Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Erkuden Rios Velasco, Eider Iturbe, Xabier Larrucea, Massimiliano Rak, Wissam Mallouli, Jacek Dominiak, Victor Muntes, Peter Matthews, Luis Gonzalez Moctezuma, Luis Gonzalez

Research output: Contribution to journalArticlepeer-review

26 Citations (Scopus)

Abstract

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.
Original languageEnglish
Pages (from-to)213-222
Number of pages10
JournalIET Software
Volumeunknown
Issue number3
DOIs
Publication statusPublished - 1 Jun 2019

Keywords

  • European General Data Protection Regulation
  • GDPR
  • Cloud-based systems
  • Privacy
  • Security
  • SLA

Project and Funding Information

  • Project ID
  • info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
  • info:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACT
  • Funding Info
  • The research leading to these results has received_x000D_ funding from the European Union’s Horizon 2020 research_x000D_ and innovation programme under grant agreement No 644429_x000D_ and No 780351, MUSA project and ENACT project,_x000D_ respectively. We would also like to acknowledge all the_x000D_ members of the MUSA Consortium and ENACT Consortium_x000D_ for their valuable help.

Fingerprint

Dive into the research topics of 'Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems'. Together they form a unique fingerprint.

Cite this