Service level agreement‐based GDPR compliance and security assurance in(multi)Cloud‐based systems

Rios, Erkuden; Iturbe, Eider; Larrucea, Xabier; Rak, Massimiliano; Mallouli, Wissam; Dominiak, Jacek; Muntes, Victor; Matthews, Peter; González, Luis Muñiz

doi:10.1049/iet-sen.2018.5293

Cited by 28 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It enables the production of an audit trail for cloud providers through a fully distributed, secure and consensus-based approach [23]. A framework for supporting cloud users in designing and deploying multi-cloud systems was presented in [25]. Although the framework made use of GDPR rules for ensuring data privacy of cloud users, it lacked a Blockchain-based technique to automatically verify such rules on processing activities carried out by providers on user data.…”

Section: Related Workmentioning

confidence: 99%

Compliance Checking of Cloud Providers: Design and Implementation

Barati

Adu-Duodu

Rana

et al. 2023

Distrib. Ledger Technol.

View full text Add to dashboard Cite

The recognition of capabilities supplied by cloud systems is presently growing up. Collecting or sharing healthcare data and sensitive information especially during Covid-19 pandemic has motivated organizations and enterprises to leverage the upsides coming from cloud-based applications. However, the privacy of electronic data in such applications remains a significant challenge for cloud vendors to adapt their solutions with existing privacy legislation standards such as general data protection regulation (GDPR). This paper, first, proposes a formal model and verification for data usage requests of providers in a cloud composite service using a model checking tool. A cloud pharmacy scenario is presented to illustrate the connectivity of providers in the composite service and the stream of their requests for both collection and movement of patient data. A set of verification is, then, undertaken over the pharmacy service in accordance with three significant GDPR obligations, namely user consent, data access and data transfer. Following that, the paper designs and implements a cloud container virtualization based on the verified formal model realising GDPR requirements. The container makes use of some enforcement smart contracts to only proceed the providers’ requests, which are compliant with GDPR. Finally, several experiments are provided to investigate the performance of our approach in terms of time, memory and cost.

show abstract

Section: Related Workmentioning

confidence: 99%

Compliance Checking of Cloud Providers: Design and Implementation

Barati

Adu-Duodu

Rana

et al. 2023

Distrib. Ledger Technol.

View full text Add to dashboard Cite

show abstract

“…Blockchain has also been considered as a technology to facilitate GDPR compliance by Aujla et al (2020) , who propose an architecture for compliance provisioning, monitoring, verification, and enforcement. For GDPR compliance, as well as security assurance, Rios et al (2019) present the DevOps framework to support the design, deployment and operation of cloud systems. The framework considers the privacy and security controls necessary to ensure transparency to end-users, third parties involved in service provision, and authorities.…”

Section: Related Workmentioning

confidence: 99%

GDPRValidator: a tool to enable companies using cloud services to be GDPR compliant

Cambronero

Martínez

Cebrián

et al. 2022

PeerJ Computer Science

View full text Add to dashboard Cite

This article presents a tool called GDPRValidator that aims to assist small and medium-sized enterprises (SMEs) that have migrated their services, or a part of them, to the cloud to be General Data Protection Regulation (GDPR) compliant when they manage and store employees’ or customers’ data in the cloud. As these companies have a limited budget to hire legal experts to guide them in complying with GDPR, the main objective of this tool is to help SMEs to be more competitive by saving a considerable amount of money. By using GDPRValidator, these companies can learn and begin the GDPR compliance process by themselves and decide whether it will be necessary to hire GDPR legal experts in the end. GDPRValidator implements a process that aids companies in compliance analysis and validation and generates a series of documents with recommendations. These documents do not guarantee full GDPR compliance, but they can help the company better understand the regulation and improve its data management strategies. In order to validate the efficiency and efficacy of the tool, two SMEs have used it and provided feedback about its perceived ease of use and its perceived usefulness for understanding and complying with GDPR. The results of the validation showed that, for both companies, the degree of perceived usefulness and ease of use of GDPRValidator is quite good. All the scores expressed agreement.

show abstract

“…Rios et al [19] proposed a new DevOps architecture intended at assisting Cloud consumer in deploying, designing and functioning (multi) Cloud systems which contain the required security and privacy controls to ensure law enforcement authorities, transparency for end users and third-party in service provisions. The architecture is based on the risk driven requirement at implementation time of security and privacy levels objective in the continuous enforcement and service level agreement and observing at run-time.…”

Section: Review Of Existing Security Related Solutions For Multi-cloud Architecturesmentioning

confidence: 99%

An Analysis of Privacy Preserving Data Storage and Retrieval Approaches in Heterogeneous Multi-cloud Architectures

Suganya¹,

Sasipraba²

2021

INDJCSE

View full text Add to dashboard Cite

Cloud storage and retrieval are considered essential services of cloud computing (CC), which enables the data owner to store the data from the local computing systems to the cloud. Though cloud storage provides several benefits such as minimal cost and short turnaround time, data security is found to be a highly challenging and difficult process. One of the effective solutions to avoid data loss related to security risks is the concurrent usage of multi-cloud. The multi-cloud allows the data owner to easily access their data from remote areas via the web interfaces offered by Amazon EC2. However, even if such multi-cloud environments are susceptible to security attacks, it would bring irreversible challenges to the owners namely integrity, availability, and confidentiality of data. In order to resolve these issues, several privacy preserving data storage and retrieval models are presented in the literature to store data securely and reduce the computational resources. In this view, this study performs a review of existing state of art data storage and retrieval approaches for heterogeneous multi-cloud architectures. The reviewed methods are investigated based on their objectives, underlying techniques, implementation data, and evaluation parameters. Besides, a comparative results analysis of few of the reviewed models takes place. Finally, a discussion along with the possible future direction is given to enable the readers to find the research problem.

show abstract

Service level agreement‐based GDPR compliance and security assurance in(multi)Cloud‐based systems

Cited by 28 publications

References 11 publications

Compliance Checking of Cloud Providers: Design and Implementation

Compliance Checking of Cloud Providers: Design and Implementation

GDPRValidator: a tool to enable companies using cloud services to be GDPR compliant

An Analysis of Privacy Preserving Data Storage and Retrieval Approaches in Heterogeneous Multi-cloud Architectures

Contact Info

Product

Resources

About