1 Special Focus

After Mainframe and Client-Server computing, Cloud computing is the next computing paradigm. Cloud computing is the modern version of the time-sharing computing model of 1960s but with the main difference that individuals and enterprises make use of services “out of the Internet’s Cloud” via a web browser, share computing power as well as data storage. The data disclosure from users of a Cloud and at the same time the data federation at software service providers of the Cloud facilitate the secondary use of personal data and digital content stored in this, on a massively shared scale infrastructure, e.g. for data analysis by a third party. Approaches to start the advance of secondary use and disclosure of personal data and digital content to third parties around the world show the need of solving various problems:

  1. (a)

    Legal regulations, such as SOX, HIPAA and data protection acts, may prohibit the use of the Cloud for some applications. For instance, the European Data Protection Directive limits the cross-border disclosure of personal data. An approach is to apply the strictest rules which can restrict the opportunities of cloud computing and increase its costs.

  2. (b)

    Software service providers do not offer Service Level Agreements. In spite of that the availability of the users’ data is mandatory. Enterprises will not use Cloud computing for their mission critical applications if the availability and reliability of the services of a Cloud are not guaranteed.

  3. (c)

    Even though individuals and companies can protect their information system by firewalls and intrusion detection systems, they cannot protect their business processes and data from software service providers of a Cloud. A Cloud is a black box: Security processes and data storage are hidden by the abstraction of the Cloud. Users have to trust the software service providers that they will follow the legal regulations and agreed-upon policy for using personal data and digital content.

Electronic health records (EHR) are one example. They accumulate medical data of patients to improve their availability and completion. This in turn increases the efficiency of business processes for medical services and supports the secondary use of health data, e.g. for statistics. As EHR are not tied to a single medical institution they may be offered, from enterprises, with the capacity and knowledge to maintain this kind of databases. Legislation, e.g. the US American Health Insurance Portability and Accountability Act (HIPAA) and the German Act for the Modernization of the Health Insurance by Law (GMG) usually prohibit any disclosure to third parties without the patient’s explicit agreement. Existing systems for EHR comply with this by letting the patients decide on the usage and disclosure of their data. But they fail in providing four essential safeguards. Firstly, they do not guarantee the reliability of their service and availability of the EHR. Secondly, they do not offer mechanisms to guarantee the compliance of the EHR system especially regarding the enforcement of patients’ decisions. Thirdly, patients cannot postulate or enforce obligations on further usage and disclosures of their data after an authorized disclosure. Finally, they fail to guarantee confidentiality towards the EHR system provider, who should not be able to access the data since this increases the risk of unauthorized disclosure.

The special focus “Sustainable Cloud Computing” calls for original papers on methodologies, technologies and best practices for solving the problems of reliability, compliance and data protection in cloud computing. They should contribute to sustainable Cloud computing across different domains of regulation and trust.

Contributions from research and business practice on the following (and related) topics are invited:

  • De-perimeterization and IT risk management for Cloud computing

  • Reliable and secure interaction of services

  • Authentication and authorization for Cloud computing

  • Private information processing and multi-party computing

  • Privacy-enhancing technologies for the secondary use of personal data

  • IT-compliance and data protection strategies for Cloud computing under different legislations

  • Best practices for de-perimeterization in Cloud computing

  • Economics of Cloud computing

2 Submission

Please submit papers for the sections BISE – Research Paper and BISE – State of the Art by 2010-07-01 at the latest via the journal’s online submission system (http://www.editorialmanager.com/buis/). Please observe the instructions regarding the format and size of contributions to Business & Information Systems Engineering (BISE)/WIRTSCHAFTSINFORMATIK. Papers should not exceed 10 pages; this amounts to 50,000 characters including spaces, minus 5,000 characters per page for illustrations. Detailed authors’ guidelines can be downloaded from http://www.bise-journal.org.

All papers will be reviewed anonymously (double-blind process) by several referees with regard to relevance, originality, and research quality. In addition to the editors of the journal, including those of this special focus, distinguished national and international professionals with scientific and practical backgrounds will be involved in the review process.

Complementary articles covering topics of this special focus are also more than welcome.

Accepted papers will appear identically in English and German. The English-language version will appear in Business & Information Systems Engineering (BISE), the German-language version will appear in WIRTSCHAFTSINFORMATIK. Accepted papers will be translated in close cooperation with the authors and a professional team of translators.

3 Schedule

Submission deadline: 2010-07-01

Author notification: 2010-08-26

Completion of first revision: 2010-10-28

Author notification: 2010-12-16

Completion of a second revision (if needed, monolingual): 2011-01-20

Completion of a second revision (if needed, bilingual): 2011-02-17

Planned publication date of Issue 3/2011: June 2011.