An increasing number of organizations outsource their data and applications to the cloud, empowering them to achieve financial and technical benefits. However, some organizations are still hesitant to adopt cloud services because of security, privacy, and availability concerns as well as doubts about the trustworthiness of cloud providers. Cloud service certifications are good means to establish trust, increase transparency of the cloud market, and allow providers to improve their processes and systems. Several certifications, such as “EuroCloud Star Audit” issued by EuroCloud, have recently evolved and attempt to assure a high level of security, availability, and legal compliance for a validity period of one to three years. However, cloud services are part of an ever-changing environment resulting from fast technology life cycles and inherent cloud computing characteristics. Hence, such long validity periods may put in doubt a reliability of issued certificates. Conditions and requirements of such certifications may no longer be met throughout these periods, for instance, due to configuration changes or major security incidents.
Research and development of a dynamic certification for providing ongoing assurance of certification adherence.
The project NGCert is part of the “Secure Cloud Computing” program, which is derived from the so-called Hightech-Strategy by the German government.
Project volume: 2.34 Mio. € (91% of which is funded Federal Ministry of Education and Research)
To stay up-to-date you can register for the NGCert Newsletter here!
Start: October 2014
End: September 2017
Further information on the project NGCert and the “Secure Cloud Computing” program can be found here.