IT Strategy and Management


More and more companies are making use of Cloud Computing Services in order to reduce costs and to increase theflexibility of their IT infrastructures. Currently, the focus is shifting towards problems of risk and compliance which includeas well the realm of Cloud Computing security. For instance, since the storage locations of data may shift or remain unknownto the user, the problem of the applicable jurisdiction arises and impede the adoption and management of Cloud ComputingServices. Therefore, companies need new methods to avoid being fined for compliance violations, to manage risk factors aswell as to manage processes and decision rights. This paper presents a reference model that serves to support companies inmanaging and reducing risk and compliance efforts. We developed the model on the solid basis of a systematic literaturereview and practical requirements by analyzing Cloud Computing Service offers.