Continuous Auditing based Certification: A process that will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications.
Adopting cloud computing means trusting another party with the security and privacy of your data. Concerns about lacking security, privacy and regulatory requirements hinder cloud adoption, especially for customers working with highly sensitive data. Third-party certification and attestation play a key part in a cloud assurance program, but they don’t go far enough. Traditional point-in-time auditing doesn't completely allay fears, due to, amongst other things, lapse of time between audits and lack of automation.
The EU-SEC project’s solution is to adopt a Continuous Auditing based Certification for cloud services.
The project “European Security Certification Framework” (EU-SEC) aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security certification schemes. The EU-SEC project aims to contribute to the trustworthiness, security and compliance of cloud infrastructures.
Related documents
Related Links:
- White paper
- Continuous Location Validation of Cloud Service Components
- A Process Model to Support Continuous Certification of Cloud Services
- Towards Continuous Security Certification of SaaS Applications Using Web Application Testing Techniques
- Evaluating the Performance of Continuous Test-based Cloud Service Certification
- EU-SEC D2.2 – Continuous Auditing Certification Scheme
- EU-SEC D5.1 – Pilot Definition