Together with external security experts, we at Open Circle carry out a comprehensive security test of our Swiss Business Cloud (SBC) every year. In so-called penetration tests, the experts specifically attack various areas of our cloud and thus check them for any security gaps.
We operate an ISO 27001-certified information security management system (ISMS) and are committed to ensuring a high level of security in the processes and technical solutions. Numerous preventive measures and permanent monitoring of threats and vulnerabilities are central elements of the ISMS. Penetration tests conducted by an independent body help us to test the effectiveness of our own measures.
In June 2020, we conducted a penetration test together with EY. At the time, the focus was on the SBC Cockpit and the security of customer terminals. We did not discover any critical vulnerabilities, but we did find that our login process was not yet optimal. Therefore, we introduced multifactor authentication for the SBC Cockpit.
We conducted the next penetration test in October 2021 together with RedGuard. This time, the focus was on the SBC solution with the Citrix platform, the servers and the networks.
The tests revealed no critical vulnerabilities this time either. Isolated configuration settings and encryption procedures that were no longer optimal were assessed, prioritised and remedied with a treatment plan as part of the risk management.
At the request of a client, we included their application systems in the penetration test and tested them at various levels. We were thus able to identify some minor vulnerabilities and eliminate them in cooperation with the client.
Often, outdated applications and devices prevent the use of up-to-date and secure operating systems. For example, the use of older multifunction devices means that a network protocol that is now outdated cannot be switched off. Therefore, keep an eye on the life cycle of devices and applications wherever possible, or feel free to ask us for advice if you are unsure about this topic.
We are also happy to include your applications or self-operated IT infrastructure in our penetration tests or to plan and carry out a holistic analysis of the security of your IT resources with you.
Your customer representative will be happy to provide you with further information at any time.