Munich, April 2, 2019–Cisco Webex Teams and Webex Meetings have formally received an attestation report meeting the BSI Cloud Computing Compliance Controls Catalogue (BSI C5). Cisco’s internal cloud security engineering standard has been explicitly aligned to C5 to facilitate C5 attestation readiness for future cloud services. This increases security for all customer groups, especially government agencies, financial service providers, and operators of critical infrastructures.

"Cloud computing means a radical change for the ICT industry and its customers, but so far there has been a lack of uniform security recommendations, standards and certificates," says Arne Schönbohm, President of the Federal Office for Information Security (BSI). "With our C5 catalogue of requirements, the BSI has provided a generally recognized basis for security in cloud computing.”

"When using cloud services, many organizations require comprehensible attestations, tests and certifications," explains Klaus Lenssen, Chief Security Officer at Cisco Germany. "By formally testing according to C5, we offer additional transparency with regard to the security of our cloud services. C5 supports operational risk management through both due diligence and information security management governance. This C5 attestation simplifies the qualification of Cisco Webex Teams and Messaging for use in all industries."

Internal process for high security 

The C5 testing of WebEx services is not a one-time process for Cisco: Cisco has integrated the C5 requirements into its internal cloud services governance framework. The Cloud Approval to Operate (CATO) process verifies and ensures that Cisco's security objectives are met when developing cloud services. This is a formal prerequisite for new Cisco Cloud offerings before being released for sale.

"Due to its strong practical orientation, C5 has already achieved great importance in the German market within a short time and is well received by the industry", Lenssen continued.

The C5 catalogue 

The BSI's Cloud Computing Compliance Controls Catalogue(C5) defines which requirements cloud providers should meet to ensure a high level of security. Since the proof is based on an established procedure, this means only a small additional expenditure for the providers. 

Originally Posted at: https://emear.thecisconetwork.com/site/content/lang/en/id/10348