Cloud giant Alibaba Cloud has announced it has successfully completed assessment for the Cloud Computing Compliance Controls Catalogue (C5). Alibaba Cloud, the cloud computing division of the Alibaba Group, is also known as Aliyun. Established in 2009 and with global headquarters in Singapore, the company provides a 2.3 million-strong customer base with scalable cloud computing and data management platforms. It has a global presence with facilities most recently launched in the Middle East, Europe, Australia and Japan. Alibaba Cloud is the only Asian company to obtain C5 attestation from “key assurance framework for cloud operations” with additional requirements.
C5 was established and is managed by Germany’s Federal Office for Information Security (or Bundesamt für Sicherheit in der Informationstechnik (BSI)). Achieving C5 requires companies to adhere to a range of standards in a number of areas. These areas include Elastic Compute Service (ECS), Relational Database Service (RDS), Object Storage Service (OSS), Content Delivery Network (CDN), Server Load Balancer (SLB), Virtual Private Cloud (VPC) and ‘Alibaba Cloud Security’ (which is available in Alibaba’s Singapore and Germany cloud regions). Meeting the C5 standard underscores Alibaba Cloud’s commitment to “applying the highest levels of compliance in controls and security”.
C5 focuses on cloud service providers, service auditors and cloud service providers’ customers. It defines 17 control requirements that cloud providers must meet. Achieving C5 means companies can work with the German public sector, and increasingly, private sector organizations. C5 is also a benchmark standard in both the German and European markets. Achieving C5 means German customers can “leverage the work performed under this BSI audit to comply with stringent local requirements and operate secure workloads using Alibaba Cloud services”.
“Information security is a critical success factor for the digitization,” explained Bundesamt für Sicherheit in der Informationstechnik (BSI)’s President Arne Schönbohm. The C5 standard is a well-established and valuable decision guidance in the cloud market for all companies that want to use cloud services in the course of their digitization. Information security is a critical success factor for the digitization. The C5 standard is a well-established and valuable decision guidance in the cloud market for all companies that want to use cloud services in the course of their digitization.”
Do you know of any other companies that have achieved industry standards? Let us know the details. Add your comments below.