5.2.2 Policy Management and Enforcement
Once policies are expressed into machine readable format, an accountable system should implement an automated enforcement framework in order to fulfil the requirements defined through policy rules. According to the nature of the obligations, different enforcement mechanisms can be integrated within this framework. This section first discuss the main components of the enforcement framework and further suggests some relevant enforcement techniques.
A policy enforcement framework should at least define two main components: the Policy Control Point (PCP) where policies are defined and decisions are taken, and, the Policy Enforcement Point (PEP) which enforces policies through different technologies. The PCP first maps each policy rule to a specific set of actions/operations and takes decisions on when and how to perform such operations. The PEP executes the actions upon PCPs decisions (such as data handling operations based on access control decisions) or continuously monitor some events (logging).
The PEP can implement different enforcement techniques: while preventive solutions such as privacy based access control solutions are implemented to meet data handling obligations, detective solutions help in order to verify the compliance with such data handling obligations. Specifically:
- Privacy enhanced data access control: personal data can be protected through well configured privacy-enhanced solutions. While encryption techniques become mandatory for the protection of the data stored in the cloud, a well-defined access control framework combined with a secure identity management system will help to meet data handling obligations. The new enforcement framework should also allow data subjects to have full access over their data (read, update, delete). Another way to enforce such rules is to implement sticky policies whereby rules and constraints travel with the data. This is especially beneficial in a cloud environment where data can travel.
- Monitoring/logging solutions: ensuring compliance with respect to data handling obligations is not always an easy task; the enforcement framework should therefore implement some dedicated logging solutions. There is a specific need for data transfer monitoring since controlling the location of data can remain difficult; data transfer monitoring tools may help to discover unexpected events. The integrity of logs is considered as the critical functionality of a secure logging solution.
Reliable policy enforcement requires a number of trust assumptions to be made:
- The cloud service provider wants to demonstrate accountability at a reasonable cost, therefore it would have no interest to tamper with the accountability enforcement engine.
- Access to personal data will not circumvent the accountability enforcement engine. Note that the engine by itself cannot guarantee this, since it cannot control the entire environment it is part of (operating system, network, etc).
- Further providers in the cloud service chain provide assurance about the security and privacy procedures and controls such that data subject rights can be guaranteed.
Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.