A protection business enterprise is on the verge of disrupting its enterprise as the internet firewall (WAF) developed for the cloud surroundings did no longer acquire the CC certification. The CEO of Company A said, “We have dedicated ourselves to creating a internet firewall for three years in line with the cloud transition flow, however we have now not been reviewed due to the fact it is specific from the CC certification standard.” “It is challenging to supply the cloud provider safety certification besides CC certification to public institutions” Said.
The net server-installed net firewall developed by using Company A is designed to experience scalability, which is the gain of the cloud. When putting in the internet server, the server load and the factor of failure had been minimized. It can be mounted and used straight away barring extra equipment, and there is no want to trade the Internet tackle (IP). To meet the CC certification standard, some modifications to the current surroundings are required when making use of a internet firewall. Company A said, “To reap CC certification, we need to supply up all the deserves of R&D merchandise and remake merchandise in accordance with previous standards.” Some corporations grew to become their interest overseas after CC certification was once rejected for comparable motives to Company A.
It used to be pointed out that CC certification does no longer reply suitable to the cloud environment. Although the cloud is the basis that encompasses the running environment, there are issues that it is hard to warranty protection due to the fact CC certification is an character product protection certification.
It is analyzed due to the fact CC certification can't hold up with future applied sciences such as cloud. CC certification solely certifies character protection merchandise running on the cloud platform, however does no longer assurance the safety of the cloud platform itself. CC certification is carried out as a single product safety assessment in a closed surroundings of an assessment agency, whereas cloud provider safety certification is evaluated in an genuine person environment. Even if each certifications have been obtained, there is no way to affirm safety threats that might also appear in the manner of the usage of the cloud. For CC certification, the IT Security Certification Office of the National Security Research Institute serves as a certification body, and for cloud carrier protection certification, the Korea Internet & Security Agency (KISA) serves as an assessment and certification body.
An legitimate from the IT Security Certification Bureau stated on the seventeenth that “CC certification in a cloud surroundings is a hassle that 31 participants of the International Security Assessment Mutual Recognition Agreement (CCRA) are involved about. It will take time, and we will put together a path for development.” The National Information Resource Management Agency, which operates’G Cloud’, is additionally conducting a contemporary repute survey to come up with a cloud protection plan.
Read More: checkpoint cyber security