parameters in detail. BSI and its security experts did most of the work for us and we or our customers task is now to compare what the cloud providers offer “on-top” in terms of security. Besides offered services and price, this is one important unique selling point.
Let`s now follow how IBM, AWS and Azure convince their customers that they offer the most secure services.