{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,27]],"date-time":"2026-02-27T18:06:30Z","timestamp":1772215590352,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Fachmedien Wiesbaden GmbH","issue":"5","license":[{"start":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T00:00:00Z","timestamp":1692662400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T00:00:00Z","timestamp":1692662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["HMD"],"published-print":{"date-parts":[[2023,10]]},"DOI":"10.1365\/s40702-023-00995-9","type":"journal-article","created":{"date-parts":[[2023,8,22]],"date-time":"2023-08-22T11:02:21Z","timestamp":1692702141000},"page":"1000-1015","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["IT-Sicherheit und Compliance in heterogenen Cloud Umgebungen\u2014Compliance-as-Code als Schl\u00fcssel zur Umsetzung regulatorischer Anforderungen","IT Security and Compliance in Heterogeneous Cloud Environments\u2014Compliance-as-Code as the Key to Implementing Regulatory Requirements"],"prefix":"10.1365","volume":"60","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-4579-2342","authenticated-orcid":false,"given":"Patrick Lukas","family":"Schubert","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bernd","family":"Wachter","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"93","published-online":{"date-parts":[[2023,8,22]]},"reference":[{"key":"995_CR1","doi-asserted-by":"publisher","first-page":"11","DOI":"10.3390\/fi14010011","volume":"14","author":"Y Abdulsalam","year":"2022","unstructured":"Abdulsalam\u00a0Y, Hedabou\u00a0M (2022) Security and privacy in cloud computing: technical review. Future Internet 14:11. https:\/\/doi.org\/10.3390\/fi14010011","journal-title":"Future Internet"},{"key":"995_CR2","series-title":"arXiv preprint arXiv:2206.11187","volume-title":"Automated compliance blueprint optimization with artificial intelligence","author":"A Adebayo","year":"2022","unstructured":"Adebayo\u00a0A, Sow\u00a0D, Bulut\u00a0M (2022) Automated compliance blueprint optimization with artificial intelligence. arXiv preprint arXiv:2206.11187"},{"key":"995_CR3","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1109\/CLOUD55607.2022.00066","volume-title":"IEEE 15th&nbsp;International Conference on Cloud Computing (CLOUD), Barcelona, Spain, 2022","author":"V Agarwal","year":"2022","unstructured":"Agarwal\u00a0V, Butler\u00a0C, Degenaro\u00a0L, Kumar\u00a0A, Sailer\u00a0A, Steinder\u00a0G (2022) Compliance-as-code for cybersecurity automation in hybrid cloud. In: IEEE 15th\u00a0International Conference on Cloud Computing (CLOUD), Barcelona, Spain, 2022, S 427\u2013437 https:\/\/doi.org\/10.1109\/CLOUD55607.2022.00066"},{"key":"995_CR5","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik (2020) Kriterienkatalog Cloud Computing C5. https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Informationen-und-Empfehlungen\/Empfehlungen-nach-Angriffszielen\/Cloud-Computing\/Kriterienkatalog-C5\/kriterienkatalog-c5_node.html. Zugegriffen: 20. Juni 2023"},{"key":"995_CR4","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik (2023) IT-Grundschutz \u2013 Informationssicherheit mit System. https:\/\/www.bsi.bund.de\/DE\/Themen\/Unternehmen-und-Organisationen\/Standards-und-Zertifizierung\/IT-Grundschutz\/it-grundschutz_node.html. Zugegriffen: 20. Juni 2023"},{"key":"995_CR6","unstructured":"Bundesministerium f\u00fcr Wirtschaft und Klimaschutz (2017) AUDITOR \u2013 European cloud service data protection certification. https:\/\/www.digitale-technologien.de\/DT\/Navigation\/DE\/ProgrammeProjekte\/AktuelleStrategischeEinzelprojekte\/Auditor\/auditor.html. Zugegriffen: 20. Juni 2023"},{"key":"995_CR7","unstructured":"Cloud Security Alliance (2021) Cloud Controls Matrix (CCM). https:\/\/cloudsecurityalliance.org\/research\/cloud-controls-matrix\/. Zugegriffen: 20. Juni 2023"},{"key":"995_CR9","volume-title":"CLOUD COMPUTING 2019, The Tenth International Conference on Cloud Computing, GRIDs, and Virtualization (Venice, Italy)","author":"B Duncan","year":"2019","unstructured":"Duncan\u00a0B, Zhao\u00a0Y (2019) Cloud compliance risks. In: Westerlund\u00a0M, Duncan\u00a0B (Hrsg) CLOUD COMPUTING 2019, The Tenth International Conference on Cloud Computing, GRIDs, and Virtualization (Venice, Italy). IARIA"},{"key":"995_CR10","unstructured":"Europ\u00e4ischer Gerichtshof (2014) Vorlage zur Vorabentscheidung \u2013 Personenbezogene Daten \u2013 Schutz nat\u00fcrlicher Personen bei der Verarbeitung dieser Daten. https:\/\/eur-lex.europa.eu\/legal-content\/de\/TXT\/?uri=CELEX:62014CJ0362 (Charta der Grundrechte der Europ\u00e4ischen Union \u2013 Art. 7, 8 und 47 \u2013 Richtlinie 95\/46\/EG \u2013 Art. 25 und 28 \u2013 \u00dcbermittlung personenbezogener Daten in Drittl\u00e4nder \u2013 Entscheidung 2000\/520\/EG \u2013 \u00dcbermittlung personenbezogener Daten in die Vereinigten Staaten \u2013 Unangemessenes Schutzniveau \u2013 G\u00fcltigkeit \u2013 Beschwerde einer nat\u00fcrlichen Person, deren Daten aus der Europ\u00e4ischen Union in die Vereinigten Staaten \u00fcbermittelt wurden \u2013 Befugnisse der nationalen Kontrollstellen). Zugegriffen: 20. Juni 2023"},{"key":"995_CR11","unstructured":"Europ\u00e4ischer Gerichtshof (2020) orlage zur Vorabentscheidung \u2013 Schutz nat\u00fcrlicher Personen bei der Verarbeitung personenbezogener Daten. https:\/\/eur-lex.europa.eu\/legal-content\/de\/TXT\/?uri=CELEX:62018CJ0311 (Charta der Grundrechte der Europ\u00e4ischen Union \u2013 Art. 7, 8 und 47 \u2013 Verordnung (EU) 2016\/679 \u2013 Art. 2 Abs. 2 \u2013 Anwendungsbereich \u2013 \u00dcbermittlungen personenbezogener Daten zu gewerblichen Zwecken in Drittl\u00e4nder \u2013 Art. 45 \u2013 Angemessenheitsbeschluss der Kommission \u2013 Art. 46 \u2013 Daten\u00fcbermittlung vorbehaltlich geeigneter Garantien \u2013 Art. 58 \u2013 Befugnisse der Aufsichtsbeh\u00f6rden \u2013 Verarbeitung der \u00fcbermittelten Daten f\u00fcr Zwecke der nationalen Sicherheit durch die Beh\u00f6rden eines Drittlands \u2013 Beurteilung der Angemessenheit des im Drittland gebotenen Schutzniveaus \u2013 Beschluss 2010\/87\/EU \u2013 Standardschutzklauseln f\u00fcr die \u00dcbermittlung personenbezogener Daten in Drittl\u00e4nder \u2013 Angemessene Garantien seitens des Verantwortlichen \u2013 G\u00fcltigkeit \u2013 Durchf\u00fchrungsbeschluss (EU) 2016\/1250 \u2013 Angemessenheit des vom EU-US-Datenschutzschild gebotenen Schutzes \u2013 G\u00fcltigkeit \u2013 Beschwerde einer nat\u00fcrlichen Person, deren Daten aus der Europ\u00e4ischen Union in die Vereinigten Staaten \u00fcbermittelt wurden). Zugegriffen: 20. Juni 2023"},{"key":"995_CR12","volume-title":"Policy design in the age of digital adoption. Explore how policyops can drive policy as code adoption in an organization\u2019s digital transformation","author":"R Ferreira","year":"2022","unstructured":"Ferreira\u00a0R (2022) Policy design in the age of digital adoption. Explore how policyops can drive policy as code adoption in an organization\u2019s digital transformation. Packt, Birmingham"},{"key":"995_CR13","first-page":"53A","volume":"800","author":"J Force","year":"2022","unstructured":"Force\u00a0J (2022) Assessing security and privacy controls in information systems and organizations. NIST Special Publ 800:53A","journal-title":"NIST Special Publ"},{"key":"995_CR14","unstructured":"Google (2021) Autonomic security operations \u2013 10X transformation of the security operations center. https:\/\/services.google.com\/fh\/files\/misc\/googlecloud_autonomicsecurityoperations_soc10x.pdf. Zugegriffen: 5. Apr. 2023"},{"key":"995_CR15","unstructured":"Google (2023) Cloud Foundation Toolkit: Best Practice-Vorlagen f\u00fcr den schnellen Einstieg in Google Cloud. https:\/\/cloud.google.com\/foundation-toolkit. Zugegriffen: 5. Apr. 2023"},{"key":"995_CR16","unstructured":"Hashicorp (2023) Automate infrastructure on any cloud. https:\/\/www.hashicorp.com\/products\/terraform. Zugegriffen: 5. Apr. 2023"},{"key":"995_CR17","volume-title":"Cloud strategy. A\u00a0decision-based approach to successful cloud migration","author":"G Hohpe","year":"2020","unstructured":"Hohpe\u00a0G (2020) Cloud strategy. A\u00a0decision-based approach to successful cloud migration"},{"key":"995_CR18","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-658-31849-9","volume-title":"Manipulationssichere Cloud-Infrastrukturen. Nachhaltige Digitalisierung durch Sealed Cloud Security","author":"H J\u00e4ger","year":"2020","unstructured":"J\u00e4ger\u00a0H, Rieken\u00a0R (2020) Manipulationssichere Cloud-Infrastrukturen. Nachhaltige Digitalisierung durch Sealed Cloud Security. Springer, Wiesbaden"},{"key":"995_CR19","volume-title":"IT-Sicherheitsmanagement nach der neuen ISO 27001. ISMS, Risiken, Kennziffern, Controls","author":"H Kersten","year":"2019","unstructured":"Kersten\u00a0H, Klett\u00a0G, Reuter\u00a0J, Schr\u00f6der\u00a0K (2019) IT-Sicherheitsmanagement nach der neuen ISO 27001. ISMS, Risiken, Kennziffern, Controls. Springer, Heidelberg"},{"issue":"4","key":"995_CR20","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/s10506-017-9206-9","volume":"25","author":"J Kingston","year":"2017","unstructured":"Kingston\u00a0J (2017) Using artificial intelligence to support compliance with the general data protection regulation. Artif Intell Law 25(4):429\u2013443","journal-title":"Artif Intell Law"},{"key":"995_CR21","first-page":"17","volume-title":"Cloud-Monitor 2021","author":"KPMG","year":"2021","unstructured":"KPMG (2021) Die Goldenen Zwanziger f\u00fcr die Cloud? In: Cloud-Monitor 2021, S 17"},{"key":"995_CR22","volume-title":"Management sicherer Cloud-Services. Entwicklung und Evaluation dynamischer Zertifikate","author":"H Krcmar","year":"2017","unstructured":"Krcmar\u00a0H, Eckert\u00a0C, Ro\u00dfnagel\u00a0A, Sunyaev\u00a0A, Wiesche\u00a0M (2017) Management sicherer Cloud-Services. Entwicklung und Evaluation dynamischer Zertifikate. Springer, Berlin, Heidelberg, New York"},{"key":"995_CR23","volume-title":"Cloud security and privacy. An enterprise perspective on risks and compliance","author":"T Mather","year":"2009","unstructured":"Mather\u00a0T, Kumaraswamy\u00a0S, Latif\u00a0S (2009) Cloud security and privacy. An enterprise perspective on risks and compliance. O\u2019Reilly Media, Sebastopol"},{"key":"995_CR24","volume-title":"Infrastructure as code. Dynamic systems for the cloud age","author":"K Morris","year":"2021","unstructured":"Morris\u00a0K (2021) Infrastructure as code. Dynamic systems for the cloud age. O\u2019Reilly, Sebastopol"},{"key":"995_CR25","unstructured":"NIST (2020) The Open Security Controls Assessment Language (OSCAL): Cybersecurity standards made practical. National Institute of Standards and Technology (NIST). https:\/\/www.nist.gov\/publications\/open-security-controls-assessment-language-oscal-cybersecurity-standards-made-practical. Zugegriffen: 5. Apr. 2023"},{"key":"995_CR26","unstructured":"Potti S (2023) Supercharging security with generative AI, Google Cloud Blog. https:\/\/cloud.google.com\/blog\/products\/identity-security\/rsa-google-cloud-security-ai-workbench-generative-ai. Zugegriffen: 5. Apr. 2023"},{"key":"995_CR27","volume-title":"The Mckinsey mind","author":"E Rasiel","year":"2003","unstructured":"Rasiel\u00a0E (2003) The Mckinsey mind. McGraw-Hill, Delhi"},{"issue":"9","key":"995_CR28","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1007\/s11623-022-1656-x","volume":"46","author":"A Ro\u00dfnagel","year":"2022","unstructured":"Ro\u00dfnagel\u00a0A (2022) Internationaler Datentransfer. Datenschutz Datensich 46(9):545\u2013549","journal-title":"Datenschutz Datensich"},{"key":"995_CR29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-658-01270-0","volume-title":"Compliance Officer \u2013 Das Augsburger Qualifizierungsmodell","author":"W Schettgen-Sarcher","year":"2014","unstructured":"Schettgen-Sarcher\u00a0W, Bachmann\u00a0S, Schettgen\u00a0P (2014) Compliance Officer \u2013 Das Augsburger Qualifizierungsmodell. Springer, Berlin, Heidelberg, New York"},{"key":"995_CR30","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2022.3167481","author":"V Stirbu","year":"2022","unstructured":"Stirbu V, Raatikainen M, R\u00f6ntynen J, Sokolov V, Lehtonen T, Mikkonen T (2022) Toward multiconcern software development with everything as code. IEEE Software. https:\/\/doi.org\/10.1109\/MS.2022.3167481","journal-title":"IEEE Software"},{"issue":"6","key":"995_CR31","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1109\/MITP.2018.2877312","volume":"23","author":"T Weil","year":"2018","unstructured":"Weil\u00a0T (2018) Taking compliance to the cloud\u2014Using ISO standards (tools and techniques). IT Prof 23(6):20\u201330","journal-title":"IT Prof"},{"key":"995_CR32","first-page":"357","volume-title":"2020 IEEE\/ACM 13th\u00a0International Conference on Utility and Cloud Computing (UCC)","author":"S Werner","year":"2020","unstructured":"Werner\u00a0S, Seeger\u00a0M, Schubert\u00a0S, Kerschbaum\u00a0F, Krcmar\u00a0H (2020) Towards compliance-as-code for cloud computing. In: 2020 IEEE\/ACM 13th\u00a0International Conference on Utility and Cloud Computing (UCC), S 357\u2013362"},{"key":"995_CR33","volume-title":"Security risk management. Building an information security risk management program from the ground up","author":"E Wheeler","year":"2011","unstructured":"Wheeler\u00a0E (2011) Security risk management. Building an information security risk management program from the ground up. Elsevier, Amsterdam"}],"container-title":["HMD Praxis der Wirtschaftsinformatik"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00995-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1365\/s40702-023-00995-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-023-00995-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,10]],"date-time":"2023-11-10T16:03:49Z","timestamp":1699632229000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1365\/s40702-023-00995-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,22]]},"references-count":32,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2023,10]]}},"alternative-id":["995"],"URL":"https:\/\/doi.org\/10.1365\/s40702-023-00995-9","relation":{},"ISSN":["1436-3011","2198-2775"],"issn-type":[{"value":"1436-3011","type":"print"},{"value":"2198-2775","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,22]]},"assertion":[{"value":"29 April 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 July 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 August 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}