Abstract
Cloud computing has emerged as a promising technology to drive innovation and leverage business development in various sectorial applications. Large scale enterprises and SMEs take advantage of cloud computing in order to benefit from cost-effective technological deployments allowing flexibility and scalability, and to offer added value solutions to their customers. However, customers’ perceptions of the risks affecting data and IT governance, especially in complex service provision ecosystems, result in a lack of trust in the ability of the providers to handle their assets in a responsible way. This paper elaborates on the general aspects of an accountability-based approach, which can facilitate organisations dealing with the cloud to comply with applicable legislation and provide more evidence that confidential and/or personal data are handled in accordance with relevant data protection legislation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that accountability does not itself address important issues concerned with information security properties such as integrity, confidentiality and availability. However, this is only done indirectly by demonstrating that such properties are reflected within the designed system or service (which of course they might not be). Evidence supporting specific claims is necessary in order to assess how systems and services met specific requirements.
- 2.
Article 29 Data Protection Party has issued various documents on different aspects of Binding Corporate Rules, e.g. Explanatory Document on the Processor Binding Corporate Rules [12].
- 3.
- 4.
- 5.
- 6.
- 7.
References
European Commission: Unleashing the potential of cloud computing in Europe. COM529 (2012)
Cloud Security Alliance: The notorious nine: cloud computing top threats in 2013. CSA Top Threats Working Group (2013)
European Network and Information Security Agency: Cloud computing: benefits, risks and recommendations for information security. ENISA report (2009)
Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability. 00062/10/EN WP 173 (2010)
Article 29 Data Protection Working Party: Opinion 05/2012 on Cloud Computing. 01037/12/EN WP 196 (2012)
Kuan Hon, W., Kosta, E., Christopher, M., Stefanatou, D.: Cloud accountability: the likely impact of the proposed EU data protection regulation. Queen Mary School of Law Legal Studies, Research Paper No. 172/2014; Tilburg Law School, Research Paper No. 07/2014
International Data Corporation (IDC): Quantitative estimates of the demand for cloud computing in Europe and the likely barriers to up-take, July (2012)
Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N.: Bringing accountability to the cloud: addressing emerging threats and legal perspectives. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 28–40. Springer, Heidelberg (2013)
Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), Proceedings, pp. 327–332. IEEE Computer Society (2013)
Georgia Tech Information Security Center (GTISC) and Georgia Tech Research Institute (GTRI): Emerging cyber threats report 2014. Georgia Institute of Technology, Georgia Tech Cyber Security Summit (2013)
Organisation of Economic Cooperation and Development (OECD): The future of internet economy: a statistical profile. OECD Report, June 2011
Article 29 Data Protection Working Party: Explanatory document on the processor binding corporate rules. 00658/13/EN WP 204 (2013)
Article 29 Data Protection Working Party: Opinion 01/2012 on the data protection reform proposals. 00530/12/EN WP 191 (2012)
Reed, C.: Cloud governance: the way forward. In: Millard, C. (ed.) Cloud Computing Law. Oxford University Press, Oxford (2013)
Drago I., Mellia M., Munafo M.M., Sperotto A., Sadre R., Pras A.: Inside dropbox: understanding personal cloud storage services. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference (IMC’12), pp. 481–494. ACM, New York (2012)
Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST special publication, 500-292 (2011)
A4Cloud: MS:C-2.3 conceptual framework. Milestone Report, May 2014
A4Cloud: D:C-3.1 requirements for cloud interoperability. Public Deliverable, November (2013)
Hogben G., Dekker M.: Procure secure, a guide to monitoring of security service levels in cloud contracts. European Network and Information Security Agency (ENISA) Report (2012)
Hogben G., Pannetrat A.: Mutant apples: a critical examination of cloud SLA availability definitions. In: IEEE 5th International Conference Cloud Computing Technology and Science (CloudCom), December 2013
Ardagna A.C., et al.: Primelife policy language (2009). http://www.w3.org/2009/policy-ws/papers/Trabelisi.pdf
OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013)
ISO/IEC NP 19086, Information technology - Distributed application platforms and services - Cloud computing - Service level agreement (SLA) framework and terminology. Under development, November (2013)
Acknowledgments
This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD – http://www.a4cloud.eu/) Cloud Accountability Project. We would like to thank our project partners and colleagues who provided valuable comments to early drafts of this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Tountopoulos, V., Felici, M., Pannetrat, A., Catteddu, D., Pearson, S. (2014). Interoperability Analysis of Accountable Data Governance in the Cloud. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2014. Communications in Computer and Information Science, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-12574-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-12574-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12573-2
Online ISBN: 978-3-319-12574-9
eBook Packages: Computer ScienceComputer Science (R0)