Massimo Felici

Accountability for Data Governance in Cloud Ecosystems

Accountability has emerged as a critical concept related to data protection in cloud ecosystems. It is necessary to maintain chains of accountability across cloud ecosystems. This is to enhance the confidence in the trust that cloud actors have while operating in the cloud. This paper is concerned with accountability in the cloud. It presents a conceptual model, consisting of attributes, practices and mechanisms for accountability in the cloud. The proposed model allows us to explain, in terms of accountability attributes, cloud-mediated interactions between actors. This forms the basis for characterizing accountability relationships between cloud actors, and hence chains of accountability in cloud ecosystems.

A Metamodel for Measuring Accountability Attributes in the Cloud

Cloud governance, and in particular data governance in the cloud, relies on different technical and organizational practices and procedures, such as policy enforcement, risk management, incident management and remediation. The concept of accountability encompasses such practices, and is essential for enhancing security and trustworthiness in the cloud. Besides this, proper measurement of cloud services, both at a technical and governance level, is a distinctive aspect of the cloud computing model. Hence, a natural problem that arises is how to measure the impact on accountability of the procedures held in practice by organizations that participate in the cloud ecosystem. In this paper, we describe a metamodel for addressing the problem of measuring accountability properties for cloud computing, as discussed and defined by the Cloud Accountability Project (A4Cloud). The goal of this metamodel is to act as a language for describing: (i) accountability properties in terms of actions between entities, and (ii) metrics for measuring the fulfillment of such properties. It also allows the recursive decomposition of properties and metrics, from a high-level and abstract world to a tangible and measurable one. Finally, we illustrate our proposal of the metamodel by modelling the transparency property, and define some metrics for it.

Bringing Accountability to the Cloud: Addressing Emerging Threats and Legal Perspectives

This paper is concerned with accountability in cloud ecosystems. The separation between data and data subjects as well as the exchange of data between cloud consumers and providers increases the complexity of data governance in cloud ecosystems, a problem which is exacerbated by emerging threats and vulnerabilities. This paper discusses how accountability addresses emerging issues and legal perspectives in cloud ecosystems. In particular, it introduces an accountability model tailored to the cloud. It presents on-going work within the Cloud Accountability Project, highlighting both legal and technical aspects of accountability.

Interoperability Analysis of Accountable Data Governance in the Cloud

Cloud computing has emerged as a promising technology to drive innovation and leverage business development in various sectorial applications. Large scale enterprises and SMEs take advantage of cloud computing in order to benefit from cost-effective technological deployments allowing flexibility and scalability, and to offer added value solutions to their customers. However, customers’ perceptions of the risks affecting data and IT governance, especially in complex service provision ecosystems, result in a lack of trust in the ability of the providers to handle their assets in a responsible way. This paper elaborates on the general aspects of an accountability-based approach, which can facilitate organisations dealing with the cloud to comply with applicable legislation and provide more evidence that confidential and/or personal data are handled in accordance with relevant data protection legislation.

Cyber Security and Privacy

Future Internet applications can be dynamically composed of atomic services, which exhibit different trustworthiness and security requirements, when being integrated into complex service chains. In that respect, research in the security field works around solutions that can ensure that security characteristics are well addressed in modern, Web-based, ICT environments, aiming to establish a level of trust and confidence on the service consumers. Towards this direction, this paper showcases the results of the EU-funded FP7 Aniketos project, in order to support the secure development life cycle of Web-based service compositions. It elaborates on the design time and runtime capabilities of the Aniketos platform to support security and trust in the specification of composite service processes, by offering service developers the ability to efficiently express their security requirements and service providers the capability to track security breaches and threats and support decisions on the appropriate

Accountability, Risk, and Trust in Cloud Services: Towards an Accountability-Based Approach to Risk and Trust Governance

In this paper we propose an approach for enhanced data protection in the cloud, based upon accountability governance. Specifically, the relationships between accountability, risk and trust are analyzed in order to suggest characteristics and means to address data governance issues involved when organizations or individuals adopt cloud computing. This analysis takes into account insights from a variety of stakeholders within cloud ecosystems obtained by running an elicitation workshop.

Cloud Accountability: Glossary of Terms and Definitions

The Glossary of Terms and Definitions captures a shared multidisciplinary understanding within the EU FP7 Cloud Accountability Project (A4Cloud). It consists of the key terms that have been identified by the A4Cloud’s Accountability Conceptual Framework. The definitions in the glossary have been drawn from relevant research literature, standards or domain specific references (e.g. data protection, cloud computing, information security, privacy, etc.). The A4Cloud’s Accountability Conceptual Framework has proposed (or revised) definitions of those terms that are central to concept of accountability (and related attributes). The glossary is the result of a collaborative effort of the A4Cloud project. The final glossary consists of over 150 terms (drawn from an initial list of over 700 terms) selected for their relevance to accountability. It consists of the core accountability terms that have been defined and used across the A4Cloud project.

Accountability for Data Governance in the Cloud

Cloud computing represents a major shift in the way Information and Communication Technology (ICT) is deployed and utilised across industries. Alongside the technological developments, organisations need to adapt to emerging operational needs associated with data governance, policy and responsibility, as well as compliance with regulatory regimes that may be multi-jurisdictional in nature. This paper is concerned with data governance in cloud ecosystems. It characterises the problem of data governance due to emerging challenges (and threats) in the cloud. It advocates an accountability-based approach for data stewardship. It defines accountability and introduces a model consisting of attributes, practices and mechanisms. The accountability model underpins an accountability framework supporting data governance. This paper also discusses emerging relationships between accountability, risk and trust. The overall objective of the proposed accountability-based approach to data governance is to support a transparent and trustworthy cloud.

An Integrated Framework for Innovation Management in Cyber Security and Privacy

This paper is concerned with increasing the impact of publicly funded research and development (R&D) in cyber security and privacy. In the context of a high level of threat, there is a pressing need for firms and institu- tions to implement innovative and robust cyber security and privacy technolo- gies. This particular challenge requires a systematic coordinated approach across both the public and private sectors. The innovation ecosystem involves complex interactions between key actors such as policy makers, incumbent service pro- viders, and new innovators, each with their own view of how to increase the impact of R&D in cyber security and privacy. Drawing on R&D literature and roadmapping theory, this paper presents a framework and research tool for establishing an integrated view of innovation management in cyber security and privacy.

What's New in the Economics of Cybersecurity?: Observational and Empirical Studies

The articles in this special issue, together with those in the companion issue, highlight the need for large, complex observational and empirical studies and represent the kind of studies that will advance our understanding of cybersecurity economics.