Project Next Generation Certification (NGCert)
An increasing number of organizations outsource their data and applications to the cloud, empowering them to achieve financial and technical benefits. However, some organizations are still hesitant to adopt cloud services because of security, privacy, and availability concerns as well as doubts about the trustworthiness of cloud providers. Cloud service certifications are good means to establish trust, increase transparency of the cloud market, and allow providers to improve their processes and systems. Several certifications, such as “EuroCloud Star Audit” issued by EuroCloud, have recently evolved and attempt to assure a high level of security, availability, and legal compliance, for a validity period of one to three years. However, cloud services are part of an ever-changing environment, resulting from fast technology life cycles and inherent cloud computing characteristics. Hence, such long validity periods may put in doubt the reliability of issued certificates. Conditions and requirements of such certifications may no longer be met throughout these periods, for instance, due to configuration changes or major security incidents.
To increase trustworthiness of issued certifications and to assure continuously reliable and secure cloud services, the German Federal Ministry of Education and Research funded five projects in the research area “Secure Cloud Computing” of the federal government’s “High-Tech Strategy”. The project “Next Generation Certification” (NGCert) focuses on research and development of dynamic certifications for cloud services, which enable auditors to continuously and (semi) automatically audit and monitor crucial parameters of cloud services. In this context, the CII Lab develops metrics, methods, and design guidelines for continuous monitoring and (semi) automatic certification of cloud services. In the course of NGCert, the KIT is partnering with Fraunhofer AISEC, Technische Universität München, University of Kassel, EuroCloud Germany, Fujitsu, and AKDB, among other field and transfer partners, and experts.
articleSebastian Lins, Stephan Schneider, Jakub Szefer, Ibraheem Shafeeq, Ali Sunyaev
Designing Monitoring Systems for Continuous Certification of Cloud Services: Deriving Meta-Requirements and Design Guidelines
Communications of the AIS, 44, 2019
bookSebastian Lins, Stephan Schneider, Ali Sunyaev
Cloud-Service-Zertifizierung. Ein Rahmenwerk und Kriterienkatalog zur Zertifizierung von Cloud-Services
Springer, Gabler Verlag, Juli, 2019