KIRAS Security Research

  •  11
F&E-Dienstleistungen > 2016

SECCAT

Criterion Catalogue, Seal of Approval, and Cloud-Security Platform for Austria Starting Point

The technological developments stemming from digital transformation present great opportunities. Cloud computing has been underestimated for some time, but it has proven to be a major driver of a wide range of ICT transformations. Given the rapid development of cloud, the multiple possibilities cloud offers, and the cloud-provider-dominated ICT market, cloud players in Austria are facing new and urgent challenges.

This is true for both high-quality private-sector providers of secure cloud and federal authorities providing and using cloud services. It is imperative to transform legitimate but vague doubts about the quality and dependability of cloud services into an object framework. Furthermore, the security aspects of cloud services must be improved. To this end, many initiatives have been initiated in various countries over the last couple of years. The most prominent is the adoption of the trusted-cloud seal of approval of the Federal Ministry of Economic Affairs and Energy in Germany, as presented at CeBIT.

Demand and the Desired Results
Austria urgently needs a clear framework for end users and high-quality providers of secure cloud services. This is necessary for federal organizations and entities affiliated with the federal government, whether providers or users of cloud services. The framework (and quality criteria) should be formulated so that it is flexible, since it must be applicable for a wide range of ministries. A similar initiative recently introduced in Germany could be utilized as a benchmark and reference guide; a version adapted for the Austrian market could be launched in the country.

The proposed research and consultancy project is intended to lay the foundation for a trusted-cloud seal of approval, one that takes Austrian market characteristics into account yet is internationally compatible — an indispensable characteristic in terms of European-wide tender proceedings.

The federal government should become a role model and should directly influence the quality of cloud services by demonstrating how high-quality secure cloud services can be more easily, cheaply, and quickly compared, evaluated, and contracted.

By establishing a trusted-cloud seal of approval, the government can demonstrate how responsible cloud users, especially those with specific requirements, can differentiate between secure, trusted, and high-quality offerings on the one hand and lower-standard cloud services on the other. 

Project Goals

 

The primary goal of the project is to prepare quality-control measures and a criterion catalogue to support the secure adoption of cloud among private- and public-sector organizations in Austria. In the framework of this project, the situation regarding cloud computing and mobile devices in Austrian organizations will be researched in depth and use cases will be collected.

In the second phase, in close cooperation with stakeholders, a criterion catalogue will be formulated to address requirements. Among others, one or more stakeholder workshops will be organized to engage stakeholders and experts in the fields of cybersecurity, cloud computing, and mobility. To ensure the applicability of the criteria to be included in the catalogue, each criterion will be validated by these stakeholders, as well as by government agencies.

Project Topics

 

  • The current situation in terms of cloud usage and cloud-customer organizations; the effects of cloud computing on employment in the country; a trust index; cloud constraints; and international benchmarks — all with the aim of creating a framework specifically suited to Austria
  • The development of a cloud seal of approval and a comparison of approaches and content quality; a market overview and decision criteria; and best practices
  • A trusted-cloud label for Austria based on an objective and transparent criterion catalogue, including requirements, domains, and value propositions
  • The basis and characteristics of an Austrian trusted-cloud platform — a wide range of information, transparency criteria, and decision and support tools — as a marketplace for trusted services, replete with offer orientation and decision support
  • A trusted-cloud platform as the publisher of the criterion catalogue and the authority for the granting of the Austrian trusted-cloud seal of approval

Project Deliverables

  • A full report on the current situation in Austria concerning all aspects of cloud computing, complete with international benchmarks
  • A guidance manual for the creation of a federal trusted-cloud seal of approval for Austria
  • A criterion catalogue based on international benchmarks
  • Feedback from Austrian ministries to ensure specific requirements and interests are met — specifically, regarding the quality and security of public agencies — via one or more stakeholder workshops
  • Suggestions regarding the composition and design of functions and processes and the possible organizational structure of an Austrian trusted-cloud platform
  • A manual for the implementation of an Austrian trusted-cloud platform and seal design 

Project Coordinator
IDC Central Europe GmbH  

Project Partners
EuroCloud.Austria
gemeinnütziger Verein zur Förderung von Cloud Computing
REPUCO Unternehmensberatung GmbH
A-SIT Plus GmbH
Bundesministerium für Finanzen – Sektion V  

Contact
Mag. Julia Neuschmid
Parkring 10
1010 Wien
+43 1 516 33 31 78

jneuschmid@idc.com
idc-austria.at