Significant security certification for CSC’s Pouta cloud services

The international information ISO/IEC 27001 security certification of CSC now also covers the cPouta and ePouta cloud services. These services were also audited against the raised information security level according to requirements of the Finnish Government. Both services met the requirements.

CSC's IaaS (Infrastructure as a Service) cloud services cPouta and ePouta and related support functions have been audited against both national and international security requirements. Both services did well, no deviation from the requirements was noted.

– This is great news for CSC's customers, as experienced external auditors have now evaluated the trustworthiness of these services, says Urpo Kaila, Head of Security at CSC.

Compliance with hundreds of requirements

– Best security practices require that for example access controls, encryption and backups have been planned and performed adequately. However, it is crucial that also operational process supporting the service, such as managing updates or capacity management are also properly taken care of and overseen by senior management, clarifies Kaila.

The scope of this audit was to ensure, that the Pouta services comply with the international information security standard ISO/IEC 27001, which has an appendix of 114 mandatory requirements. These listed security controls must be in use, documented and approved by the management.

In Finland, organisations providing IT services to the government, must comply with the raised information security level according to government requirements.

– Services and systems must comply with the raised security level to be able to handle information classified as confidential. For information classified as restricted, the basic security level is enough, Mr. Kaila explains.

The scope of these audits was the information security management system. CSC has other procedures to perform technical security testing. The audit was ordered by CSC itself to illustrate the reliability of the services. The audit was performed by Inspecta Oy, it was not managed by the Finnish Cyber Security Centre.

Cloud services offer tailored computing environments

cPouta is a virtual cloud computing environment designed for computing customers' special requirements. It utilizes the computing capacity of CSC's Taito supercluster. It is suitable for all fields of science, especially for demanding research problems that require special applications or tailored operating system environments.

Cloud service can be used for example in research executed in different fields of science, where multiple applications are needed. It can also be used to share information between research partners, and for example, in computing applications, that employ browser-based interface.

ePouta is a closed cloud environment designed especially for processing sensitive data.

– ePouta and cPouta are practically identical in fundamental solutions. The most significant difference is in security controls. ePouta cannot be accessed from public internet, as it requires a dedicated internet connection, describes Development Manager Jura Tarus from CSC.

More information:

Cloud services:

Urpo Kaila
Head of Security, CSC
040 517 4601

Jura Tarus
Development Manager, CSC
041 546 3344