Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence...
Saved in:
Published in | IET software Vol. 13; no. 3; pp. 213 - 222 |
---|---|
Main Authors | , , , , , , , , |
Format | Journal Article |
Language | English |
Published |
The Institution of Engineering and Technology
01.06.2019
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime. |
---|---|
ISSN: | 1751-8806 1751-8814 1751-8814 |
DOI: | 10.1049/iet-sen.2018.5293 |