Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
StatisticsView Usage Statistics
Full recordShow full item record
Author/sRios Velasco, Erkuden; Iturbe, Eider; Larrucea, Xabier; Rak, Massimiliano; Mallouli, Wissam; [et al.]
European General Data Protection Regulation
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.