Availability, confidentiality, integrity - these are AEB's top security objectives. This goes beyond the technical nuts and bolts of our IT solutions. It also covers the availability of our contact persons, the confidentiality with which we handle business partner data, and the integrity we ensure through clear data processing workflows.
The security and protection of your data are part of our AEB DNA and have always been an integral part of our solutions.
That's why AEB has had ISO 27001 certification for data center (cloud) operations and product development for over ten years and is also certified as an „Authorized Economic Operator - Security“ (AEO-S).
AEB is focused not only on operational and risk management aspects, of course. We also prioritize the modern security mechanisms necessary to protect data. This includes next-generation firewalls, intrusion detection and prevention systems, automatic alerting, and much more - all running with multiple levels of redundancy.
AEB performs penetration tests several times a year and also regularly scans all logins and applications in the AEB Cloud, so we're able to proactively identify potential vulnerabilities and attack scenarios.
AEB deploys a central user repository and role-based security model to control the physical and electronic access of customers and employees to resources and solutions. This ensures that users can access only the applications and environments for which they are actually authorized. Users are consolidated in role groups, with access granted strictly to role objects, not individual user objects.
Users with special administrative rights or privileges are also consolidated in appropriate role groups, where they are subject to the groups' processes and approvals. Particularly sensitive privileges (such as access to firewalls or admin portals) require the user to have a special personalized administrator account. „Normal“ user accounts are not granted these rights and cannot be assigned to the corresponding roles.
Quality assurance at AEB means that before any new code goes live, our test managers perform manual testing for strict compliance with data protection and security requirements and our own in-house specifications. We also run continuous automated testing during the development phase to protect our software against unintended side effects.
Access restrictions and role concepts ensure the security of our software products during operation.
Access to AEB offices and infrastructure is generally restricted to AEB employees. All comings and goings are logged. Guests must be announced in advance by the AEB employee who invites them and then register upon arrival at the reception desk. They must remain on the ground floor and visibly display a guest pass so that everyone can recognize them as guests.
Only trained AEB employees have physical access to the data centers, with two-factor authentication and video monitoring providing extra layers of security.
All employees are encouraged to approach or report unknown or suspicious visitors. After hours, this task is handled by security personnel, who check all rooms and specified points. This ensures that there are no unauthorized people in the building or on the premises.
When logistics and customs processes come to a standstill, this can have massive consequences for many companies. That's why it's essential that AEB Cloud software, services, and support remain available without any hiccups. AEB has implemented a comprehensive business continuity management system to ensure that this is the case - even when the unexpected occurs.
„For us, business continuity management is an essential part of risk management,“ explains Martin Setzler, member of the Board of Directors and responsible for IT at AEB. „That's why we also see it as closely interlinked with our ISO 27001-certified information security management system, in which business continuity is defined as a separate area of regulation.“
The structure of AEB's business continuity management (BCM) is described in the AEB Business Continuity Guideline, based on the BCM Standard 100-4 issued by Germany's Federal Office for Information Security (BSI) and the ISO 22301 and ISO 22313 standards. BCM is divided into two core areas of action: emergency prevention and emergency management.
The preventive measures are defined in an emergency preparedness concept aimed at reducing both the probability of occurrence and any possible damage. The key question: Which precautions and actions must be taken to immediately restore system availability in the highly improbable event of a partial or complete system failure?
The emergency preparedness concept comprises tools that allow AEB to correctly classify and evaluate its processes by relevance so that emergency measures can be executed smoothly. This includes regular drills.
Should an emergency ever actually occur and AEB or its solutions ever suffer a disruption, an Emergency Guide provides a clear definition of processes and responsibilities. The Emergency Guide contains predefined contingency plans for various scenarios to ensure quick, efficient decision-making processes, even during a crisis.
These measures help reassure customers that AEB will respond to even a worst-case scenario in an ordered and professional manner to get AEB services up and running again quickly.
I’ve been keeping an eye on security issues as an IT Security Manager at AEB since 2006.
Why I’m so passionate about this job:
As a member of the Executive Board, I am also generally responsible for operations and support of AEB’s existing customers and our cloud offerings. This includes responsibility for IT and quality management. On the Company Council, I am also passionately engaged in the big issue of how we work together at AEB.