Auditing the Cloud

March 19, 2012 (at 10 a.m.)

The rapid evolution of cloud based computing is often used to illustrate a possible paradigm shift in computing. The centralized processing and storing of data allows the development of new architectural approaches as well as completely new usage experiences. As fast as the technological development enables new usage scenarios, as fast arise adoption issues from a security point of view.

This workshop enables IT security practitioners to respond to corresponding adoption challenges by presenting new security models which address the changed information security requirements and threat models of cloud computing. These approaches are developed based on ERNW security models, risk and trust metrics, case studies from real-world projects, and war stories from security evaluations of cloud environments. The workshop enables the participants to make founded decisions about requests for cloud usage, decide whether the requested usage can be realized in compliance with the company’s security objectives, and what to respond to their CEO/CIO/business units once they come up with the idea to “move to the cloud”.

Target Audience:

Auditing the Cloud Agenda

Cloud Computing Basics


Main Resulting Risks, based on:

Trust and Audit Metrics

Cloud Security

Guidance and Governance


Many additional topics can be covered on request and are provided in appendices of the core course material.

Matthias Luft

Matthias Luft is a security researcher and heads the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization, and network security) while keeping up with the daily consulting and assessment work.