[German]Clouditor is a tool to support continuous cloud assurance. Developed by Fraunhofer AISEC, the Clouditor to review certifications for cloud services is now available as open source on GitHub.
Advertising
Dynamic certifications for cloud services make it possible to continuously and (partially) automatically check the critical requirements for cloud services. One result of research and development in this area called NGCert – Next Generation Certification is Clouditor. According to the GitHub description:
Clouditor is a tool which supports continuous cloud assurance. Its main goal is to continuously evaluate if a cloud-based application (built using, e.g., Amazon Web Services (AWS) or Microsoft Azure) is configured in a secure way and thus complies with security requirements defined by, e.g., Cloud Computing Compliance Controls Catalogue (C5) issued by the German Office for Information Security (BSI) or the Cloud Control Matrix (CCM) published by the Cloud Security Alliance (CSA).
This assurance tool, which checks the secure configuration of services and applications in the cloud, is now being made available by the project partners as an open source community version for the first time.
In the "NGCert" research project, the requirements for an appropriate assurance tool for testing cloud services right up to the pilot were evaluated, tested and finally developed into a "clou editor" by Fraunhofer AISEC. The clou editor currently supports over 60 checks for Amazon Web Services (AWS) and Microsoft Azure. It is based on security best practices, i.e. classifications of configuration catalogs that can be customized.
In contrast to manufacturer-bound compliance services, the clou editor is characterized by neutrality and transparency: Designed on an open source basis, the Clouditor is now also available as a community edition: https://github.com/clouditor.
