1. SPACE
Security and Privacy Assurance Case Environment
Problem
• Cloud service provides have to comply with internal as well as external security and privacy policies
• Different security and privacy controls are deployed across cloud supply chains by cloud providers
• Limited support for operational alignment between policies and associated controls
• Current certification and auditing practices provide limited assurance to customers and third parties
Our Solution
For Cloud Service Providers
• An assurance case environment for mapping security and privacy policies to associated controls
• A software-defined storage solution for gathering evidence supporting assurance
• Structuring security and privacy policies in terms of arguments and supporting evidence gathered or
generated by specific controls and associated technical solutions deployed in the cloud
For Cloud Customers
• Evidence-based continuous assurance of the adopted cloud services and related supply chains
For Cloud Auditors
• A centralised cloud-native evidence repository for inspecting cloud supply chains
Innovation
Continuous Assurance Systemic support for continuous assurance
Evidence-Driven Assurance Linking evidence to policies
AssurOps Combining Assurance and Operations
Example of a structured
Security and Privacy Assurance Case