Blockchain-Based Reference Architecture for Automated, Transparent, and Notarized Attestation of Compliance Adaptations

Abstract

With cloud computing, organizations must comply with applicable laws, policies, and best practices. Companies typically rely on cloud service providers to implement and adopt regulations. This consulting phase is often time-consuming, costly, and not transparent. Organizations must trust the third party’s implementation and associated documentation processes. To resolve this dilemma, we present a blockchain-based reference architecture for the automated, transparent, and notarized attestation of such compliance adaptations. Before proposing a solution, our approach is to understand the underlying research context. We conduct a machine-learning-supported systematic literature review to create a knowledge base. A reference architecture, including a prototype for configuring intrusion-detection systems, is developed using design science research. A mixed-methods-based approach is used for the evaluation of the proposed architecture. A quantitative survey is then used to show that the user experience of the developed prototype can be rated as positive, with an average value of 0.7. Finally, two focus group discussions are used to analyze the presented prototype qualitatively. As a result, we demonstrate how to actively support secure and trustworthy communication between a cloud service provider and an organization applying blockchain configurations.