Swisscom greater security and transparency for cloud services

Companies are increasingly moving their data, applications and IT resources to the public cloud. Besides affording greater flexibility, this also requires enhanced security. In fact, 49% of top Swiss executives say that cloud-based attacks represent their biggest concern (according to PwC Global Digital Trust Insights 2024). The increased exposure to risk results from complex IT landscapes and the centralisation of data in the cloud. These findings are corroborated by Swisscom’s latest Cyber Security Threat Radar, which also highlights other threats that can compromise the resilience of cloud infrastructures, such as the introduction of malicious code into AI models during supply chain attacks, or shorter development cycles, which increase the risk of IT component misconfiguration. In response to this, Swisscom has launched two new services that offer a higher degree of security for cloud resources, company data and customer data.

Cloud Security Governance for guaranteed compliance
With Cloud Security Governance, Swisscom achieves transparency over security policies and compliance requirements. The Cloud Security Posture Management (CSPM) solution continuously checks the security configurations of all cloud resources for compliance violations, misconfigurations and vulnerabilities. Security configurations are aligned with updated compliance policies to ensure their compliance. Swisscom takes care of everything based on its industry-specific expertise, including the updating of policies.

Cloud Security Protection for vulnerability detection and the initiation of security measures
Cloud workloads frequently contain sensitive data, such as customer information, intellectual property and financial data. Organisations have an obligation to adequately protect this data. Cloud Security Protection is a cloud workload protection (CWP) solution that detects vulnerabilities in cloud workloads. It identifies potential security risks in real time and initiates security measures. The combination with Shift-Left-Security and DevSecOps allows cloud workloads to be protected throughout the entire application lifecycle, from development to runtime. The protection can also be extended to Web applications and APIs at any time.

Security functionalities under one roof
The two new security solutions are based on a centralised, automated Cloud Native Application Protection Platform (CNAPP). They thus offer all internal user groups, from security and cloud engineers to the DevOps team and CISO, a standardised view and the capacity to respond immediately in the event of an incident. The services are not dependent on a specific public cloud provider and protect all solutions on different infrastructures even in hybrid and multi-cloud models.

Flexible combination with proven security solutions
According to ISG Provider Lens, Swisscom is the leading provider of managed security services. Swisscom also takes care of everything for the new cloud security solutions, from onboarding and operation to incident and lifecycle management. The two solutions can be combined with all Swisscom security services. If required, they can be connected to a Security Operations Center (SOC) and combined with Swisscom Threat Detection & Response services.

Cyrill Peter, Head of Swisscom Cyber Security Services: “Cyberattacks are on the rise, compliance regulations continue to be tightened and hybrid IT infrastructures are becoming more complex. Enhanced protection and greater transparency are therefore essential. Our experienced cloud and security experts help companies implement our proven security solutions to protect their data in the cloud.”

CT Bureau