Cloud Security

Our Cloud security specialists advise you on how to maximise the opportunities of the Cloud - with minimal risk.

• Cloud strategies, policies and directives
• Integrating the Cloud into the ISMS (information security management system)
• ISDS concepts for Cloud solutions
• Assistance in the procurement of Cloud solutions
• Training on the topic of Cloud security

In our Cloud security assessment, we check the security level of your organisation with a focus on Cloud security.

In doing so, we take into account industry-specific legal requirements as well as best practices such as those of the Cloud Security Alliance (CSA) or C5 of the BSI. Based on our interviews and spot checks, we grade the maturity of your security level and provide you with an overall report as well as specific recommendations for improvement.

• Assessment of Cloud solutions based on the Framework CAIQ from CSA
• Application assessments for Cloud solutions
• Platform assessments
• Assessments / penetration tests for API gateways

Internal expertise is essential for sustainably secure operation in the Cloud. Let our experts train your specialists:

• Security compliance in the Cloud
• Hardening Cloud environments
• Container security & Kubernetes security

Security training on other topics can be found at Training.

We check your Cloud components for their security and simulate real attacks.

• Technical review of and in Cloud solutions (especially Azure Security, AWS Security and GCP Security)
• API gateway assessment
• Security review of Microsoft 365
• IAM integration in the Cloud environment (e.g. Azure AD)
• Architecture review

Read more about our technical security reviews at penetration testing.

With this assessment, we evaluate the technical product security of your SaaS applications based on the Cloud Security Alliance's (CSA) 36 customer-focused SaaS Security Capabilities Framework (SSCF) controls. This approach addresses the critical gap between vendor risk management (TPRM) and product-level configuration.

We provide transparency regarding the security status of your application, identify gaps in the six SSCF domains, and derive concrete, prioritized measures for your security engineering team to improve your SaaS security in the long term.

In this assessment, we specifically evaluate your organization's cloud security and data privacy controls against the internationally recognized guidelines of ISO/IEC 27017 (Cloud Security) and ISO/IEC 27018 (PII Protection in the Cloud). We provide transparency on your organization's current maturity level, identify deviations (gaps), assess the associated risks, and derive concrete, prioritized recommendations to close these gaps.

• Analysis of the cloud architecture, processes, and defined roles and responsibilities
• Review of implemented technical controls (e.g., access, encryption, monitoring)
• Evaluation of the resilience and completeness of existing evidence
• Detailed report with identified gaps and a prioritized action plan to address the shortcomings