Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cloud Computing and Services Science

CLOSER 2015: Cloud Computing and Services Science pp 38–57Cite as

Accountability Through Transparency for Cloud Customers

  • Conference paper
  • First Online:

  • 759 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 581))

Abstract

Public cloud providers process data on behalf of their customers in data centres that typically are physically remote from their users. This context creates a number of challenges related to data privacy and security, and may hinder the adoption of cloud technology. One of these challenges is how to maintain transparency of the processes and procedures while at the same time providing services that are secure and cost effective. This chapter presents results from an empirical study in which the cloud customers identified a number of transparency requirements to the adoption of cloud providers. We have compared our results with previous studies, and have found that in general, customers are in synchrony with research criteria for cloud service provider transparency, but there are also some extra pieces of information that customers are looking for. We further explain how A4Cloud tools contribute to addressing the customers’ requirements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    http://a4cloud.eu.

  2. 2.

    EU FP6 project PRIME, https://www.prime-project.eu/.

  3. 3.

    EU FP7 project PrimeLife http://primelife.ercim.eu/.

References

  1. Paquette, S., Jaeger, P.T., Wilson, S.C.: Identifying the security risks associated with governmental use of cloud computing. Gov. Inf. Q. 27, 245–253 (2010)

    Article  Google Scholar 

  2. Kuo, A.M.: Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res. 13, e67 (2011)

    Article  Google Scholar 

  3. Gavrilov, G., Trajkovik, V.: Security and privacy issues and requirements for healthcare cloud computing. In: Proceedings of the ICT Innovations (2012)

    Google Scholar 

  4. AbuKhousa, E., Mohamed, N., Al-Jaroodi, J.: e-health cloud: opportunities and challenges. Future Internet 4, 621 (2012)

    Article  Google Scholar 

  5. Rodrigues, J.J., de la Torre, I., Fernandez, G., Lopez-Coronado, M.: Analysis of the security and privacy requirements of cloud-based electronic health records systems. J. Med. Internet Res. 15, e186 (2013)

    Article  Google Scholar 

  6. Ahuja, S.P., Mani, S., Zambrano, J.: A survey of the state of cloud computing in healthcare. Netw. Commun. Technol. 1, 12–19 (2012)

    Google Scholar 

  7. Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE 5th International Conference on Cloud Computing Technology and Science (CloudCom), vol. 2, pp. 327–332 (2013)

    Google Scholar 

  8. Yang, H., Tate, M.: A descriptive literature review and classification of cloud computing research. Commun. Assoc. Inf. Syst. 31, 35–60 (2012)

    Google Scholar 

  9. Onwubiko, C.: Security issues to cloud computing. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing. Computer Communications and Networks, pp. 271–288. Springer, London (2010)

    Chapter  Google Scholar 

  10. Khorshed, M.T., Ali, A.S., Wasimi, S.A.: A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Gener. Comput. Syst. 28, 833–851 (2012). Including Special sections SS: Volunteer Computing and Desktop Grids and SS: Mobile Ubiquitous Computing

    Article  Google Scholar 

  11. Durkee, D.: Why cloud computing will never be free. Commun. ACM 53, 62–69 (2010)

    Article  Google Scholar 

  12. Pauley, W.: Cloud provider transparency: an empirical evaluation. IEEE Secur. Priv. 8, 32–39 (2010)

    Article  Google Scholar 

  13. Bernsmed, K., Tountopoulos, V., Brigden, P., Rübsamen, T., Felici, M., Wainwright, N., Santana De Oliveira, A., Sendor, J., Sellami, M., Royer, J.C.: Consolidated use case report. A4Cloud Deliverable D23.2 (2014)

    Google Scholar 

  14. Jaatun, M.G., Pearson, S., Gittler, F., Leenes, R.: Towards strong accountability for cloud service providers. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 1001–1006 (2014)

    Google Scholar 

  15. Cruzes, D.S., Dybå, T.: Recommended steps for thematic synthesis in software engineering. In: Proceedings of the ESEM 2011, pp. 275–284 (2011)

    Google Scholar 

  16. Azraoui, M., Elkhiyaoui, K., Önen, M., Bernsmed, K., De Oliveira, A.S., Sendor, J.: A-PPL: an accountability policy language. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/SETOP/QASA 2014. LNCS, vol. 8872, pp. 319–326. Springer, Heidelberg (2015)

    Google Scholar 

  17. Alnemr, R., Pearson, S., Leenes, R., Mhungu, R.: Coat: cloud offerings advisory tool. In: 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 95–100 (2014)

    Google Scholar 

  18. Jaatun, M.G., Bernsmed, K., Undheim, A.: Security SLAs – an idea whose time has come? In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 123–130. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. Pulls, T.: Preserving privacy in transparency logging. Ph.D. thesis, Karlstad University Studies, vol. 28 (2015)

    Google Scholar 

  20. Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Angulo, J., Fischer-Hübner, S., Pulls, T., Wästlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Extended Abstracts in the Proceedings of the Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Republic of Korea, pp. 1803–1808. ACM (2015)

    Google Scholar 

  22. Hedbom, H., Pulls, T., Hjärtquist, P., Lavén, A.: Adding secure transparency logging to the PRIME core. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) IFIP AICT 320. IFIP AICT, vol. 320, pp. 299–314. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  23. Hedbom, H.: A survey on transparency tools for enhancing privacy. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds.) The Future of Identity. IFIP AICT, vol. 298, pp. 67–82. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Pulls, T., Peeters, R., Wouters, K.: Distributed privacy-preserving transparency logging. In: Workshop on Privacy in the Electronic Society, WPES 2013, Berlin, Heidelberg, Germany, pp. 83–94 (2013)

    Google Scholar 

  25. Kani-Zabihi, E., Helmhout, M.: Increasing service users’ privacy awareness by introducing on-line interactive privacy features. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 131–148. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  26. Kolter, J., Netter, M., Pernul, G.: Visualizing past personal data disclosures. In: ARES 2010 International Conference on Availability, Reliability, and Security. IEEE, pp. 131–139 (2010)

    Google Scholar 

  27. Becker, H., Naaman, M., Gravano, L.: Beyond trending topics: real-world event identification on twitter. In: Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media, ICWSM 2011 (2011)

    Google Scholar 

  28. Freeman, L.C.: Visualizing social networks. J. Soc. Struct. 1, 4 (2000)

    Google Scholar 

  29. Kairam, S., MacLean, D., Savva, M., Heer, J.: Graphprism: compact visualization of network structure. In: Proceedings of the International Working Conference on Advanced Visual Interfaces, ACM, pp. 498–505 (2012)

    Google Scholar 

  30. Hon, W., Millard, C., Walden, I.: Negotiating cloud contracts - looking at clouds from both sides now. Stan. Tech. L. Rev. 81 (2012). Queen Mary School of Law Legal Studies Research Paper No. 117/2012. https://journals.law.stanford.edu/stanford-technology-law-review/online/negotiating-cloud-contracts-looking-clouds-both-sides-now, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2055199

Download references

Acknowledgements

This paper is based on joint research in the EU FP7 A4CLOUD project, grant agreement no: 317550.

Author information

Authors and Affiliations

  1. Department of Software Engineering, Safety and Security, SINTEF ICT, 7465, Trondheim, Norway

    Martin Gilje Jaatun & Daniela S. Cruzes

  2. Karlstad University, 65188, Karlstad, Sweden

    Julio Angulo & Simone Fischer-Hübner

Authors
  1. Martin Gilje Jaatun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniela S. Cruzes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Julio Angulo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Simone Fischer-Hübner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Gilje Jaatun .

Editor information

Editors and Affiliations

  1. Dublin City University, Dublin 9, Ireland

    Markus Helfert

  2. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Víctor Méndez Muñoz

  3. Dell, ROUND ROCK, USA

    Donald Ferguson

A List of Requirements from Transparency Interviews

A List of Requirements from Transparency Interviews

1.1 A.1 What is Possible to do with the Data

  • The provider should show clear statements of what is possible to do with the data.

  • The provider should allow the cloud customer to choose what is possible to do with his/her data.

  • The provider should have a page that they could tell the cloud customer about security mechanisms, e.g., firewalls, backup etc.

  • The provider should have some kind of standard certification level of description or standard language that they have to make the situation easier to the buyer to evaluate which security level do we need, what is required from us and what is the provider offering.

  • The provider should have a document explaining what are the procedures to leave the service and take the data out of their servers.

  • The provider should have a document in which they describe the ownership of the data.

1.2 A.2 Conformance to Data Agreement

  • The provider should make available the technical documentation on how data is handled, how it is stored, and the procedures.

  • There should be documentation of procedures in different levels of abstraction, for example for technical staff or for cloud subjects.

  • The provider should show that they follow the data handling agreement to the type of data that is in question.

  • The provider should provide geographical information of where the data is stored.

1.3 A.3 Data Handling

  • The provider should provide functional, technical and security-related information about how they handle the data.

  • The provider should provide very good information on how the data is stored and who has access to it.

1.4 A.4 Value Chain

  • In case of using services from other parties, the provider should inform cloud customers on what the responsibilities of the parties involved in the agreement are.

  • In case of using services from other parties, the provider should inform about the existence of sub providers, where they are located, and whether they meet legal requirements of the country of the cloud customer.

1.5 A.5 Multi-tenant Services

  • The provider should inform the cloud customers on cases of multi-tenant services.

  • In case of multi-tenant services, the provider should inform how the customers are separated from each other.

  • In case of multi-tenant services, the provider should inform how they assure that data from one customer will not be accessed by another customer.

1.6 A.6 Protection of the Data

  • The provider should inform the cloud customer on how to protect the information or how the information is protected not much in detail for the end-user, but only for enterprises.

  • The provider should have a document describing the mechanisms that secure data not only for data loss but also for data privacy vulnerabilities.

1.7 A.7 Decisions

  • The cloud providers should get the consent of the cloud customer before moving the data to another country, in cases where new parties will be involved in the value chain and on changes on the initial terms of contract.

1.8 A.8 Correction of the Data

  • The cloud provider should have a document stating what are the procedures and mechanisms planned for cases of security breaches on customers’ data.

  • In case of security breaches, the cloud provider should inform the cloud customers on what happened, why did it happen, what are the procedures they are taking to correct the problem and when will services be normalized.

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Jaatun, M.G., Cruzes, D.S., Angulo, J., Fischer-Hübner, S. (2016). Accountability Through Transparency for Cloud Customers. In: Helfert, M., Méndez Muñoz, V., Ferguson, D. (eds) Cloud Computing and Services Science. CLOSER 2015. Communications in Computer and Information Science, vol 581. Springer, Cham. https://doi.org/10.1007/978-3-319-29582-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29582-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29581-7

  • Online ISBN: 978-3-319-29582-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation