According to a study by Statista, 84% of all German companies were already using cloud services in 2022. A further 13 percent are planning or discussing their use. The overall proportion of cloud-using companies will therefore continue to increase. However, the use or operation of these services is associated with a variety of risks.
Without appropriate measures to increase security in the cloud, companies are exposed to considerable security risks when managing their customer data, regardless of where it is stored. The new Control 5.23 "Information security for the use of cloud services" in the updated ISO/IEC 27001:2022 standard describes possible security measures. In the following blog post, we show what the new security measure covers and which aspects need to be considered for successful (re-)certification.