Ensured IT security & GDPR compliance for the international web hosting provider 

Information security is not something that a responsible business can avoid these days. Especially when it comes to EU citizens’ data processing. General Data Protection Regulation (GDPR) is an essential regulation that every company must follow. The GDPR’s purpose is not only to protect against cyber attacks but also to ensure the proper processing of EU citizens’ personal data. 

In 2021, more than 130,000 personal data breaches caused by poor data processing were notified to regulators, ending in a total worth €1.087 billion in fines. Moreover, one cyber crime can cost companies $2.9 million every minute worldwide. Based on global statistics, more companies need to step up their information security game. Especially when cyber criminals do not plan to stop stealing personal information, blackmailing or using that data against businesses and individuals. 

Although the number of cyber attacks and data breaches arises, we see a positive tendency in companies that more often decide to strengthen their IT security with professional assessment services. Therefore, we proudly present a case study about Information Security and GDPR assessments provided for the international web hosting provider — Hostinger. 

Situation

Hostinger is a customer-obsessed, idea-driven web hosting provider recognised as the fastest-growing hosting brand in 2020. The company provides top-notch web hosting services and technology, allowing people around the globe to unlock the power of the internet and acquire the freedom to learn, create, and grow.  

For Hostinger, which stores much information of their clients from businesses and individuals, it is crucial to guarantee a solid information security not only of clients’ data but also of their customers’ data. Moreover, the company operates within the EU, where data protection and privacy are ensured by the GDPR. Therefore, professional GDPR Compliance and Information Security assessments are needed to prevent any possible cyber-attack or internal data breach. 

Hostinger looked for a partner that could offer a team of certified IT security experts with proven GDPR and information security expertise. Thus, Baltic Amadeus has proposed executing two assessments to evaluate Hostinger’s IT infrastructure security and GDPR compliance and provide an action plan to remove any found threats and risks. 

Solution

During the 2 months, Baltic Amadeus provided a comprehensive IT security assessment divided into three main steps: organising needed information; reviewing and evaluating provided documentation; delivering a report document with found observations and recommendations. 

Throughout the process, the Baltic Amadeus executed Information Security Controls, their compliance with ISO/IEC 27001, 27002, GDPR requirements and CSA Cloud Controls Matrix.  

In the final stage, the Baltic Amadeus team presented a final report, enabling the Hostinger team to clearly understand their IT security situation. With the report, the Baltic Amadeus team explained identified threats, risks, priorities, and recommendations for treating identified IT security vulnerabilities. 

Added value

Experts, who have carefully implemented an in-depth assessment process, hold long-year expertise in the IT security field. Their experience includes Information Security management, IT Security risk management, IT Security Architecture, ISO 27001 implementation, IT Security audits and assessments, Information Security awareness training, Penetration testing, Vulnerability assessments, and more.  

In addition, the assessment team’s competencies are proven by various international certificates such as CISA, CISSP, CDPSE, TOGAF, ITIL, CompTIA Security+, CEH, OSCP and CompTIA Pentest+.  

The full spectrum of expertise proved the highest quality of the provided GDPR and Information Security assessments. 

Other projects