Cronos meets the Smals Research Security Requirements on their Cloud Solutions
Cronos meets the Smals Research Security Requirements on their Cloud Solutions for public sector, social security and health care customers.
Over the past few years, the cloud has become an inevitable and popular notion that developed from a vague and risky concept into an ICT strategy « of the future » that every organization will be implementing sooner or later. Apart from cost reduction, the main reason for this hype is the easy accessibility to computer sources with almost unlimited possibilities requiring minimal management. With this technology, an organization can rent the resources shared on a cloud service, thus becoming the tenant instead of the owner of the infrastructure. Unfortunately, sharing this infrastructure is actually the flaw of cloud services. Cyber-attacks have shown that a shared cloud service can be misused by the tenants. Security problems and in particular the confidentiality and integrity of the data are a matter of major concern for the users of the cloud because they no longer have total control over the management of their data. For the authorities, social security and health care services the problem is of even greater concern as it involves potentially sensitive data of citizens and companies.
Therefore, the Research section of Smals in cooperation with the Security section developed a model to evaluate the security of cloud services. This allows the member institutions to determine in a structured and substantiated way how we need to process the data in the cloud.
The main security issues that are evaluated by the model are grouped into four main criteria: governance, identity management and access control, IT security and finally operational security.
With its broad competence in these criteria, Cronos has ensured that the cloud services it offers clearly meet these four main criteria. As such, it can guarantee its customers that it is in conformity with its security requirements. Cronos can also assist its customers in the public sector, social security and health care services to establish a security policy on cloud computing in order to check the conformity towards the target, also when the cloud solution is not under the control of Cronos.Back to overview