Next Generation Certification (NGCert)
The content on this page was translated automatically.
Trustworthy cloud services through dynamic certification of qualitative, data protection and security requirements
Companies in particular are increasingly moving business processes and data to cloud environments. As a result, the requirements for quality, data protection and data security of such offerings are increasing. Recourse to certificates is a proven means of demonstrating compliance with standards and the implementation of internal quality processes, and not just in the IT industry. Certificates promote transparency and enable customers to easily compare different providers. However, the validity period of regularly one to three years is too long for such a changing and evolving field as cloud services and the underlying technologies. Regardless of legal or actual changes, certificates suggest a high security standard over the entire validity period.
The NGCert project therefore aims to address the dynamic nature of cloud services with a dynamic certification solution. With a dynamic certification procedure, much more precise statements can be made about the fulfillment of the respective requirements. On the basis of standards, such as CSA or ISO standards, the requirements of a certificate are to be checked continuously and (partially) automatically in order to be able to map a system status that is always up to date. This is intended to increase the informative value of certificates and thus the confidence of users in them.
From a legal perspective, there is a need for research into data protection and data security in the certification of cloud services. So far, there has been a lack of proposals for a concrete legal framework for such certification. The research work of the project group on constitutionally compatible technology design will focus on the dynamics and the (partial) automatability of testing steps. Research will also be conducted into the legal effects of such a certificate and the legal consequences of its erroneous issuance. The project group on constitutionally compatible technology design has set itself the goal of not only examining the legal admissibility of dynamic certification procedures for cloud services, but also of developing concrete proposals for the best possible legally compliant design.
The NGCert project is being funded by the German FederalMinistry of Education and Research (BMBF) as part of the German government's high-tech strategy, together with four other projects in the research field "Secure Cloud Computing", in order to expand the innovation potential of cutting-edge research in the field of information and communication technologies.
Fraunhofer Institute for Applied and Integrated Security
Mr. Mario Hoffmann
Technical University of Munich
Faculty of Computer Science
Chair of Information Systems (I 17)
Dr. Michael Schermann
University of Cologne
Faculty of Economics and Social Sciences
Department of Business Administration
Junior Professorship for Business Informatics and Information Systems Quality
Mr. Prof. Dr. Ali Sunyaev
Mr. Andreas Weiss
Fujitsu Technology Solutions GmbH
Mr. Volker Wiedmer
Anstalt für Kommunale Datenverarbeitung in Bayern (AKDB)
Mr. Michael Diepold