Abstract
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.
| Original language | English |
|---|---|
| Pages (from-to) | 213-222 |
| Number of pages | 10 |
| Journal | IET Software |
| Volume | unknown |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - 1 Jun 2019 |
Keywords
- European General Data Protection Regulation
- GDPR
- Cloud-based systems
- Privacy
- Security
- SLA
Project and Funding Information
- Project ID
- info:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSA
- info:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACT
- Funding Info
- The research leading to these results has received_x000D_funding from the European Union’s Horizon 2020 research_x000D_and innovation programme under grant agreement No 644429_x000D_and No 780351, MUSA project and ENACT project,_x000D_respectively. We would also like to acknowledge all the_x000D_members of the MUSA Consortium and ENACT Consortium_x000D_for their valuable help.