Privacy and data security as foundation for successful digital transformation
At today's closing ceremony of the pilot project "Data Protection Certification for Cloud Services" not only the remarkable project results including the catalogue of evaluation criteria based on ISO/IEC 27002 and ISO/IEC 27018 were presented, but also the certificate for SkIDentity according to the "Trusted Cloud Privacy Profile for Cloud Services” issued by the certification body of TÜV Informationstechnik GmbH (TÜViT) has awarded to ecsec GmbH. As it has been demonstrated within the evaluation and certification procedure, the SkIDentity Service fulfils the demanding requirements for the highest protection class III and hence it may be used for processing particularly sensitive data in a legally compliant manner.
SkIDentity technology is now not only distinguished, but also certified
The multiple award-winning SkIDentity Service (https://skidentity.com) was developed in the scope of the “Trusted Cloud” initiative supported by the German government. Using SkIDentity, electronic identity documents (eID), such as the German electronic identity card “Personalausweis”, can be easily used in cloud and web applications. SkIDentity in particular allows to derive cryptographically protected "Cloud Identities" from any eID document, which can be transmitted to any smartphone and used there for the strong pseudonymous authentication or a self-determined identity proofing in the cloud. Thanks to SkIDentity, no passwords need to be stored in web applications and therefore there is no risk that they could be stolen or misused.
As shown in the certificate (BSI-IGZ-250) issued by the Federal Office for Information Security, the scope of the security assessment and certification according to ISO 27001 based on IT Baseline Protection did not only comprise the identity management service of SkIDentity, but the full blown "Secure Cloud Infrastructure (SkIDentity)", which can be used for highly reliable operation of other cloud and web applications. "The processing of sensitive data in cloud services requires high security standards. A transparent proof of the correct implementation of an appropriate security concept can only be provided within an independent certification procedure," adds Bernd Kowalski, Head of Department in the Federal Office for Information Security. “Within the certification of SkIDentity it was shown that even the demanding requirements associated with the use of the German electronic identity card in cloud services, can be proved to be satisfied via an ISO 27001 certification based on IT Baseline Protection."
The SkIDentity project is performed by an interdisciplinary team, which is coordinated by ecsec GmbH and comprises experts from ENX Association, Fraunhofer institutes for industrial engineering (IAO) and computer graphics (IGD), OpenLimit SignCubes GmbH, Ruhr University of Bochum, University of Passau, Urospace GmbH and Versicherungswirtschaftlicher Datendienst GmbH. In addition the SkIDentity team is supported by major associations and federations such as the Federal Association for Information Technology, Telecommunications and New Media (Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V., BITKOM), the German EuroCloud association (EuroCloud Deutschland_eco e.V.), the ProSTEP iViP association and TeleTrusT – IT Security Association Germany and well known enterprises such as DATEV eG, easy Login GmbH, media transfer AG, noris network AG, SAP AG and SiXFORM GmbH.
About the "Trusted Cloud" Program
The German Federal Ministry for Economic affairs and Energy (BMWi) supports through “Trusted Cloud” the development and testing of innovative, secure and legally valid cloud computing services with about 50 million Euro. Because the various project partners roughly bring in own resources of the same amount, the program has in total about 100 million Euro as its disposal. The “Trusted Cloud” technology program of the BMWi is part of the cloud computing initiative, which has been started by the BMWi in October 2010 together with its industrial and academic partners.
Dr. Detlef Hühnlein
SkIDentity c/o ecsec GmbH
96247 Michelau, Germany