Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Informatik 2014 P-232, 289-296 (2014).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


On the measurement of data protection compliance of cloud services

Thomas Kunz , Annika Selzer and Ulrich Waldmann


Companies want to benefit from the numerous advantages of cloud services such as flexibility and cost efficiency. However, cloud services vary considerably with respect to the security and privacy mechanisms provided. Moreover, security-aware companies complain the lack of transparency concerning the security measures and processes the cloud provider has installed. As a solution for the latter one, auditors may evaluate cloud providers and issue certificates attesting whether the cloud provider meets the agreed requirements. However, due to the characteristics of cloud computing, on-site inspections in the data centers of a cloud provider do not seem to be realistic. In this paper we show how metrics can be derived from data protection requirements and how these metrics can be expressed in the form of formal policies, in order to be used for an automated evaluation of cloud services1.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-626-8

Last changed 18.11.2014 21:15:55