13. Cloud Accountability Project
The project focuses on accountability as the
most critical prerequisite for effective
governance and control of corporate and private
data processed by cloud-based IT services.
It aims to assist cloud service providers with:
• Techniques to make services more
trustworthy
• Ways to satisfy business policies and
demonstrate compliance
• Allowing differentiation
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
15. Drivers for accountability
Globalisation and new technologies
•
Cloud computing presents a paradigm shift in how IT is deployed and consumed
Uncertainty and lack of visibility (for consumers, clients and
regulators)
•
Privacy and trust comes from sound stewardship of information by service providers
for which we need to hold them accountable
Regulatory complexity in global business environments,
especially for cloud
•
Accountability addresses global interoperability
•
Clear and consistent framework of data protection rules
•
Allows avoidance of complex matrix of national laws and reduces unnecessary layers
of complexity for cloud providers
•
New technologies like cloud are straining traditional privacy frameworks
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
16. Context
Principles,
Regulations and
Societal Norms
Trying to get
organisations to do the
right thing
What is the right
thing?
supports
Accountability
How to do the right
thing
Design
complements
Holding them to
account if they don’t
Facilitating redress
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
17. Context
Principles,
Regulations and
Societal Norms
Trying to get
organisations to do the
right thing
What is the right
thing?
supports
How to do the right
thing
Control over practical
aspects of compliance
Obligation to prove
that principles put
into effect
Accountability
Design
complements
Holding them to
account if they don’t
Facilitating redress
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
18. Cloud ecosystem
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
19. Model of Accountability
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
21. Defining accountability
Accountability consists of defining
Accountability
governance
to
comply
in
a
responsible manner with internal
Attributes
and external criteria, ensuring
implementation
Practices
of
appropriate
actions, explaining and justifying
those actions and remedying any
Mechanisms
failure to act properly.
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
22. Accountability attributes
• Observabililty
Accountability
Attributes
• Verifiability
• Attributability
• Transparency
Practices
Mechanisms
• Responsibility
• Liability
• Remediation
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
23. Accountability practices
Accountability
Attributes
Practices
• Define governance
• Ensure implementation
• Explain & justify actions
Mechanisms
• Remedy failures
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
24. Accountability mechanisms
Accountability
Attributes
Practices
• Business processes
contain
Mechanisms
• Non-technical
instruments
• Technical tools
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
25. Accountability Mechanisms
Auditing,
Risk assessment, etc
Accountability
Attributes
Practices
• Business processes
contain
Mechanisms
• Non-technical
instruments
• Technical tools
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
26. Accountability Mechanisms
Contracts,
Legal means, etc
Accountability
Attributes
Practices
• Business processes
contain
Mechanisms
• Non-technical
instruments
• Technical tools
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
27. Accountability Mechanisms
Tracking and
transparency tools
Notification of policy
violation, etc
Accountability
Attributes
Practices
• Business processes
contain
Mechanisms
• Non-technical
instruments
• Technical tools
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
28. A4Cloud project
What is needed
Trustworthy
architecture
• User-centric
accountability tools
• Accountability policy
language
• Enforcement
mechanisms for
accountability
Transparent
security
• Reference architecture
for accountability
• Interoperable
mechanisms and tools
Privacy
assurance
Trust
assurance
Policies
• Risk and trust models for
accountability
• Policy compliance
mechanisms and tools
Security
and trust
economics
Governance
• Accountability metrics
• Accountability evidence
mechanisms and tools
• Auditing mechanisms
and tools
• Accountability framework
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
29. A4Cloud & CSA
A4Cloud results are relevant to a number of
number of CSA research, educational activities,
as well as in the context of the Open Certification
Framework
This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).