Around 70 percent of German companies already use cloud services – and less than ten percent intend to do away with this form of IT infrastructure permanently. Companies are moving to the cloud quicker and more often because the business opportunities offered by cloud-based infrastructure have great potential. But they often pay far too little attention to a very important topic: security. This is because the responsibility for data security always remains with the customer, despite the outsourcing of various processes and services to the cloud service provider. In addition, the multi-cloud strategy, which is already being pursued by around 80 percent of the companies concerned, increases the complexity of the infrastructure.
Digital business models with cloud solutions are considered indispensable by most companies. Following lengthy discussions, particularly regarding security aspects, this attitude has also become established in Europe. Although the discourse on cloud security risks has quietened down, this does not detract from the explosive nature of the topic – on the contrary, this 'silence' is a risky phenomenon. No company can afford to pursue a cloud strategy without a holistic security concept. All aspects and forms of cloud usage must be covered – from the right software to the appliances. This includes the secure web gateway as well as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). For good security infrastructure, topics such as server and network security, identity and access management, shadow IT, information security (for example, encryption and GDPR compliance), and platform security are also relevant.
When it comes to the subject of cloud security, cloud providers and cloud users must uncompromisingly pull together and work with one another. After all, both have a goal and each has an awful lot to lose: for the cloud users it is their likely critical data, and for the cloud providers it's their reputation and, ultimately, their business.
The customer's shared responsibility in the IaaS model includes data, applications, identity management, network and firewall configuration, and encryption. This becomes even more complex in a multi-cloud environment – i.e. when using several cloud services in a company. T-Systems Security has an expert understanding of the diversity and complexity of these tasks. The portfolio therefore includes cloud security solutions in the areas of SaaS protection, shadow IT, IaaS security, web application firewalls, securing databases and web traffic, SOC/SIEM monitoring, and container security. The multi-cloud strategy factor in particular can be addressed with these solutions. T-Systems Security's services cover the entire value chain, from consulting to integration and managed services.