Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Rios Velasco, ErkudenIturbe, EiderLarrucea, XabierRak, MassimilianoMallouli, WissamDominiak, JacekMuntes, VictorMatthews, PeterGonzalez Moctezuma, LuisGonzalez, Luis2019-06-01Rios Velasco , E , Iturbe , E , Larrucea , X , Rak , M , Mallouli , W , Dominiak , J , Muntes , V , Matthews , P , Gonzalez Moctezuma , L & Gonzalez , L 2019 , ' Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems ' , IET Software , vol. unknown , no. 3 , pp. 213-222 . https://doi.org/10.1049/iet-sen.2018.52931751-8806researchoutputwizard: 11556/686Publisher Copyright: © 2019 The Institution of Engineering and Technology.Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.10387883enginfo:eu-repo/semantics/openAccessService Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systemsjournal article10.1049/iet-sen.2018.5293European General Data Protection RegulationGDPRCloud-based systemsPrivacySecuritySLAEuropean General Data Protection RegulationGDPRCloud-based systemsPrivacySecuritySLAComputer Graphics and Computer-Aided DesignProject IDinfo:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSAinfo:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACTinfo:eu-repo/grantAgreement/EC/H2020/644429/EU/MUlti-cloud Secure Applications/MUSAinfo:eu-repo/grantAgreement/EC/780351/EU/Trustworthy and Smart Actuation in IoT systems/ENACTFunding InfoThe research leading to these results has received_x000D_ funding from the European Union’s Horizon 2020 research_x000D_ and innovation programme under grant agreement No 644429_x000D_ and No 780351, MUSA project and ENACT project,_x000D_ respectively. We would also like to acknowledge all the_x000D_ members of the MUSA Consortium and ENACT Consortium_x000D_ for their valuable help.The research leading to these results has received_x000D_ funding from the European Union’s Horizon 2020 research_x000D_ and innovation programme under grant agreement No 644429_x000D_ and No 780351, MUSA project and ENACT project,_x000D_ respectively. We would also like to acknowledge all the_x000D_ members of the MUSA Consortium and ENACT Consortium_x000D_ for their valuable help.http://www.scopus.com/inward/record.url?scp=85067495330&partnerID=8YFLogxK