NGCert: Project Next Generation Certification
- Project Group:
Ali Sunyaev, Sebastian Lins
An increasing number of organizations outsource their data and applications to the cloud, empowering them to achieve financial and technical benefits. However, some organizations are still hesitant to adopt cloud services because of security, privacy, and availability concerns as well as doubts about the trustworthiness of cloud providers. Cloud service certifications are good means to establish trust, increase transparency of the cloud market, and allow providers to improve their processes and systems. Several certifications, such as “EuroCloud Star Audit” issued by EuroCloud, have recently evolved and attempt to assure a high level of security, availability, and legal compliance, for a validity period of one to three years. However, cloud services are part of an ever-changing environment, resulting from fast technology life cycles and inherent cloud computing characteristics. Hence, such long validity periods may put in doubt the reliability of issued certificates. Conditions and requirements of such certifications may no longer be met throughout these periods, for instance, due to configuration changes or major security incidents.
To increase trustworthiness of issued certifications and to assure continuously reliable and secure cloud services, the German Federal Ministry of Education and Research funded five projects in the research area “Secure Cloud Computing” of the federal government’s “High-Tech Strategy”. The project “Next Generation Certification” (NGCert) focuses on research and development of dynamic certifications for cloud services, which enable auditors to continuously and (semi) automatically audit and monitor crucial parameters of cloud services. In this context, the CII Lab develops metrics, methods, and design guidelines for continuous monitoring and (semi) automatic certification of cloud services. In the course of NGCert, the KIT is partnering with Fraunhofer AISEC, Technische Universität München, University of Kassel, EuroCloud Germany, Fujitsu, and AKDB, among other field and transfer partners, and experts.