Interoperability Analysis of Accountable Data Governance in the Cloud

  • Vasilios TountopoulosEmail author
  • Massimo Felici
  • Alain Pannetrat
  • Daniele Catteddu
  • Siani Pearson
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 470)


Cloud computing has emerged as a promising technology to drive innovation and leverage business development in various sectorial applications. Large scale enterprises and SMEs take advantage of cloud computing in order to benefit from cost-effective technological deployments allowing flexibility and scalability, and to offer added value solutions to their customers. However, customers’ perceptions of the risks affecting data and IT governance, especially in complex service provision ecosystems, result in a lack of trust in the ability of the providers to handle their assets in a responsible way. This paper elaborates on the general aspects of an accountability-based approach, which can facilitate organisations dealing with the cloud to comply with applicable legislation and provide more evidence that confidential and/or personal data are handled in accordance with relevant data protection legislation.


Accountability Governance Interoperability Cloud computing 



This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD – Cloud Accountability Project. We would like to thank our project partners and colleagues who provided valuable comments to early drafts of this paper.


  1. 1.
    European Commission: Unleashing the potential of cloud computing in Europe. COM529 (2012)Google Scholar
  2. 2.
    Cloud Security Alliance: The notorious nine: cloud computing top threats in 2013. CSA Top Threats Working Group (2013)Google Scholar
  3. 3.
    European Network and Information Security Agency: Cloud computing: benefits, risks and recommendations for information security. ENISA report (2009)Google Scholar
  4. 4.
    Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability. 00062/10/EN WP 173 (2010)Google Scholar
  5. 5.
    Article 29 Data Protection Working Party: Opinion 05/2012 on Cloud Computing. 01037/12/EN WP 196 (2012)Google Scholar
  6. 6.
    Kuan Hon, W., Kosta, E., Christopher, M., Stefanatou, D.: Cloud accountability: the likely impact of the proposed EU data protection regulation. Queen Mary School of Law Legal Studies, Research Paper No. 172/2014; Tilburg Law School, Research Paper No. 07/2014Google Scholar
  7. 7.
    International Data Corporation (IDC): Quantitative estimates of the demand for cloud computing in Europe and the likely barriers to up-take, July (2012)Google Scholar
  8. 8.
    Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N.: Bringing accountability to the cloud: addressing emerging threats and legal perspectives. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 28–40. Springer, Heidelberg (2013)Google Scholar
  9. 9.
    Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), Proceedings, pp. 327–332. IEEE Computer Society (2013)Google Scholar
  10. 10.
    Georgia Tech Information Security Center (GTISC) and Georgia Tech Research Institute (GTRI): Emerging cyber threats report 2014. Georgia Institute of Technology, Georgia Tech Cyber Security Summit (2013)Google Scholar
  11. 11.
    Organisation of Economic Cooperation and Development (OECD): The future of internet economy: a statistical profile. OECD Report, June 2011Google Scholar
  12. 12.
    Article 29 Data Protection Working Party: Explanatory document on the processor binding corporate rules. 00658/13/EN WP 204 (2013)Google Scholar
  13. 13.
    Article 29 Data Protection Working Party: Opinion 01/2012 on the data protection reform proposals. 00530/12/EN WP 191 (2012)Google Scholar
  14. 14.
    Reed, C.: Cloud governance: the way forward. In: Millard, C. (ed.) Cloud Computing Law. Oxford University Press, Oxford (2013)Google Scholar
  15. 15.
    Drago I., Mellia M., Munafo M.M., Sperotto A., Sadre R., Pras A.: Inside dropbox: understanding personal cloud storage services. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference (IMC’12), pp. 481–494. ACM, New York (2012)Google Scholar
  16. 16.
    Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST special publication, 500-292 (2011)Google Scholar
  17. 17.
    A4Cloud: MS:C-2.3 conceptual framework. Milestone Report, May 2014Google Scholar
  18. 18.
    A4Cloud: D:C-3.1 requirements for cloud interoperability. Public Deliverable, November (2013)Google Scholar
  19. 19.
    Hogben G., Dekker M.: Procure secure, a guide to monitoring of security service levels in cloud contracts. European Network and Information Security Agency (ENISA) Report (2012)Google Scholar
  20. 20.
    Hogben G., Pannetrat A.: Mutant apples: a critical examination of cloud SLA availability definitions. In: IEEE 5th International Conference Cloud Computing Technology and Science (CloudCom), December 2013Google Scholar
  21. 21.
    Ardagna A.C., et al.: Primelife policy language (2009).
  22. 22.
    OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013)Google Scholar
  23. 23.
    ISO/IEC NP 19086, Information technology - Distributed application platforms and services - Cloud computing - Service level agreement (SLA) framework and terminology. Under development, November (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Vasilios Tountopoulos
    • 1
    Email author
  • Massimo Felici
    • 2
  • Alain Pannetrat
    • 3
  • Daniele Catteddu
    • 3
  • Siani Pearson
    • 2
  1. 1.Athens Technology Center S.A.AthensGreece
  2. 2.HP LabsBristolUK
  3. 3.Cloud Security AllianceEdinburghScotland, UK

Personalised recommendations