This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud Accountability Project
The project focuses on accountability as themost critical prerequisite for effectivegovernance and control of corporate and privatedata processed by cloud-based IT services.
It aims to assist cloud service providers with:
• Techniques to make services moretrustworthy
• Ways to satisfy business policies anddemonstrate compliance
• Allowing differentiation
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud Members
Industry
Community
Research
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Globalisation and new technologies• Cloud computing presents a paradigm shift in how IT is deployed and consumed
Uncertainty and lack of visibility (for consumers, clients andregulators)• Privacy and trust comes from sound stewardship of information by service providers
for which we need to hold them accountable
Regulatory complexity in global business environments,especially for cloud• Accountability addresses global interoperability
• Clear and consistent framework of data protection rules
• Allows avoidance of complex matrix of national laws and reduces unnecessary layersof complexity for cloud providers
• New technologies like cloud are straining traditional privacy frameworks
Drivers for accountability
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context
Principles,Regulations andSocietal Norms
DesignAccountability
What is the rightthing?
How to do the rightthing
Trying to getorganisations to do the
right thing
Holding them toaccount if they don’t Facilitating redress
supports
complements
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context
Principles,Regulations andSocietal Norms
DesignAccountability
What is the rightthing?
How to do the rightthing
Trying to getorganisations to do the
right thing
Holding them toaccount if they don’t Facilitating redress
supports
complements
Control over practicalaspects of compliance
Obligation to provethat principles put
into effect
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud ecosystem
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Model of Accountability
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
organisational
operational
abstract
concrete
conceptual
Conceptual model ofaccountability
With what?
How?
What?
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
Defining accountability
Accountability consists of defining
governance to comply in a
responsible manner with internal
and external criteria, ensuring
implementation of appropriate
actions, explaining and justifying
those actions and remedying any
failure to act properly.
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Observabililty
• Verifiability
• Attributability
• Transparency
• Responsibility
• Liability
• Remediation
Accountability attributes
Accountability
Attributes
Practices
Mechanisms
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Define governance
• Ensure implementation
• Explain & justify actions
• Remedy failures
Accountability practices
Accountability
Attributes
Practices
Mechanisms
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability
Attributes
Practices
Mechanisms
• Business processes
• Non-technical
instruments
• Technical tools
Accountability mechanisms
contain
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Auditing,Risk assessment, etc
Accountability
Attributes
Practices
Mechanisms
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Contracts,Legal means, etc
Accountability
Attributes
Practices
Mechanisms
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Business processes
• Non-technical
instruments
• Technical tools
Accountability Mechanisms
contain
Tracking andtransparency toolsNotification of policyviolation, etc
Accountability
Attributes
Practices
Mechanisms
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Accountability framework
• Accountability metrics• Accountability evidence
mechanisms and tools• Auditing mechanisms
and tools
• Policy compliancemechanisms and tools
• Reference architecturefor accountability
• Interoperablemechanisms and tools
What is needed
A4Cloud project
Trustworthyarchitecture
Privacyassurance
Trustassurance
GovernanceSecurityand trust
economics
Policies
Transparent
security
• Risk and trust models foraccountability
• Accountability policylanguage
• Enforcementmechanisms foraccountability
• User-centricaccountability tools
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud & CSA
A4Cloud results are relevant to a number ofnumber of CSA research, educational activities,as well as in the context of the Open CertificationFramework
The Cloud Trust Protocol (CTP) is designed to be amechanism by which cloud service clients can ask for andreceive information related to the security of the servicesthey use in the cloud, promoting transparency and trust.
100 vulnerabilities published in 2013 (NVD)9 relevant to our platform8 tested1 found exploitable (severity=6.0)Time between discovery and fix = 5 days.