Legal compliance and data security are two major issues when it comes to Cloud computing. In particular in Europe, data protection has become an important impact factor regarding security, management, and offerings of IT-Outsourcing. Caused by the specific technical design of Cloud environments, legal compliant security faces several challenges that need to be overcome. It is difficult to track data processing within the Cloud, in particular where and by whom data is processed. This makes it very difficult to prove if and how data has been processed within the Cloud, which is for example mandatory for compliance with European data protection law.
The joint research and development project between Fujitsu Technologies Solutions AG and University of Passau aims for solving the lack of monitoring and control by Cloud customers and Cloud providers to improve the self-determination of the data subjects and the legal security of the Cloud providers. By investigating current legislation and technical state of the art on data protection and IT-Security, new solutions shall be indentified to implement and prove security and legal compliance of Cloud Computing.
Therefore, the project focuses on
- deriving technical requirements from applicable legislation on Cloud computing,
- identifying and implementing an effective isolation- and protection model for data processing within the Cloud, and
- supporting and improving compliance monitoring and auditing of Cloud services.