oqdo supports companies in becoming compliant with the NIS2 (Network and Information Security Directive) by utilizing a variety of tools and services focused on cybersecurity and compliance. Therefore, Microsoft Azure, a renowned and leading provider in the IoT sector, was chosen as the cloud provider. This presents a significant advantage, especially in the context of IT security and NIS2. Here are some of the key measures and features:
Centralized management and continuous monitoring
Resources are managed and monitored across different environments. This helps to apply consistent security policies and ensure compliance with NIS2
Advanced Threat Protection
oqdo relies on services like Microsoft Defender for IoT, which offer advanced protection against cyber threats, real-time threat detection, and comprehensive incident response. This helps to detect and mitigate security incidents in real-time.
End-to-End Monitoring and Analytics
oqdo utilizes Azure Monitor tools, which provide comprehensive monitoring and analytics across the entire cloud environment. This enables companies to quickly detect, diagnose, and resolve security incidents.
Access and Identity Management
With the Microsoft Identity Platform, companies can implement robust identity and access management controls. This includes multi-factor authentication and role-based access controls that meet the requirements of NIS2.
End-to-End Encryption
Data transmitted to and from the cloud is protected by end-to-end encryption. This ensures the confidentiality and integrity of the data.
Audits and Penetration Testing
Regular Penetration Testing
Microsoft continuously conducts penetration tests to identify and address vulnerabilities in the Azure infrastructure. These tests are performed both internally and by third-party providers.
Red Teaming
Microsoft employs specialized Red Teams that test Azure and Microsoft 365 systems using the same tactics as real attackers. These teams operate independently and simulate real attacks to improve detection and response capabilities.
Continuous Security Monitoring
In addition to penetration tests, Microsoft conducts continuous security monitoring and incident management to detect and mitigate threats in real-time.
Compliance Audits
Microsoft regularly conducts independent audits to verify compliance with security standards and regulations. The results of these audits are often published in the form of compliance reports.
Additional Compliance Standards
Microsoft Azure meets a variety of compliance standards to ensure the platform adheres to the highest security and privacy requirements. Here are some of the key standards:
ISO/IEC 27001
This standard specifies the requirements for an Information Security Management System (ISMS) and is one of the most globally recognized standards for information security.
ISO/IEC 27018
This standard focuses on the protection of personal data in the cloud and provides guidelines for implementing measures to protect privacy.
SOC 1, SOC 2, and SOC 3
These reports provide an independent assessment of a service providerβs internal controls related to security, availability, processing integrity, confidentiality, and privacy.
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program that sets standardized security requirements for cloud services.
HITRUST
The HITRUST CSF (Common Security Framework) is a comprehensive and flexible framework that integrates various security, privacy, and regulatory requirements, particularly in the healthcare sector.
C5
The Cloud Computing Compliance Criteria Catalogue (C5) from the German Federal Office for Information Security (BSI) sets specific requirements for cloud providers to ensure security and transparency.
GDPR (DSGVO)
The General Data Protection Regulation of the European Union sets strict requirements for the protection of personal data, which Azure complies with.
