Service level agreement-based GDPR compliance and security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence...

Full description

Saved in:
Bibliographic Details
Published inIET software Vol. 13; no. 3; pp. 213 - 222
Main Authors Rios, Erkuden, Iturbe, Eider, Larrucea, Xabier, Rak, Massimiliano, Mallouli, Wissam, Dominiak, Jacek, Muntés, Victor, Matthews, Peter, Gonzalez, Luis
Format Journal Article
LanguageEnglish
Published The Institution of Engineering and Technology 01.06.2019
Subjects
cloud computing
contracts
data protection
DevOps framework
European General Data Protection Regulation
evidence collection
formal specification
GDPR compliance
law enforcement authorities
multicloud-based systems
privacy controls
quality assurance
security assurance
security controls
security level objectives
security of data
service level agreement
service provision
Special Issue: Security and Privacy in Cloud-based Systems
service provision
law enforcement authorities
multicloud-based systems
contracts
security assurance
formal specification
evidence collection
service level agreement
DevOps framework
security of data
privacy controls
security controls
quality assurance
security level objectives
data protection
European General Data Protection Regulation
cloud computing
GDPR compliance
Online AccessGet full text

Cover

More Information
Summary:Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system service level agreement and in their continuous monitoring and enforcement at runtime.
ISSN:1751-8806
1751-8814
1751-8814
DOI:10.1049/iet-sen.2018.5293