The global and independent platform for the SAP community.
IT Management, MAG 17-10

Security boost for the cloud

More and more companies are outsourcing their data to the cloud. As a result, cloud compliance is becoming increasingly important - or at least it should.
E-3 Magazine
27 October 2017
Content:
Security boost for the cloud
avatar
This text has been automatically translated from German to English.

SMEs still take too much time to address the issue of cloud compliance. This can cost them dearly, because even when data is outsourced, the ordering company remains responsible for it.

Companies are therefore obliged to check whether their cloud provider meets the technical, legal, data protection and contractual security requirements.

The sooner they start, the more future-proof they are. Greater flexibility, lower costs and an extremely reduced administrative burden - the advantages of cloud computing are obvious.

At the same time, however, companies lose some control over their data when they place it in the hands of a cloud provider. The more sensitive the company and customer data, the stronger the security measures must be - and these must be checked.

If this does not take place, the managing director is liable. Basically, the same security requirements apply to cloud compliance as to IT compliance when the data is stored in the company's own data center.

Questions to be addressed include:

  • What data must have the highest level of security?
  • What does the emergency program look like, i.e., what happens if third parties obtain company-critical data such as research results?
  • Who has access to which data, where, when and for how long as part of the administration on the part of the cloud provider?

To be on the safe side, experts recommend getting monthly security reports from the service provider, which provide information about the security level and maturity of the service.

In short: although quite complex, cloud compliance is not magic, all in all. But of all things, many SMEs have an open flank when it comes to this topic.

While there is a minimum level of compliance everywhere, the matter is rarely pursued systematically and continuously. Resources are often lacking, sometimes know-how, and sometimes simply the awareness that action needs to be taken at all.

But a (too) phlegmatic attitude to cloud compliance can quickly cost money - not to mention the threat of a loss of image if the matter comes to light. There can be severe penalties from the legislature and claims for damages from aggrieved customers if insufficient protective measures have been taken.

"Especially smaller and mid-sized companies that don't have the resources to deal with cloud compliance in detail like large corporations should get external help here"

recommends Bernd Usinger, CEO of Gebhardt Sourcings, the parent company of Broker2clouds, which specializes in IT strategy consulting.

"This also has the advantage that the issue can be addressed holistically and continuously."

IT and thus cloud compliance means constant further development in order to optimize processes and to adapt company-defined security measures to constantly changing data protection regulations. The IT consulting company secures its customers with analysis tools specially developed for medium-sized businesses.

Conclusion:

SMEs, which benefit particularly strongly from outsourcing to the cloud because the cloud providers can usually guarantee a significantly higher level of compliance than they can themselves, must adapt their IT compliance in such a way that it is possible to continuously check the agreed and required security precautions of the service provider. Then, at the latest, medium-sized companies will also get a good boost in the cloud when it comes to cloud compliance.

Download as PDF only for members. Please create an account Here

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


All articles of the author

Write a comment

Aleph Alpha and the Innovation Park Artificial Intelligence (Ipai) Conduct Cutting-edge AI Research

Precisely Extends AWS Solution with Support for IBM

SAP Man in Davos

Work on SAP Basis is crucial for successful S/4 conversion. This gives the so-called Competence Center strategic importance among SAP's existing customers. Regardless of the operating model of an S/4 Hana, topics such as automation, monitoring, security, application lifecycle management, and data management are the basis for the operative S/4 operation. For the second time already, E3 Magazine is hosting a summit in Salzburg for the SAP community to get comprehensive information on all aspects of S/4 Hana groundwork. With an exhibition, expert presentations, and plenty to talk about, we again expect numerous existing customers, partners, and experts in Salzburg. E3 Magazine invites you to Salzburg for learning and exchange of ideas on June 5 and 6, 2024.

Venue

Event Room, FourSide Hotel Salzburg,
At the exhibition center 2,
A-5020 Salzburg

Event date

June 5 and 6, 2024

Tickets

Early Bird Ticket - Available until 29.03.2024
EUR 440 excl. VAT
Regular ticket
EUR 590 excl. VAT

Secure your Early Bird ticket now!

Venue

Event Room, Hotel Hilton Heidelberg,
Kurfürstenanlage 1,
69115 Heidelberg

Event date

28 and 29 February 2024

Tickets

Regular ticket
EUR 590 excl. VAT
The organizer is the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes the attendance of all lectures of the Steampunk and BTP Summit 2024, the visit of the exhibition area, the participation in the evening event as well as the catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due time.