Five domestic and foreign authorities SaaS Safety certification inventory

Forrester Research Research analysis shows that, "The security problem is to prevent enterprises from choosing SaaS The primary reason for" . Compared with foreign countries, it was born at the same time Box, Salesforce, Slack And so on SaaS industry, domestic SaaS The development of has always been slow, And the technical level, The gap between market demand is not huge. The security concerns of domestic enterprise users have indeed hindered SaaS Industry, especiallyEnterprise network diskThe development of vertical fields related to the storage and circulation of enterprise user data.

"Information disclosure" , "Data corruption" , "Hacker attack" Such messages make enterprise users worry about cloud service information security. On the one hand, it lacks the guidance of unified safety standards in the industry, On the other hand, they do not have professional safety technical knowledge, Domestic enterprise users are choosing SaaS It is unavoidable to be confused and helpless when serving.

With the growth of domestic enterprises' demand for enterprise service software, And SaaS Recognition of the advantages of the model over traditional software, The authoritative third-party security certification at home and abroad is selected by enterprises SaaS Plays an increasingly important role in the service process.

Safe Harbor Agreement

The internationally well-known Safe Harbor Agreement (Safe Harbor) yes 2000 year 12 Agreement between the US Department of Commerce and the European Union. The Safe Harbor Agreement requires that enterprises collecting personal data must notify individuals that their data is collected, And tell them what they will do with the data, Enterprises must be allowed to transfer information to third parties, Individuals must be allowed to access the collected data, And ensure the authenticity and security of data and take measures to ensure compliance with these terms.

The influence of the Safe Harbor Agreement is mainly in Europe and America, Salesforce In the early years, it obtained the certification license of the EU Safe Harbor Mark, At the same time, follow the United States - EU and US - Safe Harbor Framework in Switzerland, Workday It has also obtained the safe harbor certification.

international ISO Safety qualification

Information security management requirements ISO/IEC27001, Its predecessor was British BS7799 standard, This standard is issued by the British Standards Institute (BSI) to 1995 year 2 Proposed in, And on 1995 year 5 Revised monthly. It is divided into two parts: Part I Implementation Rules of Information Security Management, Give suggestions on information security management, To be responsible for starting in their organization, Use by personnel who implement or maintain safety; Part II Information Security Management System Specification, Explains the establishment of, Implement and document information security management system (ISMS) Requirements of, It specifies the requirements for implementing safety control according to the needs of independent organizations. To obtain ISO27001, You still need to pass ISO20000 (Information technology service management system standard) .

ISO/IEC27001 It is the most well-known international information security certification in the Chinese market, It is said that Workday For special application ISO27001 Information security certification, Pave the way ahead for the development of the Chinese market. Domestic nails, Fangcloudetc SaaS The manufacturer has also passed ISO20000 and ISO27001 Dual authentication.

C-STAR

Guangzhou Saibao Certification Center Service Co. , Ltd (Hereinafter referred to as "saber " ) International Cloud Security Alliance (Cloud Security Alliance, Hereinafter referred to as "CSA" ) The first globally recognized cloud security assessment service in China jointly launched, to 2015 year 6 month 15 Issued on. C-STAR The release of represents. C-STAR Adopt the industry gold standard of cloud computing security—-CSA Published cloud control matrix (Cloud Control Matrix) , The evaluation process adopts the internationally advanced maturity level evaluation model, At the same time, relevant domestic laws, regulations and standards, Comprehensive security evaluation of cloud computing services.

because C-STAR Late birth, At present, there are only a few such as Beisen SaaS The manufacturer has passed the certification.

Trusted cloud service authentication

Trusted cloud service certification is organized by the data center alliance, China Academy of Information and Communication (Telecommunication Research Institute of the Ministry of Industry and Information Technology) Evaluation and certification for cloud computing services based on test evaluation. The data center alliance is guided by the Communication Development Department of the Ministry of Industry and Information Technology, China Academy of Information and Communication (Telecommunication Research Institute of the former Ministry of Industry and Information Technology) United with Internet enterprises at home and abroad, Telecom operators, Software and hardware manufacturers and other units. The core goal of trusted cloud service certification is to establish an evaluation system for cloud services, Select trusted for users, Secure cloud services provide support. adopt 16+2 Multi-dimensional evaluation, Trusted cloud will secure data from, Service quality, Service performance, Multi-dimensional dialysis of cloud services such as operation and maintenance management and rights protection.

at present, Trusted cloud is one of the most trusted mainstream cloud service security authentication in China, 2014 Since, the first batch of certification has been based on virtual machine manufacturers, In recent years, includingFangcloud, associationEnterprise network diskThis type of file storage is used for online applications SaaS The manufacturer also participated in and passed the certification.

Information security level protection

Classified protection of information security is a kind of work to protect information and information carriers according to their importance levels, in China, A work in the field of information security that exists in the United States and many other countries. China's information security level protection shares 5 level, Information systems with different security levels are required to have different security protection capabilities, On the one hand, it is realized by selecting safety control appropriate to safety level in safety technology and safety management; On the other hand, the security technology and security management distributed in the information system have different security controls, By connection, interactive, rely on, coordinate, Synergies and other interrelated relations, Security functions of the information system.

before , Most of those who apply for information security level protection are the most sensitive to information security P2P Internet financial enterprises, But with SaaS Manufacturers in the industry, especially in the cloud storage field, pay increasing attention to data security, More manufacturers have started to apply "Equal insurance" .

In addition to the above authorities at home and abroad SaaS Service security certification, Can be selected as an enterprise user SaaS Safety reference basis for products and services, also ITSS (IT Service Maturity Model) , CMMI (Software development maturity model) And other relevant certifications can also be used as a reference for comprehensive evaluation.