Connected cars are booming, expanding their market share exponentially. To help manage the growing volume of data created by vehicles’ embedded systems, the German Association of the Automotive Industry (VDA) has created TISAX® certification. OUTSCALE, a trusted partner for industries and public organizations, has seized the opportunity this certification offers to reassert its expertise in data streams and data security.
TISAX® certification: Information security in the automotive industry
The profound upheaval in the automotive industry is probably one of the biggest consequences of the latest industrial revolution and the arrival of data in the daily lives of billions of users. The time when a car was just a collection of mechanical parts now seems a distant memory. Electronics are everywhere, and with this omnipresence has come a major challenge that other sectors have also encountered: how to process and manage the data circulating inside and outside of vehicles during their use and manufacturing phase.
To make sure this data is properly handled, third-party audit and certification are essential, and TISAX® (Trusted Information Security Assessment Exchange) has established itself as a leading certification label in automotive data security management.
The importance of data management in the automotive industry
From tyre pressure to traffic analysis, from Electronic Stability Control to protecting manufacturers’ jealously guarded patents and prototypes, there is a considerable amount of data circulating in the automotive sector, be it in the passenger compartment, on the road, at dealerships, or throughout the systems of manufacturers or their partners… And the trend shows no signs of abating.
Though fully autonomous cars are not yet a reality, recent developments have all tended to increase vehicle connectivity in a bid to provide a better, safer, more efficient and more pleasant driving experience. And all these developments have one thing in common: the circulation of data. In an article published in March 2022, Alex Bufalino, Vice-President of Marketing at Quectel, predicted that each connected vehicle could produce nearly 25GB of data per hour.
Edouard Camoin, VP Resilience at OUTSCALE, explains this trend: “We are seeing more and more embedded systems. The information cannot remain local; it has to go through a Cloud Computing system. The challenge then lies in creating a common language between the automotive industry and this new technological dimension, which at first glance seems so far removed from its fundamentals.”
The reason why this issue is so important is that data offers huge opportunities for manufacturers and their partners. As pointed out by Laurence Albinet, Governance, Risk and Compliance Director at OUTSCALE: “The data produced by a car is extremely valuable if used properly, but personal data also needs to be protected. There are two levels of data security: protecting the manufacturer’s know-how (intellectual property) and protecting personal data.” Hence the importance of being able to count on appropriate, reliable and objectively recognised tech solutions.
The TISAX® label, a mark of reliability
As a trusted partner of automotive industry players, OUTSCALE needs to provide its customers with a guarantee that their data streams will be properly managed, secured and protected. Certification provides reassurance as it observes and verifies every step of the value chain to confirm the Cloud operator’s reliability and expertise. TISAX® certification concerns both the technical and the organisational environment.
In particular, it focuses on two key aspects: information security and data protection. Information security is the umbrella term to describe all the overarching practices and systems from which the information value chain stems. Data protection, meanwhile, can be divided into several categories: confidentiality, integrity, availability and traceability.
Edouard Camoin reiterates the importance of such certification for customers and users alike: “The certification process involves verification by an independent body. That way, complete trust is established at every stage of the value chain. Since more data means more potential ways in for hackers, such trust is especially important.”
The multiple recent attempts to hack Tesla show how important this security is. TISAX® certification guarantees end-to-end security at every step of the value chain. Out of the three aspects – information security, prototypes and data protection – a Cloud provider can position itself on the first and the last one.
Strengthening our compliance program
Based closely on ISO 27001 certification, the TISAX® label was designed specifically for the automotive sector and the data exchanges that occur within it. Though the standards it requires are similar to those of other certification systems, obtaining it is no easy task. Edouard Camoin nevertheless insists that pursuing TISAX® certification has not resulted in any fundamental change in the way OUTSCALE operates or manages information systems security.
“Adjusting our management processes to aim at this certification strengthened our compliance program. This is an important adaptation process, as implementation and certification are two completely different things. It’s not just a box-ticking exercise; the entire value chain is audited,” says Laurence Albinet. Having started the process in 2022, OUTSCALE has now officially been awarded TISAX® certification and becomes the only sovereign Cloud that is both SecNumCloud-qualified and TISAX®-certified.
Click here to learn more about the certification.