Alibaba Cloud receives C5 certification from the BSI

Among other things, the attestation is mandatory for cloud providers who work with authorities in Germany. Previously AWS, Box, Fabasoft, Microsoft and Dropbox had already received it. However, Alibaba Cloud is the first provider to receive the C5 certification with "higher-quality requirements".

Alibaba Cloud has received an audit certificate from the German Federal Office for Information Security (BSI) in accordance with the requirements of the Cloud Computing Compliance Controls Catalog ( C5 ). The requirement catalog C5, in contrast to other safety standards, also includes so-called environmental parameters. He also provides information on data location, service provision, jurisdiction, certifications and investigative and revelatory obligations to government agencies.

It helps companies to decide whether cloud services comply with legal regulations, their own guidelines or the threat situation with regard to industrial espionage. So far, only five companies have received the certificate for specific offers: AWS , Box , Dropbox , Fabasoft and Microsoft .

For Alibaba Cloud, the Certificates are Elastic Compute Service ("ECS"), Relational Database Service ("RDS"), Object Storage Service ("OSS"), Content Delivery Network ("CDN"), Server Load Balancer ("SLB"), Virtual Private Cloud ("VPC") and Alibaba Cloud Security from the Singapore and Germany regions. According to BSI, Alibaba Cloud is the first cloud provider, in which the certificate partially also includes "the higher-quality requirements of the C5". The Chinese provider had set up the first data center in Germany in November 2016 .

The catalog of requirements for the C5 certification is based on several established standards, including ISO / IEC 27001: 2013, CSA CCM 3.01, ANSSI Référentiel secure cloud v. 2.0, AICPA - Trust Services Principles Criteria 2014, IDW ERS FAIT 5 (4.11.2014) and the requirements of BSI from IT-Grundschutz (15th EL) and the SaaS security profiles. In total, it covers 114 requirements in 17 subject areas. In addition to the standard requirements, this sometimes includes "higher-quality requirements".

Simon Hu, Alibaba Group's senior vice president and president of Alibaba Cloud , said: "Alibaba Cloud's goal is to meet the highest standards in all aspects worldwide. We are proud to be the first company to meet C5 requirements with higher quality requirements. This will further strengthen the trust that companies place in us and grow our customer base - in Germany as well as throughout Europe. "

Alibaba Cloud also promotes trust as a member of the Trusted Cloud , a program initiated by the Federal Ministry for Economic Affairs and Energy (BMWi). As a provider, it is not listed there yet. Listed are, among others, 1 & 1, Claranet, Nexinto, Profihost, Deutsche Telekom with the Open Telekom Cloud, QSC AG with its Pure Enterprise Cloud and Fabasoft.

The criteria catalog of Trusted Cloud includes aspects of data security as well as quality and transparency criteria, data protection and contract design. C5, on the other hand, deals almost exclusively with information security and transparency. Compared to the criteria catalog of Trusted Cloud, however, C5in goes much deeper into the covered areas and requires a higher level of security for its minimum requirements.