Jump to Navigation

 

Results

The Cloud Accountability Project delivers a set of tools for:

  • Enabling cloud service providers to give their users appropriate control and transparency over how their data is used
  • Enabling cloud end users to make choices about how cloud service providers may use and will protect data in the cloud, and be better informed about the risks, consequences, and implementation of those choices
  • Monitoring and checking compliance with users’ expectations, business policies and regulations

The project builds the Accountability Framework as a comprehensive specification for how to create accountability for cloud services, spanning regulatory, legal, technical, business and user issues.

Tools

Tools for Accountability

  • Policy Configuration and Enforcement System - give:
    • service providers a way to implement users’ specification for data use, provide logs of how it is used in support of evidence collection, and pass obligations through the supply chain, e.g. for consent
      management
    • service users the possibility to interact with enforcement systems, specify and update policies (e.g. privacy preferences and consent) and correct/delete data online if permitted by the enforcement system.
  • Accountability Validation Tool - enables assertions about accountability to be made
  • Risk Assessment Tool - provide users with an assessment of potential risks and impact of a cloud service
  • Contract Support Tool - support users and service providers in identifying the contract terms that are appropriate to the context of use
  • System for Evidence Collection - capture, integrate and process the information, including logs, policies and context in a way that privacy and confidentiality are preserved, and support audit and attribution
  • Remediation Tool - support for remediation and redress
  • Policy Monitoring Tool - enable continuous configuration checking and keep the users informed about where and how data is being used and whether policies have been followed

Accountability Framework

  • Conceptual foundation for accountability, including clarification of core functions
  • Recommendations and guidelines on data governance in complex, multi-tenant IT infrastructures and the cloud, including analysis of the revised EU Data Protection Framework, reports on legal and regulatory dependencies for effective accountability and governance and guidelines for privacy-friendly design, liability and cloud contracts
  • Reference architecture for implementing accountability
  • Enumeration and technical specification of the accountability components
  • Models of risk, trust, human understanding and economic data governance in cloud ecosystems
  • Languages for interoperable accountability policies
  • Metrics for measuring accountability