Accountability in Cloud Service Provision Ecosystems

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8788)

Abstract

In data protection regulation since the 1980s, accountability has been used in the sense that the ‘data controller’ is responsible for complying with particular data protection legislation and, in most cases, is required to establish systems and processes which aim at ensuring such compliance. This paper assesses this notion in the context of cloud computing, and describes how better and more systematic accountability might be provided.

Keywords

Accountability cloud computing non-functional requirements security 

References

  1. 1.
    Pearson, S., et al.: Accountability for Cloud and Other Future Internet Services. In: Proc. CloudCom 2012, pp. 629–632. IEEE (2012)Google Scholar
  2. 2.
    Mell, P., Grance, T.: The NIST Definition of Cloud Computing, NIST Special Publication 800-145 (September 2011)Google Scholar
  3. 3.
    Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (November 2009)Google Scholar
  4. 4.
    Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009)Google Scholar
  5. 5.
    Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks, pp. 3–42. Springer (2012)Google Scholar
  6. 6.
    Cloud Security Alliance: The Notorious Nine: Cloud Computing Top Threats in 2013, Top Threats Working Group (February 2013)Google Scholar
  7. 7.
    Cloud Security Alliance (CSA): Top Threats to Cloud Computing. v1.0, Cloud Security Alliance (March 2010)Google Scholar
  8. 8.
    European Parliament: Fighting Cyber Crime and Protecting Privacy in the Cloud, Directorate-General for Internal Policies (2012), http://www.europarl.euopa.eu/RegData/etudes/join/2012/475104/IPOL-IMCO_ET2012475104_EN.pdf
  9. 9.
    Landau, S.: Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations. IEEE Security & Privacy 11(4), 66–75 (2013)CrossRefGoogle Scholar
  10. 10.
    International Data Corporation (IDC): Quantitative Estimates of the Demand of Cloud Computing in Europe (2012) Google Scholar
  11. 11.
    Raab, C.: The Meaning of ‘Accountability’ in the Information Privacy Context. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 15–32. Macmillan (2012)Google Scholar
  12. 12.
    OECD: Guidelines for the Protection of Personal Data and Transborder Data Flows (1980)Google Scholar
  13. 13.
  14. 14.
    European DG of Justice (Article 29 Working Party): The future of privacy: joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data (WP168), paragraphs 74-79 (December 2009)Google Scholar
  15. 15.
    European DG of Justice (Article 29 Working Party): Opinion 3/2010 on the principle of accountability (WP 173) (July 2010), http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf
  16. 16.
    European Commission (EC): Proposal for a directive of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)Google Scholar
  17. 17.
    Center for Information Policy Leadership (CIPL): Accountability: A compendium for stakeholders. The Galway Project (2011)Google Scholar
  18. 18.
    Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (2012)Google Scholar
  19. 19.
    Papanikolaou, N., Pearson, S.: A Cross-Disciplinary Review of the Concept of Accountability. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)Google Scholar
  20. 20.
    Information Commissioner’s Office (ICO): Binding corporate rules (2012)Google Scholar
  21. 21.
    APEC Data Privacy Sub-Group: Cross-border privacy enforcement arrangement, San Francisco (2011)Google Scholar
  22. 22.
    Van Alsenoy, B.: Allocating responsibility among controllers, processors, and “everything in between”: the definition of actors and roles in Directive 95/46/EC. Computer Law & Security Review 28, 25–43 (2012)CrossRefGoogle Scholar
  23. 23.
    European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)Google Scholar
  24. 24.
    OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013)Google Scholar
  25. 25.
    Millard, C. (ed.): Cloud Computing Law. Oxford University Press (2013)Google Scholar
  26. 26.
    European DG of Justice (Article 29 Working Party): Opinion 05/12 on Cloud Computing (2012)Google Scholar
  27. 27.
    CNIL: Recommendations for Companies Planning to Use Cloud Computing Services (2012)Google Scholar
  28. 28.
    EC: Electronic Communications Sector Directive 2002/58 EC (E-Privacy Directive) (2002)Google Scholar
  29. 29.
    EC: Unleashing the Potential of Cloud Computing in Europe (2012), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF
  30. 30.
    Select Industry Group SLA Subgroup: Cloud Service Level Agreement Standardisation Guidelines, Brussels, June 24 (2014)Google Scholar
  31. 31.
    EC: Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013), http://ec.europa.eu/information_society/newsroom/cf//document.cfm?doc_id=1667
  32. 32.
  33. 33.
    Cloud Security Alliance (CSA): Security Guidance for Critical Areas of Focus in Cloud Computing, v3.0, Cloud Security Alliance (2011)Google Scholar
  34. 34.
    Pearson, S.: On the Relationship between the Different Methods to Address Privacy Issues in the Cloud. In: Meersman, R., Panetto, H., Dillon, T., Eder, J., Bellahsene, Z., Ritter, N., De Leenheer, P., Dou, D. (eds.) OTM 2013. LNCS, vol. 8185, pp. 414–433. Springer, Heidelberg (2013)Google Scholar
  35. 35.
    Liu, F., et al.: NIST Cloud Computing Reference Architecture, NIST Special Publication 500-292 (September 2011)Google Scholar
  36. 36.
    Felici, M., Pearson, S. (eds.): Conceptual Framework Final Report, D:C-2.1, A4Cloud Project (2014)Google Scholar
  37. 37.
    Felici, M., Koulouris, T., Pearson, S.: Accountability for Data Governance in Cloud Ecosystems. In: Proc. IEEE CloudCom 2013, vol. 2, pp. 327–332. IEEE (2014)Google Scholar
  38. 38.
    Guagnin, D., Hempel, L., Ilten, C.: Bridging the gap: We need to get together. In: Guagnin, D., et al. (eds.) Managing Privacy Through Accountability, pp. 102–124. Palgrave (2012)Google Scholar
  39. 39.
  40. 40.
    UK government’s National Technical Authority for Information Assurance (CESG): Cloud Security Guidance (2014), http://www.gov.uk/government/collections/cloud-security-guidance
  41. 41.
    Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. Special Publication 800-144, NIST (December 2011)Google Scholar
  42. 42.
    Radack, S. (ed.): Guidelines For Improving Security And Privacy In Public Cloud Computing. ITL Bulletin (March 2012), http://csrc.nist.gov/publications/nistbul/march-2012_itl-bulletin.pdf
  43. 43.
  44. 44.
    Horwath, C.: Enterprise Risk Management for Cloud Computing, COSO (June 2012), http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf
  45. 45.
    Butin, D., Chicote, M., Le Métayer, D.: Strong Accountability: Beyond Vague Promises. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges, pp. 343–369. Springer (2014)Google Scholar
  46. 46.
    Charlesworth, A., Pearson, S.: Developing Accountability-based Solutions for Data Privacy in the Cloud. Innovation, Special Issue: Privacy and Technology. European Journal of Social Science Research 26(1), 7–35 (2013)CrossRefGoogle Scholar
  47. 47.
    Pearson, S., Wainwright, N.: An Interdisciplinary Approach to Accountability for Future Internet Service Provision. International Journal of Trust Management in Computing and Communications (IJTMCC) 1(1), 52–72 (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Security and Cloud LabHewlett Packard LabsBristolUK

Personalised recommendations