Int. J. of Cloud Computing   »   2014 Vol.3, No.1

 

 

Title: A toolkit for automating compliance in cloud computing services

 

Authors: Nick Papanikolaou; Siani Pearson; Marco Casassa Mont; Ryan K.L. Ko

 

Addresses:
Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK
Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK
Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK
Cloud and Security Lab, HP Labs, 14F, Connexis South Tower, Fusionopolis, 1 Fusionopolis Way, 138632, Singapore

 

Abstract: We present an integrated approach for automating service providers' compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforceable rules, use of sticky policies, automated policy enforcement and active monitoring of data, particularly in cloud environments. We currently work on developing a software tool for semantic annotation and natural language processing of cloud ToS and other related policy texts. We describe our implementations of two parts of the proposed toolkit, namely the semantic annotation editor and the EnCoRe policy enforcement framework. We also identify opportunities for future software development in the area of cloud computing compliance.

 

Keywords: cloud computing compliance; accountability; natural language processing; NLP; policy enforcement; data protection; regulations; legislation; corporate security rulebooks; data monitoring; semantic annotation.

 

DOI: 10.1504/IJCC.2014.058830

 

Int. J. of Cloud Computing, 2014 Vol.3, No.1, pp.45 - 68

 

Available online: 23 Jan 2014

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article