Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security and compliance in clouds

: Beckers, K.; Jürjens, J.

presentation urn:nbn:de:0011-n-148604-16 (607 KByte PDF)
MD5 Fingerprint: 988a42b35c0c95673022a58f2470e61d
Created on: 23.10.2013

Pohlmann, N.:
ISSE 2010. Securing electronic business processes : Highlights of the Information Security Solutions Europe 2010 Conference; the Twelfth ISSE Conference, taking place in Berlin on 5 - 7 October 2010
Wiesbaden: Vieweg + Teubner, 2011
ISBN: 3-8348-1438-5
ISBN: 978-3-8348-1438-8
Information Security Solutions Europe Conference (ISSE) <12, 2010, Berlin>
Conference Paper, Electronic Publication
Fraunhofer ISST ()

The use of cloud computing services is an attractive opportunity for companies to improve IT Services and to achieve almost unlimited scalability of the IT infrastructure, and all of this at a significantly reduced cost than this is possible with internal resources. However, the use of a cloud service requires a company to trust the vendor to deal with the company's secret data. In order to check the compliance demands for the required security level, the business processes of the cloud vendor have to be inspected thoroughly. This is a time consuming and expensive task which has to be repeated continuously. Furthermore, company data is increasingly subject to compliance checks for legal regulations that differ in each geographical location, for instance the Sarbanes-Oxley Act (SOX) or the HIPPAA Act in the health domain in the U.S., or Basel II, Solvency II in Europe. We report on ongoing research about an automated compliance analysis method specifically for the analysis of the business processes of a cloud service provider. Nowadays, customers of cloud services can only inquire the existence of single security features like a firewall. The review of the entire security concept on a process level is seldom possible.