TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Tutkimustuotosvertaisarvioitu

Yksityiskohdat

AlkuperäiskieliEnglanti
Sivut213-222
Sivumäärä10
JulkaisuIET Software
Vuosikerta13
Numero3
DOI - pysyväislinkit
TilaJulkaistu - 17 kesäkuuta 2019
OKM-julkaisutyyppiA1 Alkuperäisartikkeli

Tiivistelmä

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.

Tutkimusalat

Julkaisufoorumi-taso