Federal Office for Information Security (BSI)

Secure use of cloud services

Target groups

The publication "Secure use of cloud services" is primarily intended for cloud users. However, it can also be interesting for cloud providers to adapt their offers better to the needs of the cloud users.

Role: Cloud Users (primary), Cloud Providers (secondary)
Target group: Management (primary), Beginners (primary), Professionals (secondary)


The publication "Secure use of cloud services – Step by step from the strategy to the expiration of the contract" describes one approach of being able to use cloud services in a secure manner. Its content is based on the IT-Grundschutz module M 1.17 "Cloud usage". However, it is explicitly intended for all organisations which would like to use cloud services even if they do not apply IT-Grundschutz. In a short and concise form, the individual steps to be taken in order to use cloud services are described, supplemented by various references to other publications. The outsourcing and storage of data and applications in a cloud has significant effects on the organisation’s own IT; it is a strategic step. This step must be considered and planned carefully as well as supported by the management. Assessing the chances and risks realistically will save users and providers from unpleasant surprises and unfulfilled expectations. The approach described in the publication helps to ask the important questions at the right time and to find the answers for them.


All information are also available in German.