The majority of German companies already use cloud applications and software (as Software as a Service, SaaS). One important take-aways for trade fair visitors: Especially with Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) many security issues have to be considered. Firstly, companies have to cope with organizational and technical complications. Secondly, they need special security solutions such as Cloud Access Security Brokers (CASB), Policies & Frameworks and a harmonized cloud authorization concept.
In addition to cloud issues, the IT-SA also addressed other critical security topics. What we found particularly impressive: penetration test methods which were presented in a "live hacking". It made evident that incidents are often due to poor password management – which can usually be avoided through careful user management as well as security awareness campaigns.
Once again, IT-SA showed that future challenges can only be mastered by an integrated IT security organization (including incident and risk management), lead by a powerful Chief Information Security Officer (CISO).