Accountability is probably the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. The A4Cloud project has built methods and tools which combine:
- Risk analysis
- Policy definition and enforcement
- Monitoring
- Compliance auditing
They contribute to the governance of cloud activities, providing transparency and assisting legal, regulatory and socio-economic policy enforcement. They also create a shift towards individual users actively exercising control over their digital presence in the cloud.
Cloud services allow enterprises to outsource non-core aspects of their business to third parties. The complexity of the service provision eco-system may not be visible to an individual or business end user. However, it should ideally be possible to hold each provider accountable for how it manages, uses, and passes on data and other related information. As such, cloud service users may hand over valuable and sensitive information to cloud service providers without an awareness of what they are committing to or understanding of the risks, with no control over what the service does with the data, no knowledge of the potential consequences, or means for redress in the event of a problem.
- Carmen Fernandez Gago - University of Malaga
- Vasilis Tountopoulos – Athens Technology Center S.A.
- Massimo Felici - Hewlett Packard Enterprise
Agenda
Session Welcome and Openings
Legacy of the Cloud Accountability Project
- Accountability Framework
- Reference Architecture and Accountability Lifecycle
- Contribution to Standards
Demonstrator Use Cases and Tools
- Demo of accountability tools contextualised in demonstrator use cases tailored to cloud stakeholders
- Provision of the Account and Assurance