Tampere University of Technology

TUTCRIS Research Portal

Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Research output: Contribution to journalArticleScientificpeer-review

Details

Original languageEnglish
Pages (from-to)213-222
Number of pages10
JournalIET Software
Volume13
Issue number3
DOIs
Publication statusPublished - 17 Jun 2019
Publication typeA1 Journal article-refereed

Abstract

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.

Keywords

  • security of data, cloud computing, contracts, data protection, formal specification, quality assurance, security assurance, European General Data Protection Regulation, evidence collection, security controls, service provision, law enforcement authorities, security level objectives, service level agreement, DevOps framework, privacy controls, GDPR compliance, multicloud-based systems

Publication forum classification

Field of science, Statistics Finland