Skip to main content
Springer Nature Link
Log in

Accountability in Cloud Service Provision Ecosystems

  • Conference paper
Secure IT Systems (NordSec 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8788))

Included in the following conference series:

  • 1891 Accesses

Abstract

In data protection regulation since the 1980s, accountability has been used in the sense that the ‘data controller’ is responsible for complying with particular data protection legislation and, in most cases, is required to establish systems and processes which aim at ensuring such compliance. This paper assesses this notion in the context of cloud computing, and describes how better and more systematic accountability might be provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Pearson, S., et al.: Accountability for Cloud and Other Future Internet Services. In: Proc. CloudCom 2012, pp. 629–632. IEEE (2012)

    Google Scholar 

  2. Mell, P., Grance, T.: The NIST Definition of Cloud Computing, NIST Special Publication 800-145 (September 2011)

    Google Scholar 

  3. Catteddu, D., Hogben, G. (eds.): Cloud Computing: Benefits, Risks and Recommendations for Information Security. ENISA Report (November 2009)

    Google Scholar 

  4. Gellman, R.: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing. World Privacy Forum (2009)

    Google Scholar 

  5. Pearson, S.: Privacy, Security and Trust in Cloud Computing. In: Pearson, S., Yee, G. (eds.) Privacy and Security for Cloud Computing, Computer Communications and Networks, pp. 3–42. Springer (2012)

    Google Scholar 

  6. Cloud Security Alliance: The Notorious Nine: Cloud Computing Top Threats in 2013, Top Threats Working Group (February 2013)

    Google Scholar 

  7. Cloud Security Alliance (CSA): Top Threats to Cloud Computing. v1.0, Cloud Security Alliance (March 2010)

    Google Scholar 

  8. European Parliament: Fighting Cyber Crime and Protecting Privacy in the Cloud, Directorate-General for Internal Policies (2012), http://www.europarl.euopa.eu/RegData/etudes/join/2012/475104/IPOL-IMCO_ET2012475104_EN.pdf

  9. Landau, S.: Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations. IEEE Security & Privacy 11(4), 66–75 (2013)

    Article  Google Scholar 

  10. International Data Corporation (IDC): Quantitative Estimates of the Demand of Cloud Computing in Europe (2012)

    Google Scholar 

  11. Raab, C.: The Meaning of ‘Accountability’ in the Information Privacy Context. In: Guagnin, D., et al. (eds.) Managing Privacy through Accountability, pp. 15–32. Macmillan (2012)

    Google Scholar 

  12. OECD: Guidelines for the Protection of Personal Data and Transborder Data Flows (1980)

    Google Scholar 

  13. PIPEDA (2000), http://laws-lois.justice.gc.ca/eng/acts/P-8.6/

  14. European DG of Justice (Article 29 Working Party): The future of privacy: joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data (WP168), paragraphs 74-79 (December 2009)

    Google Scholar 

  15. European DG of Justice (Article 29 Working Party): Opinion 3/2010 on the principle of accountability (WP 173) (July 2010), http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp173_en.pdf

  16. European Commission (EC): Proposal for a directive of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data (January 2012)

    Google Scholar 

  17. Center for Information Policy Leadership (CIPL): Accountability: A compendium for stakeholders. The Galway Project (2011)

    Google Scholar 

  18. Office of the Information and Privacy Commissioner of Alberta, Office of the Privacy Commissioner of Canada, Office of the Information and Privacy Commissioner for British Colombia: Getting Accountability Right with a Privacy Management Program (2012)

    Google Scholar 

  19. Papanikolaou, N., Pearson, S.: A Cross-Disciplinary Review of the Concept of Accountability. In: Proceedings of the DIMACS/BIC/A4Cloud/CSA International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC) (May 2013)

    Google Scholar 

  20. Information Commissioner’s Office (ICO): Binding corporate rules (2012)

    Google Scholar 

  21. APEC Data Privacy Sub-Group: Cross-border privacy enforcement arrangement, San Francisco (2011)

    Google Scholar 

  22. Van Alsenoy, B.: Allocating responsibility among controllers, processors, and “everything in between”: the definition of actors and roles in Directive 95/46/EC. Computer Law & Security Review 28, 25–43 (2012)

    Article  Google Scholar 

  23. European Commission (EC): Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995)

    Google Scholar 

  24. OECD: Guidelines Concerning the Protection of Privacy and Transborder Flows of Personal Data (2013)

    Google Scholar 

  25. Millard, C. (ed.): Cloud Computing Law. Oxford University Press (2013)

    Google Scholar 

  26. European DG of Justice (Article 29 Working Party): Opinion 05/12 on Cloud Computing (2012)

    Google Scholar 

  27. CNIL: Recommendations for Companies Planning to Use Cloud Computing Services (2012)

    Google Scholar 

  28. EC: Electronic Communications Sector Directive 2002/58 EC (E-Privacy Directive) (2002)

    Google Scholar 

  29. EC: Unleashing the Potential of Cloud Computing in Europe (2012), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF

  30. Select Industry Group SLA Subgroup: Cloud Service Level Agreement Standardisation Guidelines, Brussels, June 24 (2014)

    Google Scholar 

  31. EC: Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace (2013), http://ec.europa.eu/information_society/newsroom/cf//document.cfm?doc_id=1667

  32. EC: Directive on Network and Information Security (2013), http://ec.europa.eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet-and-online-freedom-and-opportunity-cyber-security

  33. Cloud Security Alliance (CSA): Security Guidance for Critical Areas of Focus in Cloud Computing, v3.0, Cloud Security Alliance (2011)

    Google Scholar 

  34. Pearson, S.: On the Relationship between the Different Methods to Address Privacy Issues in the Cloud. In: Meersman, R., Panetto, H., Dillon, T., Eder, J., Bellahsene, Z., Ritter, N., De Leenheer, P., Dou, D. (eds.) OTM 2013. LNCS, vol. 8185, pp. 414–433. Springer, Heidelberg (2013)

    Google Scholar 

  35. Liu, F., et al.: NIST Cloud Computing Reference Architecture, NIST Special Publication 500-292 (September 2011)

    Google Scholar 

  36. Felici, M., Pearson, S. (eds.): Conceptual Framework Final Report, D:C-2.1, A4Cloud Project (2014)

    Google Scholar 

  37. Felici, M., Koulouris, T., Pearson, S.: Accountability for Data Governance in Cloud Ecosystems. In: Proc. IEEE CloudCom 2013, vol. 2, pp. 327–332. IEEE (2014)

    Google Scholar 

  38. Guagnin, D., Hempel, L., Ilten, C.: Bridging the gap: We need to get together. In: Guagnin, D., et al. (eds.) Managing Privacy Through Accountability, pp. 102–124. Palgrave (2012)

    Google Scholar 

  39. Information Commissioner’s Office: Guidance on the Use of Cloud Computing (2012), http://www.ico.org.uk/for_organisations/guidance_index/~/media/documents/library/Data_Protection/Practical_application/cloud_computing_guidance_for_organisations.ashx

  40. UK government’s National Technical Authority for Information Assurance (CESG): Cloud Security Guidance (2014), http://www.gov.uk/government/collections/cloud-security-guidance

  41. Jansen, W., Grance, T.: Guidelines on Security and Privacy in Public Cloud Computing. Special Publication 800-144, NIST (December 2011)

    Google Scholar 

  42. Radack, S. (ed.): Guidelines For Improving Security And Privacy In Public Cloud Computing. ITL Bulletin (March 2012), http://csrc.nist.gov/publications/nistbul/march-2012_itl-bulletin.pdf

  43. CNIL: Methodology for Privacy Risk Management (2012), http://www.cnil.fr/fileadmin/documents/en/CNIL-ManagingPrivacyRisks-Methodology.pdf

  44. Horwath, C.: Enterprise Risk Management for Cloud Computing, COSO (June 2012), http://www.coso.org/documents/Cloud%20Computing%20Thought%20Paper.pdf

  45. Butin, D., Chicote, M., Le Métayer, D.: Strong Accountability: Beyond Vague Promises. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges, pp. 343–369. Springer (2014)

    Google Scholar 

  46. Charlesworth, A., Pearson, S.: Developing Accountability-based Solutions for Data Privacy in the Cloud. Innovation, Special Issue: Privacy and Technology. European Journal of Social Science Research 26(1), 7–35 (2013)

    Article  Google Scholar 

  47. Pearson, S., Wainwright, N.: An Interdisciplinary Approach to Accountability for Future Internet Service Provision. International Journal of Trust Management in Computing and Communications (IJTMCC) 1(1), 52–72 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security and Cloud Lab, Hewlett Packard Labs, Bristol, UK

    Siani Pearson

Authors
  1. Siani Pearson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Siani Pearson .

Editor information

Editors and Affiliations

  1. SINTEF ICT, Trondheim, Norway

    Karin Bernsmed

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Pearson, S. (2014). Accountability in Cloud Service Provision Ecosystems. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11599-3_1

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11598-6

  • Online ISBN: 978-3-319-11599-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics