This release is available in German.
Cloud Computing is a tempting development for IT managers: with cloud computing, companies and organizations no longer have to acquire servers and software solutions themselves and instead rent the capacities they need for data, computing power and applications from professional providers. You only pay for what you use. In Germany, primarily companies are turning to cloud computing, transferring their data, applications and networks to server farms at Amazon, Google, IBM, Microsoft or other IT service providers. In the space of just a few years, cloud computing has emerged as a market worth billions, with a high level of importance for business-location policy in the German economy.
In autumn 2010, researchers from the Fraunhofer Institute for Open Communication System FOKUS in Berlin, together with their colleagues from the Hertie School of Governance, published a study, "Kooperatives eGovernment – Cloud Computing für die Öffentliche Verwaltung" ["Cooperative eGovernment: Cloud Computing for Public Administration"]. The study had been commissioned by ISPRAT, an organization dedicated to conduct interdisciplinary studies in politics, law, administration and technology. The study addresses the aspect of security, identifies risks, and uses various implementation scenarios to describe the benefits and advantages of this new technology for public administrators, with a particular focus on federal requirements in Germany.
"There are considerable reservations about cloud computing in the public-administration area. First, because of the fundamental need to protect citizens' personal data entrusted to public administrators; but also the potential of outsourcing processes are frightening in the eyes of the authorities. Due to fear of the loss of expertise, for one, and for another because the law requires that core tasks remain in the hands of administrators." This is how study co-author Linda Strick of FOKUS summarizes the status quo.
The study points out that cloud-specific security risks do in fact exist, but that these can be completely understood and analyzed. "There is even reason to assume that cloud-based systems can actually fulfill higher security standards than classic solutions," Strick explains. To assist administrators with introduction of the new technology, FOKUS researchers in the eGovernment laboratory are developing application scenarios for a media-fragmentation-free and hence interoperable use of cloud-computing technologies.
A cockpit for security
To permit companies and public authorities to acquire practical experience with the new technology and test security concepts, experts from the Fraunhofer Institute for Secure Information Technology SIT in Munich have created a Cloud Computing Test Laboratory. Along with security concepts and technologies for cloud-computing providers, researchers there are also developing and studying strategies for secure integration of cloud services in existing IT infrastructures.
"In our test lab, function, reliability and interoperability tests, along with individual security analyses and penetration tests, can be carried out and all of the developmental phases considered, from the design of individual services to prototypes to the testing of fully functional comprehensive systems," notes Angelika Ruppel of SIT in Munich.
Working with the German federal office for information security [Bundesamt für Sicherheit in der Informationstechnik] BSI, her division has drafted minimum requirements for providers and has developed a Cloud Cockpit. With this solution, companies can securely transfer their data between different cloud systems while monitoring information relevant to security and data protection. Even the application of hybrid cloud infrastructures, with which companies can use both internal and external computing power, can be securely controlled using the Cloud Cockpit.