Managing Information Security of Public Clouds for E-Government

At the moment, public administrations are forced to integrate public cloud services into their internal networks due to the digital transformation (e.g. AI services, collaboration, e-government etc.). Therefore, information security management must be intensified in order to comply with confidentiality, availability, integrity and data protection regulations. Although a wide range of methods, concepts and tools for cloud security have been researched and established, there is a lack of suitable management processes for information security of public clouds in this application domain among practitioners and academics. As a result, this dissertation focuses on cloud security management, cloud audits and cloud utilization. For this purpose, a dynamic process model with tool support is developed in order to systematically improve information security for adopted public cloud services in the domain of public administrations. In addition, empirical data is collected on the utilization of public cloud services in German municipal administrations and the status quo of information security. The results clearly show that public cloud services are used intensively in public administrations at municipal level, but that there are considerable deficiencies in information security concepts. The artifacts of this work make a scientific and practical contribution towards improving the resilience of digital transformation in e-government against cyberattacks on adopted clouds.