Abstract
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.
Original language | English |
---|---|
Pages (from-to) | 213-222 |
Number of pages | 10 |
Journal | IET Software |
Volume | unknown |
Issue number | 3 |
DOIs | |
Publication status | Published - 1 Jun 2019 |
Keywords
- European General Data Protection Regulation
- GDPR
- Cloud-based systems
- Privacy
- Security
- SLA
Project and Funding Information
- Project ID
- info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
- info:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACT
- Funding Info
- The research leading to these results has received_x000D_ funding from the European Union’s Horizon 2020 research_x000D_ and innovation programme under grant agreement No 644429_x000D_ and No 780351, MUSA project and ENACT project,_x000D_ respectively. We would also like to acknowledge all the_x000D_ members of the MUSA Consortium and ENACT Consortium_x000D_ for their valuable help.