Security 30. June 2022

Penetration Testing

How we put our cloud through its paces

Together with external security experts, we at Open Circle carry out a comprehensive security test of our Swiss Business Cloud (SBC) every year. In so-called penetration tests, the experts specifically attack various areas of our cloud and thus check them for any security gaps.

Cloud, technisch, farbig

Why do we do this?

We operate an ISO 27001-certified information security management system (ISMS) and are committed to ensuring a high level of security in the processes and technical solutions. Numerous preventive measures and permanent monitoring of threats and vulnerabilities are central elements of the ISMS. Penetration tests conducted by an independent body help us to test the effectiveness of our own measures.

Results of the 2020 and 2021 tests

In June 2020, we conducted a penetration test together with EY. At the time, the focus was on the SBC Cockpit and the security of customer terminals. We did not discover any critical vulnerabilities, but we did find that our login process was not yet optimal. Therefore, we introduced multifactor authentication for the SBC Cockpit.

We conducted the next penetration test in October 2021 together with RedGuard. This time, the focus was on the SBC solution with the Citrix platform, the servers and the networks.

The tests revealed no critical vulnerabilities this time either. Isolated configuration settings and encryption procedures that were no longer optimal were assessed, prioritised and remedied with a treatment plan as part of the risk management.

Were client’s own applications also tested?

At the request of a client, we included their application systems in the penetration test and tested them at various levels. We were thus able to identify some minor vulnerabilities and eliminate them in cooperation with the client.

Are my applications secure?

Often, outdated applications and devices prevent the use of up-to-date and secure operating systems. For example, the use of older multifunction devices means that a network protocol that is now outdated cannot be switched off. Therefore, keep an eye on the life cycle of devices and applications wherever possible, or feel free to ask us for advice if you are unsure about this topic.

We are also happy to include your applications or self-operated IT infrastructure in our penetration tests or to plan and carry out a holistic analysis of the security of your IT resources with you.

Your customer representative will be happy to provide you with further information at any time.

Das könnte dich auch interessieren

Chip design

Technology 12. October 2021 A very short history of the chip / microprocessor The era of semiconductors began with the invention of the transistor in 1947, although it took almost 10 years before the technology was ready for the market … Mehr erfahren

Exposing phishing and acting correctly

Security 8. June 2018 What is phishing used for? What is phishing? Phishing is a combination of the words "password", "harvesting" and "fishing". Phishing is a technique used to obtain confidential data from unsuspecting Internet users. The affected victim loses double, … Mehr erfahren

GDPR: EU data protection officer mandatory for Swiss companies?

Security 29. March 2018 Legal Basis This is because companies not established in the EU must, if their data processing is related, i.e. a) offer goods or services to data subjects in the EU against payment or free of charge or (b) monitoring … Mehr erfahren

Possible Power Shortage

Security 29. September 2022 How do you assess the likelihood of a power shortage? Christoph: Switzerland relies on electricity imports in winter, especially from Germany and France. Due to the current situation, gas shortages and shutdowns of nuclear power plants, … Mehr erfahren
ISO 27001, Hand vor virtuellem Screen

Successful ISO recertification

Media, News 20. April 2023 Zurich, 19 April 2023 – On 13 and 14 March, the certification body Swiss Safety Center AG conducted a recertification audit at Open Circle in Zurich-Albisrieden and recertified the company. This recertification confirms that Open Circle … Mehr erfahren

Open Circle AG
Freilagerstrasse 32
CH-8047 Zürich

©2024 Open Circle AG, all rights reserved.