Abstract
The essential characteristics of cloud computing such as elasticity or broad network access provide many economic benefits for their users, but with these benefits also many security and privacy risks come along. These risks can be generally classified into legal and technical risks. The upcoming general data protection regulation by the European Commission (COM (2012) 11) strengthens the consumer’s rights with changes like a single set of European rules and more data protection obligations for organizations. Once the general data protection regulation becomes effective, organizations will have to fulfill more requirements to comply with the law, especially in situations of security breaches or issues about the life cycle and the processing of data. In this paper we describe a framework for the evaluation of cloud service providers in regard to the upcoming EU data protection regulation. The framework shall help service providers to comply with the new regulation, and shall enable consumers to evaluate the security and privacy competencies of cloud service providers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The NIST Definition of Cloud Computing - SP 800-145, National Institute of Standards and Technology (2011), http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), European Commission, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
Security Guidance for Critical Areas of Focus in Cloud Computing V3.0, Cloud Security Alliance (2011), https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
Nimis, J., Tai, S., Baun, C., Kunzem, M.: Cloud Computing: Web-basierte dynamische ITServices. Springer, Heidelberg (2011)
Technology Research, Gartner Inc., http://www.gartner.com/technology/home.jsp
National Institute of Standards and Technology (NIST), http://www.nist.gov/index.html
Cloud Security Alliance (CSA), https://cloudsecurityalliance.org/
Securing Europe‘s Information Society (ENISA), http://www.enisa.europa.eu/
Guidelines on Security and Privacy in Public Cloud Computing - SP 800-144, National Institute of Standards and Technology (2011), http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
Commission proposes a comprehensive reform of the data protection rules, European Commission, http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
Australian Government (Department of Defense), Cloud Computing Security Considerations, http://www.dsd.gov.au/infosec/cloudsecurity.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kronabeter, A., Fenz, S. (2013). Cloud Security and Privacy in the Light of the 2012 EU Data Protection Regulation. In: Yousif, M., Schubert, L. (eds) Cloud Computing. CloudComp 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 112. Springer, Cham. https://doi.org/10.1007/978-3-319-03874-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-03874-2_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03873-5
Online ISBN: 978-3-319-03874-2
eBook Packages: Computer ScienceComputer Science (R0)