Zusammenfassung
In diesem Kapitel zeigen wir auf, wie bestehende Monitoring-Technologien eines Cloud-Service-Providers im Rahmen einer dynamischen Zertifizierung genutzt werden können, um die Einhaltung von Sicherheits-, Privatsphäre- oder Zuverlässigkeitskriterien kontinuierlich sicherzustellen. Wir leiten allgemeingültige Anforderungen basierend auf den Ergebnissen von drei Fokusgruppeninterviews mit 24 Cloud-Experten und 10 Interviews mit Cloud-Service-Kunden ab. Zudem diskutieren wir, wie bestehende IT-Infrastruktur-Monitoring-Systeme, -Plugins und -Tools im Rahmen einer dynamischen Zertifizierung angewendet werden können.
In this chapter, we show how to leverage existing monitoring technologies to increase efficiency and scope of dynamic cloud service certification, thereby allowing to continuously verify cloud service providers’ adherence to security, privacy and reliability requirements. Based on findings from three expert focus group interviews with 24 cloud experts and 10 one-to-one interviews with cloud customers, we derive requirements for leveraging monitoring technologies for dynamic certification of cloud computing infrastructures. Moreover, we investigate how to leverage existing monitoring systems, corresponding plugins and tools, identify gaps, and provide recommendations for future research to address these gaps.
Preview
Unable to display preview. Download preview PDF.
Literaturverzeichnis
Aceto G, Botta A, Donato Wd, Pescapè A (2013) Cloud Monitoring: A Survey. Computer Networks 57 (9):2093–2115.
Anand M (2012) Cloud Monitor: Monitoring Applications in Cloud. In: Proceedings of the IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, India 2012. pp 1-4.
Brown CE, Wong JA, Baldwin AA (2007) A Review and Analysis of the Existing Research Streams in Continuous Auditing. Journal of Emerging Technologies in Accounting 4 (1):1–28.
Chou CL-y, Du T, Lai VS (2007) Continuous Auditing with a Multi-Agent System. Decision Support Systems 42 (4):2274–2292.
Doelitzscher F, Reich C, Knahl M, Passfall A, Clarke N (2012) An Agent Based Business Aware Incident Detection System for Cloud Environments. Journal of Cloud Computing 1 (9):1–19.
Fatema K, Emeakaroha VC, Healy PD, Morrison JP, Lynn T (2014) A Survey of Cloud Monitoring Tools: Taxonomy, Capabilities and Objectives. Journal of Parallel and Distributed Computing 74 (10):2918–2933.
Lang M, Wiesche M, Krcmar H (2016) What Are the Most Important Criteria for Cloud Service Provider Selection? A Delphi Study. In: Proceedings of the 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016. pp 1-18.
Lang M, Wiesche M, Krcmar H (2017) Conceptualization of Relational Assurance Mechanisms - A Literature Review on Relational Assurance Mechanisms, Their Antecedents and Effects. In: Proceedings der 13. Internationalen Tagung Wirtschaftsinformatik (WI 2017), St. Gallen, Switzerland, 2017. pp 852-866.
Lins S, Grochol P, Schneider S, Sunyaev A (2016a) Dynamic Certification of Cloud Services: Trust, but Verify! IEEE Security and Privacy 14 (2):67–71.
Lins S, Schneider S, Sunyaev A (2016b) Trust is Good, Control is Better: Creating Secure Clouds by Continuous Auditing. IEEE Transactions on Cloud Computing (forthcoming). doi:10.1109/tcc.2016.2522411.
Lins S, Teigeler H, Sunyaev A (2016) Towards a Bright Future: Enhancing Diffusion of Continuous Cloud Service Auditing by Third Parties. In: Proceedings of 24th European Conference on Information Systems (ECIS 2016), Istanbul, Turkey, 2016c. pp 1-18.
Lins S, Thiebes S, Schneider S, Sunyaev A (2015) What is Really Going on at Your Cloud Service Provider? In: Proceddings of the 48th Hawaii International Conference on System Science (HICSS 2015), Kauai, Hawaii, USA, 2015. pp 1-10.
Mell P, Waltermire D, Feldman L, Booth H, Ouyang A, Ragland Z, McBride T (2012) CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture (Second Draft). Gaithersburg, MD, U.S.
Nagios Enterprises (2016) NRPE - Nagios Remote Plugin Executor. https://exchange.nagios.org/directory/image/93. Accessed 03.02.2016.
National Institutes of Standards and Technology (2002) Federal Information Security Management Act of 2002. http://csrc.nist.gov/drivers/documents/FISMA-final.pdf. Accessed 22.06.2017.
Rezaee Z, Sharbatoghlie A, Elam R, McMickle PL (2002) Continuous Auditing: Building Automated Auditing Capability. Auditing 21 (1):147–163.
Wu C-H, Shao YE, Ho B-Y, Chang T-Y (2008) On an Agent-based Architecture for Collaborative Continuous Auditing. In: Proceedings of the 12th International Conference on Computer Supported Cooperative Work in Design (CSCWD), Xi’an, China 2008. pp 355–360.
Ye H, Yang J, Gan Y (2012) Research on Continuous Auditing Based on Multi-agent and Web Services. In: Proceedings of the 2012 International Conference on Management of e-Commerce and e-Government (ICMeCG), Beijing, China 2012. pp 220–225.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Lins, S., Sunyaev, A. (2018). Einsatz von Monitoring-basierten Messmethoden zur dynamischen Zertifizierung von Cloud-Services. In: Krcmar, H., Eckert, C., Roßnagel, A., Sunyaev, A., Wiesche, M. (eds) Management sicherer Cloud-Services. Springer Gabler, Wiesbaden. https://doi.org/10.1007/978-3-658-19579-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-658-19579-3_16
Published:
Publisher Name: Springer Gabler, Wiesbaden
Print ISBN: 978-3-658-19578-6
Online ISBN: 978-3-658-19579-3
eBook Packages: Business and Economics (German Language)