Title: A toolkit for automating compliance in cloud computing services

Authors: Nick Papanikolaou; Siani Pearson; Marco Casassa Mont; Ryan K.L. Ko

Addresses: Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK ' Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK ' Cloud and Security Lab, HP Labs, Long Down Avenue, Stoke Gifford, Bristol BS34 8QZ, Bristol, UK ' Cloud and Security Lab, HP Labs, 14F, Connexis South Tower, Fusionopolis, 1 Fusionopolis Way, 138632, Singapore

Abstract: We present an integrated approach for automating service providers' compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforceable rules, use of sticky policies, automated policy enforcement and active monitoring of data, particularly in cloud environments. We currently work on developing a software tool for semantic annotation and natural language processing of cloud ToS and other related policy texts. We describe our implementations of two parts of the proposed toolkit, namely the semantic annotation editor and the EnCoRe policy enforcement framework. We also identify opportunities for future software development in the area of cloud computing compliance.

Keywords: cloud computing compliance; accountability; natural language processing; NLP; policy enforcement; data protection; regulations; legislation; corporate security rulebooks; data monitoring; semantic annotation.

DOI: 10.1504/IJCC.2014.058830

International Journal of Cloud Computing, 2014 Vol.3 No.1, pp.45 - 68

Published online: 02 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article