Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems
Research output: Contribution to journal › Article › Scientific › peer-review
Details
Original language | English |
---|---|
Pages (from-to) | 213-222 |
Number of pages | 10 |
Journal | IET Software |
Volume | 13 |
Issue number | 3 |
DOIs | |
Publication status | Published - 17 Jun 2019 |
Publication type | A1 Journal article-refereed |
Abstract
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.
Keywords
- security of data, cloud computing, contracts, data protection, formal specification, quality assurance, security assurance, European General Data Protection Regulation, evidence collection, security controls, service provision, law enforcement authorities, security level objectives, service level agreement, DevOps framework, privacy controls, GDPR compliance, multicloud-based systems