27 January 2020

Lünendonk study: Security in the cloud higher than in on-premise operation

"55 percent of the IT decision-makers surveyed even already prefer the cloud to on-premise operation because, in the view of the respondents, cloud providers can offer higher security standards." This is one of the core statements of the current Lünendonk study "IT strategies and cloud sourcing in the course of the digital transformation".

Furthermore, according to Lünendonk, cloud transformation will remain one of the top issues for IT managers in Germany in 2020. The trend is very much towards hybrid models, because cloud and on-premise solutions will more or less coexist in the future.

The most common reasons given for "going to the cloud" were:

    • Greater flexibility and scalability in the operation of applications (78 percent)
    • Better coverage of peak loads (72 percent)
    • Better integration of new software solutions into IT back-end processes (68 per cent)
    • Higher safety standards (55 per cent)

"Basically, most cloud data centres are at a high technological level and therefore usually better protected against hacker attacks than most local instances," explains Mario Zillmann, partner at Lünendonk & Hossenfelder and author of the study.

ZEP in Cloud Computing Operation: Highest Security Guaranteed

The fact that Mr Zillmann is right when he speaks of a "high technological level" of cloud data centres is also shown by the example of ZEP. The cloud operation of the software solution for time recording and project controlling takes place in a secure high-performance data centre in Germany, which has all the relevant security certificates (ISO 27001 certificate based on IT-Grundschutz, tekPlus certified data centre). The software runs on a fully redundant, highly available server cluster. The internet connection to the ZEP servers is provided at 1000 Mbit/s via redundant fibre optic lines. The availability of the data centre is 99.99 percent. The accessibility of the ZEP servers is permanently monitored.

To ensure that the customer data processed in ZEP is also secure and always available, data is continuously mirrored on a second server within the ZEP cluster. In accordance with the recommendation of the German Federal Office for Information Security (BSI), a daily backup of all data is created and stored in a data centre seven kilometres away. All storage is completely encrypted and data backups are kept for at least four months.

The user contract concluded between ZEP customers and provantis naturally also contains the contract for commissioned processing prescribed by the EU General Data Protection Regulation (DSGVO).

Especially for small and medium-sized enterprises, it might be difficult to achieve this level of data security - both for the software application and the data processed with it - with their own on-board resources.

Data protection and data security important decision criterion for cloud variant of ZEP

Data protection and data security are usually also one of the most important decision-making criteria for ZEP customers who opt for the cloud variant.

The company EXTEDO for example, is a leading provider of software solutions and consulting services for the approval of medicines, medical devices and plant protection products (Regulatory Information Management). Currently, more than 700 customers in 60 countries rely on EXTEDO. The company uses ZEP in a cloud operating model. Data security and data protection play an important role here. After all, extensive confidential data is also involved in an approval procedure in the pharmaceutical industry. "For this reason, we check the data protection measures of each of our software suppliers very carefully," confirms Elmar Weber. Chief Financial Officer at EXTEDO.

The company Next Level Integration (NLI), headquartered in Cologne, is a software manufacturer and solution provider for the utility industry. The solution portfolio focuses on applications in the regulatory environment, integration solutions, portals and complete solutions based on the energy industry Fast Lane technology platform developed by NLI itself. On the subject of data protection and data security when using ZEP in cloud operation, Dr Stefan Klose, Managing Director of NLI, explains: "Data protection and data security play a central role in our projects. For this reason, we subjected the contracts and operating model to an intensive review in advance. In the end, however, we were able to give the 'green light' for cloud operation without any restrictions."

Cloud migration in full swing: also at ZEP

The continuing trend towards migration to the cloud mentioned in the Lünendonk survey cited at the beginning is also in full swing at ZEP. In general, ZEP customers are given the freedom to choose whether to use ZEP in on-premise operation or as a cloud service. And so there are currently still companies that run the solution on their company's own IT infrastructure. New customers, on the other hand, have recently been opting almost exclusively for the cloud variant.

You can find an overview of the topic of data security at ZEP in the cloud on the ZEP website.