Information security plays a critical role within CloudVPS: The security and protection of both your and our data is central to our mission. One measure that can be helpful to such a policy is the adoption of ISO27001, a standard in the same area of security.
A new version of the standard was published in September, 2013. This updated version simplified a number of its elements, and improved on its overall structure.
The Dutch Internet Service Provider IT-Ernity has acquired all the shares of CloudVPS.
With this acquisition CloudVPS will become part of a group that will support our continued growth and enable new initiatives. IT-Ernity gains the leading Dutch public cloud and Europe’s first public OpenStack platform.
Since last week a lot of new questions have emerged regarding the protection of personal data by American companies.
It was first announced last Thursday that the American telecom provider Verizon provided the American intelligence agency NSA with enormous amounts of information on national and international phone calls.
Not even a day later whistle-blower Edward Snowden revealed that nine major American Internet companies provide the NSA, the enormous American intelligence agency responsible for IT and communication based espionage, with structural access to tremendous amounts of data.
This involves such familiar names as Google, Microsoft, Facebook, Yahoo, Apple and Skype. Dropbox is expected to be added to the list shortly
A couple of weeks ago we have successfully concluded our certification audits. The auditor, the international risk manager DNV has given a positive advice to the UKAS committee. This committee has adopted the recommendation of the auditor and we have received the official certificates last week. We are now officially ISO 27001 and NEN 7510 certified and this includes the additional CloudControls as well. These certifications apply to all CloudVPS services.
In a lot of cases our direct customers store data on our cloud on behalf of another party. This is most often the case with IT outsourcing solutions that use our cloud infrastructure.
Although this happens a lot, it does mean the data owner depend on the willingness and ability of our direct customer to secure its rights. This can be a reason for the data owner to delay outsourcing to the cloud. In the past we have provided guarantees to the data owner to secure its ownership and access to the data.
In 2012 we started a certification process. We noticed our customers were placing increasingly important data in our cloud. Certification plays an important role in this development by providing our customers with even more certainty regarding the quality of or services.
We decided to aim for the security standards ISO 27001 and NEN 7510 and an own set of strict controls, the CloudControls that covers the cloud specific risks. Over the last few months we have been audited on these three control sets and this week international risk manager DNV provided a positive advice to the UKAS committee. We expect to receive this certification during the month of March.
In January of this year we have introduced new general terms and conditions. These already afforded our customers with a lot of legal security including serious privacy protection and an extensive description of our commitments.
We are now introducing a new version of the terms and Conditions. There are two important reasons for these. In the first place we are working on an ISO 27001 certification that includes a large number of cloud related measures. A few of these measures have to be incorporated in the general terms. A second reason is incorporation of the new SLA that we introduced last week in the terms and conditions.
We have a very simple and effective service level scheme. Our free Service Level 1 provides customers with an uptime guarantee and advice with issues regarding their environment. Service Level 2 adds 24/7 monitoring and support and 2 hours of system administration a month. The system administration hours can be used to resolve issues, secure the server or for performance optimalisation.
An increasing number of customers are placing important applications or websites in our cloud, often using a datacenter redundant cluster of virtual servers. These customers often have service level requirements that exceed what we can normally offer under Service Level 2. Because we like to work with standard components we have decided to introduce a new service level. This service level got the surprising name 'Service Level 3'.
As from last week CloudVPS has joined the Distributed Application Platforms and Services committee of the NEN (ISO/IEC JTC1/SC38).
The NEN is the Dutch standards organisation. The aim of this committee is to create a market wide discussion platform for the standardisation and acceptance of cloud services. It will organise meetings and create an overview of relevant definitions, norms and publications. The committee will also provide input on norms that are currently under development.