Cloud Security Benchmarking

Our Vision

With Cloud services  we partially handover responsibilities to our trusted Cloud Provider. We gain trust in our Cloud Provider by diligence. We ensure secure usage of the cloud by knowledge of our own responsibilities and rigorous validation.

Cloud Customer Responsibilities

Security in the Cloud

The term "Security in the Cloud" was coined by Amazon and refers to the security controls and processes we as customers of the Cloud Service are responsible for. The Cloud Provider gives the customer a powerful toolbox with which they can build out the Cloud landscape. It is up to the customers to ensure that the right processes and configurations are in place to secure the business service. Depending on the type of the Cloud Service, the responsibilities widely vary. An Infrastructure as a Service Provider (IaaS - e.g. EC2 on AWS) leaves the responsibility for a major part of the stack to the Cloud Customer, while a Software as a Service (SaaS - e.g. SAP Concur, SAP SuccessFactors, SAP Ariba, etc.) a major portion of the stack is managed by the Cloud Provider.

Our Service

Independent of the type of Cloud service, we support our clients in assessing the security posture of their Cloud tenants. We specialize in the SaaS and PaaS services provided by SAP like SAP HANA Enterprise Cloud (HEC), S4 Cloud, SAP SuccessFactors, SAP Concur, SAP Fieldglass, SAP Ariba, but also major hyperscaler service providers such as Amazon AWS, Microsoft Azure and Google Cloud. We benchmark and score our client's tenant configuration. We assess relevant client processes and review the integration between Cloud and on-premise. 

Cloud Provider Responsibilities

Security of the Cloud - Cloud Provider Responsibility

The term "Security of the Cloud" was initially coined by Amazon and targets the security posture of the Cloud Provider and all the services and infrastructure required to provide the Cloud service to the customer. The security of the Cloud platform, operations and development is not in control of the customer.

Our Service

We help our clients perform due diligence in ensuring that the selected Cloud service fulfills the requirements on the enterprise. Ideally, this is done as part of the pre-sales activities and on ongoing regular basis. Some of the numerous questions that need to be answered are:

Helpful

There are established frameworks that provide detailed guidance and set the expectations towards a secure Cloud Provider like: