The cloud can be ruled out as the cause of most security problems according to the 2017 IT Security Study carried out by eco, the Association of the Internet Industry. Still, security concerns often deter small and medium-sized companies especially from using cloud services more intensely. Adequate security certificates do exist, but following a one-time check, they are often granted for one to three years – forever in the IT world.
Dynamic certificates that constantly perform checks could solve this problem. Researchers at the Technical University (TU) of Munich have developed a model that makes this possible from both an organizational and technical perspective. The location of the cloud provider’s computer is also checked. After all, a survey of 100 IT specialists in various companies revealed that they believe it is very important for their data to be stored on servers within Germany. Another plus is the modularity of the model: "There are many individual software components that can be continuously changed independently of one another after the certificate is initially issued," according to Professor Helmut Krcmar, chair of business informatics at TU. This technique allows changes to legislation to be incorporated right away. The project team has already developed initial ideas for independent certification services.