Privacy Risk, Security, Accountability in the Cloud

Migrating data, applications or services to the cloud exposes a business to a number of new threats and vulnerabilities, which need to be properly assessed. Assessing privacy risk in cloud environments remains a complex challenge, mitigation of this risk requires trusting a cloud service provider to implement suitable privacy controls. Furthermore, auditors and authorities need to be able to hold service providers accountable for their actions, enforcing rules and regulations through penalties and other mechanisms, and ensuring that any problems are remedied promptly and adequately. This paper examines privacy risk assessment for cloud, and identifies threats, vulnerabilities and countermeasures that clients and providers should implement in order to achieve privacy compliance and accountability.

[1]  Siani Pearson,et al.  Privacy, Security and Trust in Cloud Computing , 2013 .

[2]  Jean-Henry Morin,et al.  Towards Cloud Computing SLA Risk Management: Issues and Challenges , 2012, 2012 45th Hawaii International Conference on System Sciences.

[3]  Christopher Millard,et al.  Data Protection Jurisdiction and Cloud Computing – When are Cloud Users and Providers Subject to EU Data Protection Law? The Cloud of Unknowing, Part 3 , 2012 .

[4]  A. Anonymous,et al.  Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy , 2013, J. Priv. Confidentiality.

[5]  Dimitris Gritzalis,et al.  In Cloud We Trust: Risk-Assessment-as-a-Service , 2013, IFIPTM.

[6]  H. Elsheshtawy,et al.  Personal Information Protection and Electronic Documents Act , 2015 .

[7]  Siani Pearson,et al.  Taking account of privacy when designing cloud computing services , 2009, 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing.

[8]  Siani Pearson,et al.  Toward Accountability in the Cloud , 2011, IEEE Internet Computing.

[9]  Murat Kantarcioglu,et al.  Impact of security risks on cloud computing adoption , 2011, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[10]  Siani Pearson,et al.  Privacy Management in Global Organisations , 2012, Communications and Multimedia Security.

[11]  Charles Oppenheim,et al.  Privacy Impact Assessments: International experience as a basis for UK Guidance , 2008, Comput. Law Secur. Rev..

[12]  Privacy, Accountability and Trust – Challenges and Opportunities , 2011 .

[13]  Ben Walters,et al.  QUIRC: A Quantitative Impact and Risk Assessment Framework for Cloud Security , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[14]  Dimitris Gritzalis,et al.  The Insider Threat in Cloud Computing , 2011, CRITIS.

[15]  Dimitris Gritzalis,et al.  A Cloud Provider-Agnostic Secure Storage Protocol , 2010, CRITIS.

[16]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[17]  Yanzhen Qu,et al.  A Holistic Model for Making Cloud Migration Decision: A Consideration of Security, Architecture and Business Economics , 2012, 2012 IEEE 10th International Symposium on Parallel and Distributed Processing with Applications.

[18]  Heng Liu,et al.  A Method of the Cloud Computing Security Management Risk Assessment , 2012 .

[19]  Christopher Millard,et al.  Data protection jurisdiction and cloud computing – when are cloud users and providers subject to EU data protection law? The cloud of unknowing , 2012 .

[20]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[21]  T. Grance,et al.  SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing , 2011 .

[22]  Frank Teuteberg,et al.  Decision-making in cloud computing environments: A cost and risk based approach , 2011, Information Systems Frontiers.

[23]  Burton S. Kaliski,et al.  Toward Risk Assessment as a Service in Cloud Environments , 2010, HotCloud.

[24]  Xuejie Zhang,et al.  Information Security Risk Management Framework for the Cloud Computing Environments , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[25]  Ping Wang,et al.  Threat risk analysis for cloud security based on Attack-Defense Trees , 2012, 2012 8th International Conference on Computing Technology and Information Management (NCM and ICNIT).