|
|
|
|
|
|
by madaxe_again
1791 days ago
|
|
|
But they’re ISO27001 certified? Didn’t they have security controls for transit of protected information? What about human resource security? What about their access control policy and network access control policy? Do you know who their certifier is, as they don’t say, so I can ensure I never, ever trust them? |
|
|
The whole ISO27001 thing is false advertisement, the scope is very restricted and scaleway, online.net, dedibox or whatever are NOT ISO27001 certified.
The certification only applies to a very restricted range of products which are not even pubicly available.
> What about their access control policy and network access control policy?
A joke, many critical services were only firewalled to the outgoing ip address of their corporate wifi network which practically anyone entering the building was given the password.
The private network on online.net dedibox offering was just ACLs that were applied with a loop on every switch without much error handling it happened that what was displayed on the console was not the real configuration applied to a switch. What a joke.
And this is just a starter, this kind of things goes on and on. Scaleway is a terrible company.