News
Oktawave – the first public IaaS cloud in Poland with the ISO 27001 security certificate
Posted by Piotr Malendo on 22.09.2016 15:04

The ISO 27001 certificate represents another stage in the implementation of a policy aimed at providing perfect security to customers using the Polish cloud computing solution as well as a guarantee that they chose a reliable provider.

 

One of the secrets of the cloud’s success lies in the fact that businesses see the advantages it brings very clearly. Cloud computing not only makes it easier to gain market advantage: it also has many other merits making it a perfect tool, allowing users to overcome technological and economic barriers. Entrepreneurs noticed this very quickly and they currently predict that the cloud will be one of the main business drivers in the coming decade*. There is one reservation they make, however: the cloud must be secure.

 

Security is an advantage

 

Customer security is a guarantee of the service provider’s reputation. This is why a fundamental assumption underlying the Oktawave Polish cloud computing solution is the range of unique solutions with regard to security, implemented on several levels by way of:

  • compliance with the strict requirements set forth by the Inspector General for the Protection of Personal Data, demanding that specific conditions be guaranteed by devices, infrastructure and the service provided;
  • storage and processing of customers’ data in the territory of Poland in a professional Tier 3+ data center, being the highest data center level in Poland;
  • offering an original multi-layer IT architecture which is failure-proof thanks to full redundancy.

 

The 27001 standard: why is it important?

 

Data are processed in a cloud, which is a specific physical asset located on physical servers. Consequently, suitably designed architecture, an appropriately secured data center and the location, which constitutes a key problem for most worldwide cloud providers, acquire strategic importance.

 

An integral part of the data security system is also compliance with specially designed standards. In this field, one of the most important standards for customers, especially for those interested in efficient data protection, operating in various industries and processing their data in the cloud, is the ISO/IEC 27001:20013 certificate. The certificate puts in order information security management systems in cloud environments.

 

Obtaining ISO 27001 is therefore an important stage in the implementation of a strategy of strengthening security and seeking to meet customers’ expectations, as well as providing the following:

 

  • reduction of the level of risk related to the loss of control over information security,
  • minimisation of the risk of data loss or interception,
  • possibility of rapid identification of errors.

 

Trial by fire

 

The process of a company’s certification to the ISO/IEC 27001:20013 system consists of multiple stages and starts with a review of the company’s internal mechanisms performed by an independent body. At Oktawave, the audit was preceded by a detailed analysis of the in-house procedures. As a result of the work, solutions were improved going beyond single scenarios, focusing more narrowly on specific situations in which data are at risk and on reaction plans.

The ISO/IEC 27001:20013 implementation is actually a test for the whole organisation. It’s like a trial by fire, aimed at obtaining transparency of the company’s activities, putting in order all the processes and achieving compliance on the part of every employee with the assumptions adopted,” says Jan Lekszycki, VP Sales & Strategic Alliances at Oktawave.

Therefore, ISO implementation reflects the priority approach to information security management and proves that the organisation is ready to provide services to the most demanding customers, even those from the public, financial or power engineering sectors.

Another advantage is trust

 

Trust is a strategic asset for any provider. This makes not only such players as TUI and Pracuj.pl willing to use the public cloud, but also entities providing services to the public sector, where reliability and stability of services acquire particular importance.

An example of such a company is Aspello, a dynamically developing software house which decided to move to the cloud due to the need for stability and scalability, faced with heavy traffic on the Constitutional Tribunal’s webpages.

“Thanks to the migration to Oktawave, we have gained virtually unlimited capacities, making it possible to handle any amount of traffic on the Constitutional Tribunal’s website,” says Grzegorz Karpa from Aspello.

The need to guarantee reliability was also the reason for which Pajacyk, one of the most recognisable charitable initiatives in Poland, decided to migrate to the cloud. The website, which records over 20 thousand clicks per day on the belly of the wooden puppet being the campaign’s symbol, required stability and above-average performance.

We started working with Oktawave Polish cloud because we need a reliable website in order to be able to create good campaigns to support the Pajacyk programme,” said Justyna Stępień, Director of the Department for Communication, Education and Cooperation with Donors of the Polish Humanitarian Action.

Implementation of the ISO 27001 standard makes it easier to comply with the law and with the regulations in force, and consequently helps one build trust in an excellent manner.

The decision to adhere to ISO/IEC 27001:20013 is a proactive response on the part of the business to its customers’ needs, and also assumes systematic improvement of the processes taking place at the company; it is therefore a step made by mature and conscious organisations.



Find out more about security policy in Oktawave:

https://kb.oktawave.com/Knowledgebase/Article/View/265/95/extended-specification-of-oktawave-cloud-platform-security-aspects?_ga=1.77942801.427010301.1433497527


Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.