Suchergebnisse

Cloud Computing ist ein Trend in der Informationstechnologie, dem noch viele Bedenken entgegenstehen. Für Anbieter und Nutzer stellt sich insbesondere die Frage, inwieweit datenschutzrechtskonformes Cloud Computing möglich ist. Die Autorin untersucht, unter welchen Voraussetzungen Cloud Computing als Auftragsdatenverarbeitung i.S.d. § 11 BDSG durchgeführt werden kann. Daran schließt sich die Prüfung an, ob Cloud Computing auch als Datenübertragung an einen Dritten und Datenverarbeitung durch einen Dritten möglich ist.Weiterhin wird Cloud Computing in Bezug zu sog. Drittstaaten behandelt. Dabei wird auf die Frage eingegangen, ob es über die Grenzen des EWR hinaus datenschutzrechtskonform genutzt werden kann. Schließlich wird das anwendbare Recht für den Cloud-Anbieter auf der einen Seite und für den Cloud-Nutzer auf der anderen Seite bestimmt. Die Autorin gibt dabei an den jeweiligen Stellen einen Ausblick auf die von der EU-Kommission geplante EU-Datenschutz-Verordnung

Cloud Computing ist ein Trend in der Informationstechnologie, dem noch viele Bedenken entgegenstehen. Für Anbieter und Nutzer stellt sich insbesondere die Frage, inwieweit datenschutzrechtskonformes Cloud Computing möglich ist. Die Autorin untersucht, unter welchen Voraussetzungen Cloud Computing als Auftragsdatenverarbeitung i.S.d. § 11 BDSG durchgeführt werden kann. Daran schließt sich die Prüfung an, ob Cloud Computing auch als Datenübertragung an einen Dritten und Datenverarbeitung durch einen Dritten möglich ist.Weiterhin wird Cloud Computing in Bezug zu sog. Drittstaaten behandelt. Dabei wird auf die Frage eingegangen, ob es über die Grenzen des EWR hinaus datenschutzrechtskonform genutzt werden kann. Schließlich wird das anwendbare Recht für den Cloud-Anbieter auf der einen Seite und für den Cloud-Nutzer auf der anderen Seite bestimmt. Die Autorin gibt dabei an den jeweiligen Stellen einen Ausblick auf die von der EU-Kommission geplante EU-Datenschutz-Verordnung

The technological advances and success of Service-Oriented Architectures and the Cloud computing paradigm have produced a revolution in the Information and Communications Technology (ICT). Today, a wide range of services are provisioned to the users in a flexible and cost-effective manner, thanks to the encapsulation of several technologies with modern business models. These services not only offer high-level software functionalities such as social networks or e-commerce but also middleware tools that simplify application development and low-level data storage, processing, and networking resources. Hence, with the advent of the Cloud computing paradigm, today's ICT allows users to completely outsource their IT infrastructure and benefit significantly from the economies of scale. At the same time, with the widespread use of ICT, the amount of data being generated, stored and processed by private companies, public organizations and individuals is rapidly increasing. The in-house management of data and applications is proving to be highly cost intensive and Cloud computing is becoming the destination of choice for increasing number of users. As a consequence, Cloud computing services are being used to realize a wide range of applications, each having unique dependability and Quality-of-Service (Qos) requirements. For example, a small enterprise may use a Cloud storage service as a simple backup solution, requiring high data availability, while a large government organization may execute a real-time mission-critical application using the Cloud compute service, requiring high levels of dependability (e.g., reliability, availability, security) and performance. Service providers are presently able to offer sufficient resource heterogeneity, but are failing to satisfy users' dependability requirements mainly because the failures and vulnerabilities in Cloud infrastructures are a norm rather than an exception. This thesis provides a comprehensive solution for improving the dependability of Cloud computing -- so that -- users can justifiably trust Cloud computing services for building, deploying and executing their applications. A number of approaches ranging from the use of trustworthy hardware to secure application design has been proposed in the literature. The proposed solution consists of three inter-operable yet independent modules, each designed to improve dependability under different system context and/or use-case. A user can selectively apply either a single module or combine them suitably to improve the dependability of her applications both during design time and runtime. Based on the modules applied, the overall proposed solution can increase dependability at three distinct levels. In the following, we provide a brief description of each module. The first module comprises a set of assurance techniques that validates whether a given service supports a specified dependability property with a given level of assurance, and accordingly, awards it a machine-readable certificate. To achieve this, we define a hierarchy of dependability properties where a property represents the dependability characteristics of the service and its specific configuration. A model of the service is also used to verify the validity of the certificate using runtime monitoring, thus complementing the dynamic nature of the Cloud computing infrastructure and making the certificate usable both at discovery and runtime. This module also extends the service registry to allow users to select services with a set of certified dependability properties, hence offering the basic support required to implement dependable applications. We note that this module directly considers services implemented by service providers and provides awareness tools that allow users to be aware of the QoS offered by potential partner services. We denote this passive technique as the solution that offers first level of dependability in this thesis. Service providers typically implement a standard set of dependability mechanisms that satisfy the basic needs of most users. Since each application has unique dependability requirements, assurance techniques are not always effective, and a pro-active approach to dependability management is also required. The second module of our solution advocates the innovative approach of offering dependability as a service to users' applications and realizes a framework containing all the mechanisms required to achieve this. We note that this approach relieves users from implementing low-level dependability mechanisms and system management procedures during application development and satisfies specific dependability goals of each application. We denote the module offering dependability as a service as the solution that offers second level of dependability in this thesis. The third, and the last, module of our solution concerns secure application execution. This module considers complex applications and presents advanced resource management schemes that deploy applications with improved optimality when compared to the algorithms of the second module. This module improves dependability of a given application by minimizing its exposure to existing vulnerabilities, while being subject to the same dependability policies and resource allocation conditions as in the second module. Our approach to secure application deployment and execution denotes the third level of dependability offered in this thesis. The contributions of this thesis can be summarized as follows.The contributions of this thesis can be summarized as follows. • With respect to assurance techniques our contributions are: i) de finition of a hierarchy of dependability properties, an approach to service modeling, and a model transformation scheme; ii) de finition of a dependability certifi cation scheme for services; iii) an approach to service selection that considers users' dependability requirements; iv) de finition of a solution to dependability certifi cation of composite services, where the dependability properties of a composite service are calculated on the basis of the dependability certi ficates of component services. • With respect to off ering dependability as a service our contributions are: i) de finition of a delivery scheme that transparently functions on users' applications and satisfi es their dependability requirements; ii) design of a framework that encapsulates all the components necessary to o er dependability as a service to the users; iii) an approach to translate high level users' requirements to low level dependability mechanisms; iv) formulation of constraints that allow enforcement of deployment conditions inherent to dependability mechanisms and an approach to satisfy such constraints during resource allocation; v) a resource management scheme that masks the a ffect of system changes by adapting the current allocation of the application. • With respect to security management our contributions are: i) an approach that deploys users' applications in the Cloud infrastructure such that their exposure to vulnerabilities is minimized; ii) an approach to build interruptible elastic algorithms whose optimality improves as the processing time increases, eventually converging to an optimal solution.

Part 3: Selected Papers (Part I) - Legal Aspects and User Rights ; International audience ; In cloud computing, a cloud service-brokering framework mediates between cloud service users (CSUs) and cloud service providers (CSPs) to facilitate the availability of cloud services to the users according to their requirements from multi-cloud environment. The current cloud service brokering framework considers the service performance commitments of CSPs, but it is not aware of current legal/regulatory compliance status of CSPs when recommending services to the users. A cloud contract (terms of service, Service Level Agreement (SLA)) helps cloud users in their decision making to select an appropriate CSP according to their expectations. CSUs feedback and survey report show that users are still not satisfied with the current terms and conditions committed to by CSPs. They believe that the terms and conditions are unclear or unbalanced, which they sometimes are when in favour of CSPs. In this paper, we identify some major issues to be included in cloud contract to make it safe and fair to all parties involved in the agreement from the European Union (EU) data protection perspective. Another contribution of the paper is analyzing cloud contracts (their terms of service and SLAs) offered by international CSPs in respect of the standard guidelines recommended by different independent bodies to include in the cloud contracts. This information is visualized in a sorting table, called a Heat Map table, which gives a clear picture of the regulatory compliance status of CSPs in their cloud contract documents.

Trustworthy cloud computing has been a central tenet of the European Union cloud strategy for nearly a decade. This chapter discusses the origins of trustworthy computing and specifically how the goals of trustworthy computing—security and privacy, reliability, and business integrity—are represented in computer science research. We call for further inter- and multi-disciplinary research on trustworthy cloud computing that reflect a more holistic view of trust.

Die Autoindustrie macht es, die Finanzbranche, die Versicherungswirtschaft sowieso: Sie alle schieben ihre Daten mehr oder weniger umfangreich in die Cloud. Die Frage drängt sich auf, wieso das Gesundheitswesen schon wieder Berührungsängste in Bezug auf eine neue Technologie entwickelt? "Es fehlen noch ein paar Antworten", springt Tobias Kretschmer, Vorstand des Instituts für Strategie, Technologie und Organisation an der Ludwig-Maximilians-Universität München, den Krankenhäusern zur Seite, obwohl auch er ein Verfechter der Datenwolke ist.

Cloud Computing zählt zu den bedeutsamsten Wachstumsmärkten in der IT-Branche und verspricht deutlich effizientere und kostengünstige Möglichkeiten der Ressourcennutzung. Eine jederzeitige Bestimmung und Bestimmbarkeit des konkreten Standorts der Datenverarbeitung ist nicht mehr notwendig und oftmals gar nicht möglich. Dadurch wird geltendes Recht, das regelmäßig an konstante Faktoren wie den Verarbeitungsort anknüpft, vor neue Herausforderungen gestellt. Die Arbeit befasst sich mit der Frage, ob und wie das Rechtssystem kollidierende Ansprüche und Interessen beteiligter Akteure angemessen in Einklang bringen, wie Rechtsunsicherheiten vermieden und das Vertrauen in Cloud-Technologie gestärkt werden kann. Der Autor erörtert dabei mögliche Lösungswege für einen rechtskonformen Einsatz von Cloud-Diensten und beleuchtet Aspekte des Vertrags- und Deliktsrechts, des Urheberrechts, des Datenschutzrechts und des Kollisionsrechts.Der Beitrag richtet sich an Praxis und Forschung gleichermaßen. (Verlagswerbung)

Financial institutions need to increase revenues, decrease cost and be compliant in these difficult times. To meet all these challenges they need to consider disruptive innovations. Cloud computing is one of them. It helps in introducing innovative services, re-engineer processes, improve agility and optimize value. This book analyses in depth the cloud computing model and its current and potential use in financial services. Cloud Computing can change the paradigm of the financial institutions. The word 'Bank' comes from the Italian word 'Banco', as in the 1300s banking was in the form of a desk in the streets. The new 'banco', the new 'desk', will be cloud. Financial institutions must use the model of Cloud Computing for their transformation to a new paradigm. This book is a blend of academic research, consultancy practice and case studies. It helps in considering opportunities and risks, optimize vendor relationships and organize for the best.