Security Assessment at All Levels: Pentest and Cloud Security Audit at Deutsche Fiskal

1. December 2023

The need for a pentest is often driven by compliance requirements. However, in many cases, a pentest alone is not enough to make a reliable statement about the security level in the company. Especially when applications are hosted in the cloud, additional attack vectors must be taken into account. DF therefore commissioned usd AG to carry out a cloud security audit of its cloud infrastructure in addition to a pentest of its application. The usd AG team of experts analyzed the configuration of the Azure cloud services and the applications running on them.

As a nationwide provider of cloud-based solutions, Berlin-based Deutsche Fiskal, together with its partner D-Trust GmbH, a company of the Bundesdruckerei Group, provides a comprehensive range of solutions for implementing the legal requirements for POS systems. Deutsche Fiskal consistently relies on cloud computing as a modern technological platform for the implementation of its solutions.

"As a provider of cloud solutions, Deutsche Fiskal processes a very high volume of transactions, which can reach very high peaks, especially at the end of the year," explains Jan Dau, Managing Director of Deutsche Fiskal. "The cloud offers an ideal solution here with its flexible scalability and high availability. Ensuring the best possible level of security for our customers is our top priority. Together with usd AG, we therefore decided at an early stage to have our cloud configuration thoroughly tested in addition to the penetration test. We would like to thank them for their pleasant and competent cooperation."

As the basis for its process model, usd AG has developed a special test procedure that meets the highest security standards. The experts are guided by the requirements of the Payment Card Industry Data Security Standard (PCI DSS), the recommendations of the German Federal Office for Information Security (BSI) and the guidelines of the Open Web Application Security Project (OWASP). The best practices of leading cloud service providers and the benchmarks of the renowned Center for Internet Security (CIS) are also taken into account. By cleverly combining these requirements, the process model ensures a holistic view of the security level and a sustainable increase in security for the tested systems.

Dustin Born, usd Consultant IT Security at usd AG, oversaw the penetration test for Deutsche Fiskal: "The cloud offers its users a wide range of functions and a high degree of flexibility - however, the security-related risks involved are often underestimated. Even if the underlying cloud infrastructure is secure, vulnerabilities can occur that can be exploited by attackers to compromise the organization’s infrastructure. With the help of our cloud pentest, we were happy to support Deutsche Fiskal in preventing such gateways from arising in the first place."

"By carrying out a technical security analysis in the form of pentests and a configuration audit, Deutsche Fiskal has taken exactly the right steps to achieve a higher level of IT security," adds Dr. Kai Schubert, Managing Security Consultant at usd AG. "Companies often focus on checking their application and neglect the configuration of the cloud services themselves. However, Deutsche Fiskal has recognized that a thorough review of the configuration of cloud services as part of a security audit is essential and that the combination with a penetration test is crucial for a strong level of security. Together, the results of the pentest and audit provide a much more comprehensive and reliable statement about the security level of a cloud-based environment than separate security analyses. We would like to thank everyone involved in the Deutsche Fiskal project and look forward to continuing our partnership."


About Deutsche Fiskal

DF Deutsche Fiskal GmbH is a wholly owned subsidiary of GK Software SE and thus benefits from the many years of experience of the leading international provider of branch solutions, the economic and technological strength and the experience of the parent company from numerous fiscalizations worldwide. In the partnership, Deutsche Fiskal is responsible for developing the cloud solution. Bundesdruckerei provides the necessary technical security equipment (TSE), its hosting and the security infrastructure.

Further information can be found at https://www.deutsche-fiskal.de/

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories