Security/Governance of Cloud Computing Users: Developing a Benchmark tool

Cloud computing emerges as a new computing model which aims to provide consistent, customized dynamic computing environments for end-users. In near future companies need only devices connected to the internet via broadband network access. Other required services like infrastructure, platforms and applications are placed off premise by cloud service providers and used on demand. Clients of such cloud services have no control or influence on the cloud service providers' IT infrastructure, because they just use the offered service as agreed in contracts. This lack of control, or Governance and also Security and Compliance issues are most often cited by costumers as an obstacle to move to the cloud. This Master Thesis picks up such concerns. In a first step standards regarding IT-Governance, Risk Management and Compliance are identified and analyzed. Based on the findings questionnaires for cloud providers and users are developed. The provider questionnaire is intended to be a part of a providers’ certification program by Cloud Suisse. The users’ assessment is mentioned as a method for potential cloud users, to identify their GRC-maturity. Based on the maturity, recommendations can be given if a cloud customer is on a stage to be cloud ready regarding Governance, Risk and Compliance issues. Finally this work is concluding, if there’s a way to support cloud users according to their most cited cloud concerns.