TRUSTED DIGITAL COMPETENCE PLATFORM

Cloud computing undoubtedly offers considerable advantages and great benefits over traditional IT operating models. Marc Andreessen penned his famous “Why Software Is Eating the World” essay in The Wall Street Journal five years ago. And yet many questions about the associated risks remain unanswered. Also the questions about liability and access to software solutions, which were provided on behalf of customers. Are escrow agreements also possible in the cloud and what needs to be considered here?

This white paper gives answers to those questions. It was created in a cooperative process between EuroCloud Switzerland, Glenfis and NCC Group experts Jamie Mackay and Charles Brooks who with great personal commitment, assumed the leading role in terms of content - elaborating every detail over several sessions with me.

We hope you’ll find it useful on your journey to successfully transforming your financial service solution into the cloud.

Zürich, September 2019

The financial services industry is confronting challenges across the globe. Externally, it must deal with new regulatory demands for greater transparency, new consumer demands, shareholders calling for faster growth and higher margins, and disruptive competition from both familiar and non-traditional actors. Internally, financial services firms grapple with legacy systems, ossified IT systems, and more.

Cloud computing offers many attractive benefits in this context. Chief among them are the ability to strengthen and streamline a firm’s IT ecosystem, lower operational costs, and shorten time-to-market windows. Cloud computing can make a wide range of financial services operations cheaper, faster, safer, and smarter. 

Yet a surprising number of firms have yet to take the plunge and implement a robust cloud strategy. Recent surveys suggestion that 43 percent of banks do not have a cloud strategy or have only started implementing basic cloud practices, Two-thirds say that fewer than half of their business lines are currently using the cloud. 

This paper will trace the drivers of change across the financial services industry to illustrate the trend towards cloud computing. Common challenges banks encounter on their drive to the cloud will then be discussed. We will conclude with some discussion of how banks can overcome these challenges.

This Whitepaper was created in a cooperative process between Guido Greber Technology Advisory from Accenture and Konstantin Yershov. Financial Services Solution Architect from Red Hat: both proven financial services and cloud management experts. 

We hope you’ll find it useful on your journey to successfully transforming your financial service solution into the cloud.

Zürich, February 2019

By using cloud services, organizations can provide their application and server landscape through a pool of resources. That there is no way around cloud solutions in terms of elasticity and competitiveness, has meanwhile penetrated to most companies. However, the migration and successive “cloudification” of the servers and services often represents a major obstacle for many companies. In many cases, it lacks or fails in a migration strategy, or in the know-how of the persons involved. An essential migration component to a cloud service provider is the automated migration of services and servers to such. In such a project, IT service providers and IT departments are equally required to contribute their experience and to keep the degree of automation very high, if possible. It is important to analyze the processes and to work out which steps can be carried out fully automatically. Without automation, there are many sources of error and little chance of success.

This document focuses on the accelerated movement of virtual servers and their applications using streaming technology to a cloud service provider. The primary consideration is the technology of the solution used and the availability and liability SLAs. In the concrete case of application, the example of the challenge of such an endeavor is shown and an attempt is made to clarify the resulting difficulties and risks.

Durch die Verwendung von Cloud Diensten bietet sich Unternehmen die Möglichkeit ihre Applikations- und Serverlandschaft über einen Pool von Ressourcen bereitzustellen. Dass in Sachen Elastizität und Wettbewerbsfähigkeit kein Weg an Cloud Lösungen vorbeiführt, ist mittlerweile zu den meisten Unternehmen durchgedrungen. Die Migration und sukzessive “Cloudifizierung” der Server und Services stellt allerdings für viele Firmen oftmals einen großen Hemmschuh dar. Vielfach fehlt oder scheitert es an einer Migrationsstrategie, bzw. am Know-how der handelnden Personen. Eine wesentliche Migrations- Komponente zu einem Cloud Service Provider stellt das automatisierte migrieren der Services und Server zu einem solchen dar. Bei einem derartigen Vorhaben sind IT-Dienstleister und IT–Abteilungen gleichermaßen gefordert ihre Erfahrung einzubringen und den Automatisierungsgrad nach Möglichkeit sehr hoch zu halten. Wichtig ist dabei, die Abläufe zu analysieren und herauszuarbeiten welche Schritte vollautomatisch durchgeführt werden können. Denn ohne Automatisierung gibt es erheblich viele Fehlerquellen und kaum Erfolgsaussichten.

Dieses Dokument fokussiert sich auf das beschleunigte Verschieben von virtuellen Servern und deren Applikationen mittels Streaming Technologie zu einem Cloud Service Provider. Primär wird dabei die Technologie der verwendeten Lösung und die SLAs betreffend Verfügbarkeit und Haftung betrachtet. Im konkreten Anwendungsfall wird durch ein Beispiel die Herausforderung eines solchen Unterfangens gezeigt und versucht, die dabei entstehenden Schwierigkeiten und Risiken zu verdeutlichen.

The following article represents the first part of a three-part series on cloud service certifications and personal certifications in the area of cloud computing along with their importance and areas of application, with a focus on EuroCloud StarAudit.

This first part deals with the topic of cloud brokerage, covering the definition of terms, various business models and challenges of cloud brokers and their approaches to solutions.

The second article discusses the need for and business case of cloud service certifications as well as the difference between certifications and quality seals or attestations. It also includes a market overview featuring basic descriptions of the individual certifications and selected or publicly accessible requirement catalogues. These catalogues are then compared to the requirement catalogue of the EuroCloud StarAudit certification.

The third and last article deals with the importance and significance of personal certifications and presents the StarAudit Academy, its individual accreditations and their added value.

The aim of this series of articles is to raise awareness and demonstrate the need for and undeniable benefits of cloud service certifications such as EuroCloud StarAudit.

This guideline was created over the course of more than one year in a cooperative process between EuroCloud and the author Mr. Norbert Fesel, whom I wish to thank for the efforts.

I hope that you enjoy reading this guideline and can benefit from it in your day-to-day work.

The opportunities in the cloud computing sector are characterized by rapid growth. This development is based on manyfold causes from both a technical and monetary point of view. Cloud solutions have become important competitive factors in the hosting industry and data center operators. The growing supply of cloud providers and their quality also increases the pressure on on-premises data centers, which inevitably causes many IT departments to be compared and measured against external cloud providers.

Cloud computing offers companies many new opportunities, but at the same time presents them with new challenges. Today, many decision makers of medium-sized and large companies consider cloud services to be important and necessary in order to optimize their own business processes and to be future-proof and competitive. In many cases, the question of data security and compliance is asked in this context and triggers uncertainty and discomfort in the participants.

This document focuses on the backup, failover, and recovery of a virtual component (server) to a cloud service provider, and considers primarily the security aspect of interfaces, as well as any weaknesses and risks of such solutions. In the case of specific application, the example of the challenge of such an endeavor is shown and an attempt is made to clarify the resulting challenges and risks.

Cloud computing is not only driving digital transformation across the public and private sectors today, it’s also the engine behind the Internet of Things (IoT). Keeping up with the pace of change, many businesses have integrated cloud-based solutions to remain competitive, while others are just getting started. Nevertheless, there’s still a reluctance among senior decision makers to fully embrace cloud technology. Executives worry about cyber security, data privacy, third-party risk posed by cloud providers and crossborder data transfer risks.

This paper shines some light on these key risks and concerns so that you can make appropriate and riskaware choices when considering cloud computing services. You’ll find the white paper offers insight into: cloud security risk; data privacy and cross-border compliance issues; and certification to mitigate third-party risk.

By outlining the risks and concerns of the various forms of cloud computing, the white paper provides you with a better understanding of the key issues to address when considering the adoption of cloud services. This white paper was created in a cooperative process between EuroCloud Switzerland, Glenfis and the various experts from KPMG Switzerland: Reto Grubenmann, Dr. Matthias Bossardt, Prafull Sharma, Michael Nordhoff, Reto Mathys, Saner Çelebi and Nienke Meester. Special thanks go out to Reto Grubenmann from KPMG Switzerland, who with great personal commitment, assumed the leading role in terms of content – elaborating every detail over several sessions with me.

We hope you’ll find the content useful on your journey to successfully integrating cloud solutions and transforming your enterprise.

Zurich, April 2018

As Stephen Hawking said, we are all now connected by the Internet, like neurons in a giant brain. Since the introduction of Internet, technology improved and formed new industries by dramatically changing how people communicate, interact and access information. Since Amazon launched its Elastic Compute Cloud (EC2) service, back in 2006 the term cloud computing started to involve in commercial areas. Part of the cloud motion is the introduction of Serverless computing known as Function-as-a-Service (FaaS). Nevertheless, providing or using cloud services makes it necessary to deliver or rely on a formal framework to guarantee a certain quality of service. Especially new emerging cloud services often lack appropriate service levels or terms of service. Serverless computing is one of the latest products on the market; therefore, it is an

interesting topic to assess Serverless computing solutions of major Cloud Service Providers in terms of cloud service level agreement and management. The evaluation of Serverless computing solutions in this paper will follow the criteria given by the latest version of ISO/IEC 19086-1:2016 “Cloud computing service level agreement (SLA) framework”.

Cloud computing has become an essential element of the IT sourcing strategy for many companies.

IT, legal and procurement staff in these companies are therefore faced with the fact that comprehensive know-how in many areas — not only in technology — is now necessary if cloud services are to be used responsibly, economically and in a way that is legally compliant with the locally applicable regulation frameworks.

The strategically planned introduction and use of cloud services inevitably requires the topic of data protection to be taken into consideration from the very beginning. For with the use of cloud services, data — and in particular personal data — are transmitted to third parties for processing.

The European General Data Protection Regulation (GDPR) that will become binding in all EU countries on 25 May 2018 establishes fundamental and modern technical, economic and legal framework conditions. With it, the EU is sending a clear and globally recognisable signal showing how a society can react to quickly developing technical possibilities and their consequences for the people within it. The resulting challenges for providers and users of modern IT services alike should not be underestimated, and to prepare for these challenges ahead of time is a must.

The Cloud Privacy Check (CPC) is one element of the stream “Cloud Know-how” launched by EuroCloud Europe to present a seemingly complex topic in a way that is understandable to the affected parties and describe suitable and practicable courses of action.

The CPC does not replace legal expertise, but it structures and simplifies a complex subject without the loss of essential information. The CPC organises the questions asked by cloud users that cloud providers need to answer in order to make data protection in the context of the use of cloud services transparent and comprehensible, a further fundamental requirement of the General Data Protection Regulation (Art. 5 GDPR).

The Cloud Privacy Check was developed by the authors and verified within the European CPC Network, a network of lawyers. It is the result of a cooperation between law offices in around 30 countries. The information provided here, i.e. the CPC itself and the individual country reports, can also be downloaded from the CPC website: cloudprivacycheck.eu

This guideline is intended for accountants and auditors as well for staff in the Accounting/Finance, IT and Internal Revision departments (CFOs, CIOs, IT Managers, Heads of Internal Revision) of companies subject to statutory audit.

The point of departure for this guideline is the irrefutable fact that companies are increasingly using cloud services. As soon as such services have a certain influence on the accounting processes and numbers, and can therefore affect annual accounts, they also need to be taken into consideration during auditing of the annual accounts by an auditor.

This represents a significant challenge for all involved persons — for the cloud customer, i.e. the company whose annual accounts the auditor is reviewing, as well as for the auditor.

The aim of this document is to describe the framework conditions for the use of cloud services in regard to annual accounts and the resulting requirements, and present possible solution approaches.

This guideline was created over the course of more than one year in a cooperative process between EuroCloud and the authors Markus Ramoser, Jörg Asma and Manfred Scholz, whom I wish to thank for their efforts. Special thanks go out to Markus Ramoser of PwC Austria, who assumed the leading role in terms of content and elaborated every detail in many sessions with me and with great personal commitment.

I hope that you enjoy reading this guideline and can benefit from it in your day-to-day work.

Vienna, June 2017
Dr. Tobias Höllwarth

Cloud-Computing ist zum fixen Bestandteil der IT-Sourcing-Strategie vieler Unternehmen geworden.

IT-, Legal- und Procurement-Verantwortliche in diesen Unternehmen müssen sich damit dem Umstand stellen, dass umfassendes Know-how in vielen Wissensbereichen – nicht nur in der Technik – erforderlich ist, wenn Cloud-Services verantwortungsbewusst, wirtschaftlich und rechtlich kompatibel zum lokal gültigen Rechtsrahmen eingesetzt werden sollen.

Bei strategisch geplanter Einführung und Nutzung von Cloud-Services ist unweigerlich zu Beginn das Thema Datenschutz einzubeziehen. Denn mit dem Einsatz von Cloud-Services werden Daten – und eben auch personenbezogene Daten – an andere zur Bearbeitung übergeben.

Mit der am 25. Mai 2018 in allen EU-Ländern verbindlich geltenden Europäischen Datenschutz-Grundverordnung (DS-GVO) werden auf fundamentale und moderne Weise technische, ökonomische und juristische Rahmenbedingungen gelten. Die EU setzt damit ein deutliches und weltweit erkennbares Signal, wie eine Gesellschaft auf rasant voranschreitende technische Möglichkeiten und deren Konsequenzen für die Menschen umgehen kann. Die Herausforderungen für Anbieter wie Nutzer moderner IT-Services sind nicht zu unterschätzen. Sich rechtzeitig darauf vorzubereiten ist ein „Muss“.

Der Cloud Privacy Check (CPC) ist ein Baustein im Rahmen des Streams „Cloud Know-how“, den EuroCloud Europa setzt, um ein komplex wirkendes Thema für Betroffene einfach darzustellen und eine geeignete und praktikable Handlungsweise aufzuzeigen.

Der CPC ersetzt nicht juristische Fachexpertise, aber er strukturiert und vereinfacht ein komplexes Thema ohne Verlust von wesentlichen Informationen. Der CPC ordnet damit die Fragestellungen, die Cloud-Nutzer stellen und Cloud-Provider beantworten müssen, um den Datenschutz bei der Nutzung von Cloud-Services transparent und nachvollziehbar zu machen – eine ebenfalls grundsätzliche Forderung der Datenschutz-Grundverordnung (Art. 5 DS-GVO).

Der Cloud Privacy Check wurde durch die Autoren entwickelt und im Rahmen des Europäischen CPC-Netzwerks, eines Verbunds von Rechtsanwälten, überprüft und ist damit das Ergebnis der Zusammenarbeit von Anwaltskanzleien aus rund 30 Ländern. Die hier beschriebenen Informationen, also der CPC und die Länderreports, sind auch auf der CPC-Website abrufbar: cloudprivacycheck.eu.

Liebe Leserinnen und Leser!

Die erste Ausgabe dieses Leitfadens wurde im April 2012 veröffentlicht, und mein Vorwort begann mit dem Satz: „Es gibt wenige IT-Themen, die so kontrovers diskutiert werden wie Cloud Computing.“ Vier Jahre später hat sich einiges geändert – manches blieb unverändert.

Noch immer sind wir weit von einem routinierten und standardisierten Umgang mit den Cloud-Herausforderungen entfernt – aber kontrovers ist die Diskussion nicht mehr. Die Diskussion ist auf die vielfältigen Herausforderungen fokussiert, aber dass Cloud ein Teil der digitalen industriellen Revolution ist, ein Milliardengeschäft, eine conditio sine qua non in den meisten Unternehmen, die IT nutzen – das bezweifelt niemand mehr.

Die im Vorwort 2012 genannten „Verlockungen und Herausforderungen“ sind jedoch dieselben geblieben: Auf der einen Seite locken Einsparungen durch Konsolidierung, Standardisierung und Automatisierung der IT, die eine flexible Nutzung von IT-Services über Self-Service-Portale prognostiziert. Auf der anderen Seite stellen die Sicherheit, gesetzliche Vorgaben, problematische Servicelevel Agreements, Fragen der Schnittstellen und die komplexe Umsetzung die Herausforderungen dar.

Der Druck, sich mit der Modernisierung und Ökonomisierung von Unternehmens-IT zu beschäftigen, ist größer geworden und drängt Unternehmen dazu, sich mit dem Bezug von IT-Services aus der Cloud zu beschäftigen. Der hybride IT-Ansatz (interne IT, Outsourcing und Cloud Sourcing in Kombination) wird wohl weiterhin der meistgewählte Ansatz bleiben.

EuroCloud hat bereits viele Leitlinien und Guidelines veröffentlicht. Einige technische, viele rechtliche und eben auch solche zu Organisation und Prozessen. Nicht umsonst wird der Qualitätsrahmen StarAudit mittlerweile bereits in vielen Ländern der Welt für den Vergleich von Cloud Services, für Gap-Analysen, Ausschreibungen oder klare Qualitätszusagen benutzt. EuroCloud ist mittlerweile ein Standardplayer im Cloud-Qualitätsmanagement und in der Cloud-Zertifizierung geworden. Siehe dazu staraudit.org.

Mein allergrößter Respekt und Dank gilt an dieser Stelle der hervorragenden Leistung der Co-Autoren Huber, Laux, Lindlbauer, Kramer, Schönfeldinger und Weiss, die als erfahrene Unternehmensberater, routinierte Outsourcing-Spezialisten und akkreditierte StarAudit Professionals mit diesem Dokument wohl einen der hervorragendsten Leitfäden der EuroCloud-Serie verfasst haben. 

Almost exactly three years ago, EuroCloud published the first Mobility & Cloud handbook – only a few years after the first iPad was introduced. As usual, Steve Jobs knew before anyone else what functionality many people would appreciate. And although this new type of device was initially criticised and even ridiculed, with many finding it dfficult to imagine what such a device could be good for, we are now buying more of these practical little gadgets than we are PCs or laptops. Despite their small size, consumers have now come to expect convenience and ease of use combined with high performance for professional and personal use from tablets.

Indeed, the distinction between occupational and private use of devices is becoming more and more blurred – which simultaneously means that the associated technical, organisational and legal challenges are becoming ever more complex.

This handbook covers all topics relevant to mobile computing (technology, legislation, organisation and processes) and provides checklists and procedure models as well as a market overview.

This “Enterprise Mobility Management” handbook was compiled by the following authors: Reinhard Travniček, Gerald Haidvogl and Christoph Lang-Muhr (technology), Árpád Geréd (legal aspects), and Tobias Höllwarth (organisation and processes).

If you are considering an Enterprise Mobility project for your company, we would be happy to welcome you at one of our introductory planning workshops.

Liebe Leserinnen und Leser!

Vor ziemlich genau drei Jahren präsentierte EuroCloud den ersten Mobility & Cloud Leitfaden. Nur wenige Jahre zuvor – erst im April 2010 – wurde das iPad vorgestellt. Wie immer wusste Steve Jobs früher als alle anderen, welche Funktionalität viele Menschen brauchen können. Und obwohl diese neue Geräteform anfangs noch kritisiert und belächelt wurde und sich viele nicht unmittelbar vorstellen konnten, was man mit solchen Geräten alles tun kann, kaufen Menschen mittlerweile viel mehr dieser kleinen praktischen Endgeräte als PCs oder Laptops. Trotz der verminderten Größe erwarten sie – für Berufs- und Privatleben gleichermaßen – praktisch zu benutzende und bequem zu bedienende Geräte, mit vollem Leistungsumfang.

Die Trennlinie zwischen beruflicher und privater Nutzung der Geräte wird immer fließender, was konsequenterweise heißt, dass die technischen, organisatorischen und rechtlichen Herausforderungen immer umfangreicher werden.

Dieser Leitfaden sprich sämtliche relevanten Themen (Technik, Recht, Organisation und Prozesse) an und liefert Checklisten, Vorgangsmodelle und einen Marktüberblick.

Der Leitfaden „Enterprise Mobility Management“ wurde von folgenden Autoren erstellt: Reinhard Travniček, Gerald Haidvogl und Christoph Lang-Muhr (Technisches), Árpád Geréd (Juristisches) und Tobias Höllwarth (Organisation und Prozesse).

Das Lektorat wurde wie immer mit höchster Akribie von Michaela Obermeier durchgeführt.

Sollten Sie ein Enterprise-Mobility-Projekt in Ihrem Unternehmen planen, würden wir uns freuen, Sie zu einem einführenden Planungs-Workshop einladen zu dürfen.

Dieser Leitfaden richtet sich an Wirtschaftsprüfer sowie an Verantwortliche für Rechnungswesen/Finanzen, IT und Interne Revision (CFO, CIO, IT-Leiter, Leiter Interne Revision) eines prüfungspflichtigen Unternehmens.

Ausgangspunkt dieses Leitfadens ist die unwiderlegbare Tatsache, dass Unternehmen zunehmend häufiger Cloud Services einsetzen. Sobald diese einen wesentlichen Einfluss auf das buchhalterische Zahlensystem haben – und damit auch den Jahresabschluss beeinflussen können –, müssen diese Services im Rahmen der jährlichen Prüfung des Jahresabschlusses durch einen Wirtschaftsprüfer berücksichtigt werden.

Und dies stellt eine nicht unerhebliche Herausforderung für die handelnden Personen dar. Dies gilt für den Cloud-Kunden, also das Unternehmen, dessen Jahresabschluss der Wirtschaftsprüfer beurteilt, aber auch für den Prüfer selbst.

Ziel dieses Leitfadens ist es, die Rahmenbedingungen für die Nutzung von Cloud Services unter dem Gesichtspunkt der Abschlussprüfung und der daraus resultierenden Anforderungen zu beleuchten und mögliche Lösungsansätze darzustellen.

Dieser Leitfaden wurde in mehr als einjähriger Arbeit in Kooperation zwischen EuroCloud und den Autoren Markus Ramoser, Jörg Asma und Manfred Scholz erarbeitet, denen mein Dank für die geleistete Arbeit gilt. Mein besonderer Dank geht an Markus Ramoser von PwC Österreich, der die führende inhaltliche Rolle übernommen hat und gemeinsam mit mir in vielen Arbeitssitzungen jedes Detail mit großem persönlichen Einsatz erarbeitet hat.

Wir wünschen viel Vergnügen beim Lesen und hoffen, dass Ihnen dieser Leitfaden bei Ihrer täglichen Arbeit von Nutzen ist.

Wien, Juni 2017
Dr. Tobias Höllwarth

Cloud Privacy Check: Data Privacy Compliance in the Cloud Made Easy.

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

Content of report: What is the CPC/DPC project? How does it work? Website presentation. The 2nd CPC conference. CPC in social media. CPC news 2017 archive.

This Audit Guide is a specific directive to deal with

• Contractual and formal requirements according to StarAudit Area – 2 
• Technical security and data privacy requirements StarAudit Area – 3 
• Business operation requirement StarAudit Area-4 

General remarks: This guide is prepared to reference Cloud Service Providers and Auditors as well as Cloud customer to get familiar with the high level Data Protection requirements on European Level. As main sources the editors used the following public available information by

• European Union: ec.europa.eu/justice/data- protection/document/international-transfers/transfer/index_en.htm
• SAP as sample DP directive for a Cloud Service Provider which is in line with the general understanding of EU Data Privacy requirements: www.sap.com/corporate-en/about/our-company/policies/data- privacy-and-security/index.html

Please be aware that this topic is currently under discussion by the European Commission to renew the existing Data Protection Directive eur-lex.europa.eu/legal-content/en/ALL/ originated in 1995 with several adjustments.

Please refer also to:

• http://europa.eu/rapid/press-release_MEMO-14-186_de.htm
• http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

Further on it has to be outlined, that most of the European Countries have the own additional Data Privacy Policies which have to be considered for assessment and under the pre-condition that the country of the cloud service customer who is acting as data controller is ruling the requirements and not the location of the Service provider nor the location of the service or data itself.

Innovation is the engine of an economy, and positioning for innovation is what fuels economic success. Cloud computing is clearly a major trend and major evolutionary development of the Internet that customers and suppliers alike stand to benefi t greatly from in the future. Cloud computing signifi es a dawn of a new age for the Internet, opening doors to an entirely new world for how IT is utilised. When new innovative solutions are brought to market, particularly those that distort and revolutionise an entire industry landscape, uncertainty often ensues. This uncertainty lies with new providers of course, but particularly with those that purchase and use new services that emerge from a new environment. Services that emerge from the cloud are no different and face the same uncertainties.

Cloud computing is an especially attractive option for midsized companies, often lacking the resources to individually test external providers, as it allows them to remain competitive and expand in areas, where previously they were unable. However, these companies still often do not have the suffi cient resources or expertise to personally examine the potential legal implications for the use of cloud services and how their relationships with external providers in this area should operate. The question is, how should cloud computing contracts with appropriate legal, data protection, provider, terms, be designed?

Initially, if appropriate, cloud services shall become offered and utilised transnationally. However, the often widely discussed and undying issue of security of the Internet, is an equally concerning issue within the cloud. Uncertainty over security problems in the cloud are arguably even more pertinent than the legacy concerns for the Internet as a whole, owing to the cloud’s infancy. Technological requirements for a secure service delivery are therefore absolutely essential. However, the providers partially prevailing in Europe, do not always have clear, or basic, framework conditions. A thorough audit is required for a national and European legal framework for a global service delivery from the cloud.With the launch of the EuroCloud Deutschland_eco e. V. in February 2010, a Legal Expert Group was set up to prepare for the sometimes complex legal issues surrounding cloud computing.

The aim was to provide users and providers of cloud services guidance in the areas law, data protection and compliance, and provide support. The results are evident in this guide, “Cloud Computing: Law, Data Protection & Compliance”. The technical expertise that this guide is based on, is also part of the neutral, independent certifi cation “EuroCloud Star Audit Software as a Service”, which EuroCloud Deutschland_eco e. V. began offering to the market at the start of 2011. 

We would like to thank the legal experts for the content and the eco Association of the German Internet Industry team for helping coordinate the production of the guide.

The UN Convention on the Rights of Persons with Disabilities came into force in 2008. Countries that have ratified this Convention are required to ensure that disabled people have barrier- free access to information processing systems. 

Ten percent of Germany’s population lives with a recognised physical impairment. The Internet would make it far easier for these people in particular to participate in social, cultural, and professional activities on their own terms. However, a great many websites and cloud applications are not barrier-free. Ironically, those who would benefit most from the possibilities of the cloud are the ones who can only use it with considerable difficulty, or not at all.

Disabled people are adversely confronted by objects, places, programming, and even the attitudes of other people every day – all essentially acting as barriers in their daily lives. As an extension of this, there are the attitudes of cloud service manufacturers. They often lack an awareness of the problem or the ability to create applications that can be used by all people.

People with disabilities are often instructed to use special technical aids in order to be able to operate a website and understand its content. It is not extremely difficult to program cloud applications in such a way that these tools function properly. It should be a self-evident part of the requirements catalogue that underlies any programming task.

EuroCloud wants to promote knowledge, attention, and understanding for barrier-free work in the IT world of the 21st century. Hence, we have created this guide, which has been translated into a number of languages. EuroCloud would like to extend special thanks to Mr. Mario Batusic, the author of this guide. Blind himself, Mr Batusic is an expert in the field of web and software accessibility and has been able to draw upon his personal experience and considerable knowledge to produce this insightful guide.

Vienna, June 2014

Dr. Tobias Höllwarth 
Vice President EuroCloud

Cloud, mobile and social megatrends have resulted in unprecedented levels of complexity in today’s IT environments. As a result, more components of the application delivery chain are obscured from IT and line of business owners. Performance visibility and greater operational intelligence should be paramount to all organisations amid rising systems complexity and unabated data growth. 

This is the reason why EuroCloud has decided to publish a new Whitepaper to cover this very specific and highly technological matter. EuroCloud’s focus is always on supporting the development of a healthy balance between the Cloud Provider and Consumer. This is why we focus on topics such as, legal compliance and barrier free cloud as well as more technical matters. 

We would like to support users and suppliers of cloud systems to understand the aspects and tricky areas of the measurement of Application Performance. Hence, we have created this guide, which has been translated into a number of languages.

EuroCloud would like to extend special thanks to Mr Reinhard Travniček, Managing Director at X-tech, and the author of this guide. Mr Travniček is an expert in the field of virtual desktop environments and has been able to draw upon his personal experience and considerable knowledge to produce this insightful guide.

Dr. Tobias Höllwarth
Vice President EuroCloud