Skip to main content

Interoperability Analysis of Accountable Data Governance in the Cloud

  • Conference paper
  • First Online:
Cyber Security and Privacy (CSP 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 470))

Included in the following conference series:


Cloud computing has emerged as a promising technology to drive innovation and leverage business development in various sectorial applications. Large scale enterprises and SMEs take advantage of cloud computing in order to benefit from cost-effective technological deployments allowing flexibility and scalability, and to offer added value solutions to their customers. However, customers’ perceptions of the risks affecting data and IT governance, especially in complex service provision ecosystems, result in a lack of trust in the ability of the providers to handle their assets in a responsible way. This paper elaborates on the general aspects of an accountability-based approach, which can facilitate organisations dealing with the cloud to comply with applicable legislation and provide more evidence that confidential and/or personal data are handled in accordance with relevant data protection legislation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others


  1. 1.

    Note that accountability does not itself address important issues concerned with information security properties such as integrity, confidentiality and availability. However, this is only done indirectly by demonstrating that such properties are reflected within the designed system or service (which of course they might not be). Evidence supporting specific claims is necessary in order to assess how systems and services met specific requirements.

  2. 2.

    Article 29 Data Protection Party has issued various documents on different aspects of Binding Corporate Rules, e.g. Explanatory Document on the Processor Binding Corporate Rules [12].

  3. 3.

  4. 4.

  5. 5.

  6. 6.

  7. 7.


  1. European Commission: Unleashing the potential of cloud computing in Europe. COM529 (2012)

    Google Scholar 

  2. Cloud Security Alliance: The notorious nine: cloud computing top threats in 2013. CSA Top Threats Working Group (2013)

    Google Scholar 

  3. European Network and Information Security Agency: Cloud computing: benefits, risks and recommendations for information security. ENISA report (2009)

    Google Scholar 

  4. Article 29 Data Protection Working Party: Opinion 3/2010 on the principle of accountability. 00062/10/EN WP 173 (2010)

    Google Scholar 

  5. Article 29 Data Protection Working Party: Opinion 05/2012 on Cloud Computing. 01037/12/EN WP 196 (2012)

    Google Scholar 

  6. Kuan Hon, W., Kosta, E., Christopher, M., Stefanatou, D.: Cloud accountability: the likely impact of the proposed EU data protection regulation. Queen Mary School of Law Legal Studies, Research Paper No. 172/2014; Tilburg Law School, Research Paper No. 07/2014

    Google Scholar 

  7. International Data Corporation (IDC): Quantitative estimates of the demand for cloud computing in Europe and the likely barriers to up-take, July (2012)

    Google Scholar 

  8. Felici, M., Jaatun, M.G., Kosta, E., Wainwright, N.: Bringing accountability to the cloud: addressing emerging threats and legal perspectives. In: Felici, M. (ed.) CSP EU FORUM 2013. CCIS, vol. 182, pp. 28–40. Springer, Heidelberg (2013)

    Google Scholar 

  9. Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2013), Proceedings, pp. 327–332. IEEE Computer Society (2013)

    Google Scholar 

  10. Georgia Tech Information Security Center (GTISC) and Georgia Tech Research Institute (GTRI): Emerging cyber threats report 2014. Georgia Institute of Technology, Georgia Tech Cyber Security Summit (2013)

    Google Scholar 

  11. Organisation of Economic Cooperation and Development (OECD): The future of internet economy: a statistical profile. OECD Report, June 2011

    Google Scholar 

  12. Article 29 Data Protection Working Party: Explanatory document on the processor binding corporate rules. 00658/13/EN WP 204 (2013)

    Google Scholar 

  13. Article 29 Data Protection Working Party: Opinion 01/2012 on the data protection reform proposals. 00530/12/EN WP 191 (2012)

    Google Scholar 

  14. Reed, C.: Cloud governance: the way forward. In: Millard, C. (ed.) Cloud Computing Law. Oxford University Press, Oxford (2013)

    Google Scholar 

  15. Drago I., Mellia M., Munafo M.M., Sperotto A., Sadre R., Pras A.: Inside dropbox: understanding personal cloud storage services. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference (IMC’12), pp. 481–494. ACM, New York (2012)

    Google Scholar 

  16. Liu, F., Tong, J., Mao, J., Bohn, R., Messina, J., Badger, L., Leaf, D.: NIST cloud computing reference architecture. NIST special publication, 500-292 (2011)

    Google Scholar 

  17. A4Cloud: MS:C-2.3 conceptual framework. Milestone Report, May 2014

    Google Scholar 

  18. A4Cloud: D:C-3.1 requirements for cloud interoperability. Public Deliverable, November (2013)

    Google Scholar 

  19. Hogben G., Dekker M.: Procure secure, a guide to monitoring of security service levels in cloud contracts. European Network and Information Security Agency (ENISA) Report (2012)

    Google Scholar 

  20. Hogben G., Pannetrat A.: Mutant apples: a critical examination of cloud SLA availability definitions. In: IEEE 5th International Conference Cloud Computing Technology and Science (CloudCom), December 2013

    Google Scholar 

  21. Ardagna A.C., et al.: Primelife policy language (2009).

  22. OASIS: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013)

    Google Scholar 

  23. ISO/IEC NP 19086, Information technology - Distributed application platforms and services - Cloud computing - Service level agreement (SLA) framework and terminology. Under development, November (2013)

    Google Scholar 

Download references


This work has been partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD – Cloud Accountability Project. We would like to thank our project partners and colleagues who provided valuable comments to early drafts of this paper.

Author information

Authors and Affiliations


Corresponding author

Correspondence to Vasilios Tountopoulos .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Tountopoulos, V., Felici, M., Pannetrat, A., Catteddu, D., Pearson, S. (2014). Interoperability Analysis of Accountable Data Governance in the Cloud. In: Cleary, F., Felici, M. (eds) Cyber Security and Privacy. CSP 2014. Communications in Computer and Information Science, vol 470. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12573-2

  • Online ISBN: 978-3-319-12574-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics