It is the most important certification in the area of public cloud computing: The C5 catalogue of requirements from the Federal Office for Information Security (BSI) certifies that cloud providers offer the maximum level of security. The Open Telekom Cloud fulfills all the requirements of this catalogue, according to the most recent certificate.
BSI C5 certifies security, transparency and data protection
The requirements include the so-called environmental parameters: "They provide information on the data location, provision of services, place of jurisdiction, certifications and duties of investigation and disclosure towards government agencies and contain a system description," the BSI writes on its website. "The resulting transparency makes it possible for potential cloud customers to decide whether legal regulations (such as data protection), the customers’ own guidelines or also the threat scenario regarding industrial espionage make the use of the respective cloud service appear appropriate.”
The BSI C5 is regarded as the de facto standard in the cloud industry. Many companies wishing to use public cloud services will make a BSI C5 certification a requirement when choosing their provider. To obtain the certificate, the Open Telekom Cloud had to provide evidence in 17 thematic areas ranging from the organization of information security to physical security.
Open Telekom Cloud meets SOC 2 Type 1 requirements
In addition, with the certificate for BSI C5, the Open Telekom Cloud has also fulfilled the requirements of the US test protocol SOC 2. SOC stands for Service Organization Control. The certificate complies with the requirements of the American Institute of Certified Public Accountants (AICPA). It assesses service providers with regard to security, availability, processes, integrity, confidentiality and data protection.
The Open Telekom Cloud currently meets the SOC 2 Type 1 requirements, which means that auditors have checked the platform for its design by means of guidelines or process descriptions. Next, Deutsche Telekom will strive for Type 2 certification. Cloud providers who receive a Type 2 certificate for their offer have demonstrated that the design of their product is efficiently and effectively implemented.
Proof of certification must be provided every 12 months
"Cloud providers that have been tested accordingly cannot rest on their laurels: Providers are only considered compliant with both the BSI C5 requirements catalogue and SOC 2 if they renew the corresponding proof at least every 12 months," says Daniel Fussy, IT security & privacy consultant at T-Systems. "We are proud that we have now reached BSI C5 and SOC 2 Type 1 certification with the Open Telekom Cloud. Now we are working hard to also attain SOC 2 Type 2 as soon as possible."
At a glance: the benefits of Open Telekom Cloud
- Security: The data are hosted in highly secure Telekom computing centres in Germany.
- Scalability: Computing power and memory can be ordered and set up online and adapted flexibly at any time.
- Pricing models: We offer you flexible and fixed contractual periods as well as a combination of both models.
- No vendor lock-in: Open Telekom Cloud is based on OpenStack, a freely available open-source standard. You can change the provider at any time.
- Individual configuration: CPU, RAM, storage, network – you can put a package together for yourself that matches your requirements to the optimum degree.
- IaaS for all: Open Telekom Cloud is extremely flexible and therefore suitable for companies of every size.