Data Protection-Aware Design for Cloud Services

Authors:
Sadie Creese;Paul Hopkins;Siani Pearson;Yun Shen
Affiliations:
International Digital Laboratory, University of Warwick, Coventry, UK.;International Digital Laboratory, University of Warwick, Coventry, UK.;HP Labs, Bristol, UK. BS34 8QZ;HP Labs, Bristol, UK. BS34 8QZ
Venue:
CloudCom '09 Proceedings of the 1st International Conference on Cloud Computing
Year:
2009

Citing 12
Cited 4

Protecting Free Expression Online with Freenet

IEEE Internet Computing
Web Privacy with P3p

Web Privacy with P3p
Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services

DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Privacy: What Developers and IT Professionals Should Know

Privacy: What Developers and IT Professionals Should Know
Sociotechnical Architecture for Online Privacy

IEEE Security and Privacy
Design for privacy in ubiquitous computing environments

ECSCW'93 Proceedings of the third conference on European Conference on Computer-Supported Cooperative Work
A collection of privacy design patterns

Proceedings of the 2006 conference on Pattern languages of programs
Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Rescuing IT Outsourcing: Strategic Use of Service-Level Agreements

IT Professional
Engineering Privacy

IEEE Transactions on Software Engineering
Simplified privacy controls for aggregated services: suspend and resume of personal data

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Pond: the oceanstore prototype

FAST'03 Proceedings of the 2nd USENIX conference on File and storage technologies

User Requirements for Cloud Computing Architecture

CCGRID '10 Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing
SECaaS: security as a service for cloud-based applications

Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Reference deployment models for eliminating user concerns on cloud security

The Journal of Supercomputing
Privacy management in global organisations

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Cloud is a relatively new concept and so it is unsurprising that the information assurance, data protection, network security and privacy concerns have yet to be fully addressed. This paper seeks to begin the process of designing data protection controls into clouds from the outset so as to avoid the costs associated with bolting on security as an afterthought. Our approach is firstly to consider cloud maturity from an enterprise level perspective, describing a novel capability maturity model. We use this model to explore privacy controls within an enterprise cloud deployment, and explore where there may be opportunities to design in data protection controls as exploitation of the Cloud matures. We demonstrate how we might enable such controls via the use of design patterns. Finally, we consider how Service Level Agreements (SLAs) might be used to ensure that third party suppliers act in support of such controls.