SecureClouds has the goals the develop a software environment for tool-based security and compliance analysis of business processes that will be outsourced into the cloud.
Cloud computing is yet one of the leading developments and depicts the biggest progress in web technologies.
Computing power, memory space or even complex services are outsourced using standardized interfaces and made available via internet. Users and companies are then charged for their service usage according to usage time and user count. Through this, cloud computing offers a convenient way for using shared and easy accesible resources, in both a web-based and demand-oriented sense. Resources can be accessed directly and automatically.
However, cloud computing brings concept-based risks, which are to be approached within this project: e.g. the risk of private data becoming publicly available or attacks on customer data by the cloud computing provider's staff.
Outsourcing of services into a cloud computing environment arises numerous compliance and security problems for the potential customer. Legal requirements as well as business requirements must be met after migration to a cloud environment. Compliance to laws, industry-specific regulations and other rules has to be kept. Thus, a potential user of cloud computing services has a need for technologies and tools, that allow him to get a deep insight in fulfillment of security and compliance requirements regarding the market. These tools need to offer support for decision making, if services should be outsourced into the cloud. Furthermore, if services are to be outsourced, there is a need for tool-supported approaches for ensuring that security and compliance requirements are still met after migration.
The goal of this project is to develop an analytic tool environment regarding the security requirement analysis of processes that are to be outsourced into the cloud. The tool-based examination of business processes is based on the different artefacts available within the companies, such as documents, forms and log-files. Thereby it can be checked whether outsourcing of a process is possible while keeping all security and compliance requirements.