The EU-GDPR and frequent reports about successful hacker attacks on small and large companies have been making customers increasingly insecure about how to select a SaaS product without compromising data and information security. Business customers in particular are required by law and regulations to adhere to strict requirements when handing data and services over to cloud providers. It is therefore the responsibility of SaaS providers to foster trust through objective and independent assessments of security measures that customers can easily comprehend.
For this purpose, the German Federal Office for Information Security (BSI) has developed the Cloud Computing Compliance Controls Catalogue (C5) as an objective assessment of the information security of cloud products. C5 has become the golden standard for cloud-based products and it is mandatory for all federal institutions in Germany. Currently, about 40 companies world-wide have successfully obtained a C5 attestation. These companies include AWS, Microsoft Azure, Alibaba and other big players.
This presentation shows how CenterDevice, a small, Germany-based SaaS provider made its way towards a C5 attestation. We describe what C5 is in detail, how to leverage AWS and how C5 transforms a startup into a better, stronger, and more reliable company. We also explain how our customers benefit from C5.
At the end of the presentation, the audience should have gained an understanding of what C5 is and what the path to a successfully attestation might look like. The presentation pays special attention to necessary investments and how the business value of tested products changes for the better.