Protection measures at the computer center
The security and availability of a computing center as a whole are indicated by the so-called tier level. They also take into account access control and fire safety. To run enterprise-critical applications in a cloud, the computing center needs to be tier 3 certified, which is the second highest level. The highest level, tier 4, is a prerequisite for sensitive customer data in the banking, insurance and healthcare sectors. For example, the Swisscom Computing Center in Wankdorf has this certification.
For their part, ISO certificates provide proof of the technical protection of the infrastructure and therefore represent quality labels for IT. Here, the most important standard is ISO 27001. It describes the mechanisms and processes of safety management.
But what happens when a bug in the software or in equipment causes a security flaw? “In such cases, we are informed by the manufacturer and we can remedy it in time,” says Tobias Langbein. The effectiveness of measurements is regularly monitored by means of penetration tests. In this context, a specialist in computer security must try to enter the systems, of course following a formal request. In this way, it is possible to recognize the weak points and to remedy them. But that’s not all: “In these tests, we have already discovered flaws that the manufacturer did not even know,” adds Tobias Langbein with a smile.
Systems isolation also ensures that only the customer can access their data. In combination with data protection measures, for example in the case of hardware failures, it is thus possible to guarantee the security of the data. “For us as a cloud provider, this is our most valuable asset to ensure the trust of our customers,” says Tobias Langbein.
Swissness for local needs
Certifications and audits ensure the credibility of security measures. This transparency is a source of confidence. Similarly, it is clear that businesses expect their cloud provider to comply with security standards. However, according to Tobias Langbein, the requirements go beyond the application of simple security measures: “Our customers want us to provide them with <Swissness>.” This means first of all that the data must be saved in Switzerland and that the Jurisdiction and the place of the contract are in Switzerland. In addition, some customers also require that data can only be accessed from Switzerland.
These Swissness-related aspects are important distinguishing features between Swisscom and global cloud providers, or as Tobias Langbein puts it: “We offer a local cloud offering for companies with specific local needs.”Tags: window