Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

Could the Outsourcing of Incident Response Management provide a Blueprint for Managing Other Cloud Security Requirements?

Postprin

Conceptual Service Level Agreement Mechanism to Minimize the SLA Violation with SLA Negotiation Process in Cloud Computing Environment

تُستخدم الخدمة عبر الإنترنت لتكون بمثابة الدفع لكل استخدام في الحوسبة السحابية. لا يحتاج مستخدم الخدمة إلى عقد طويل مع مزودي الخدمات السحابية. اتفاقية مستوى الخدمة (SLAs) هي تفاهمات تم تحديدها بين مزودي الخدمة السحابية وغيرهم ، على سبيل المثال ، مستخدم الخدمة أو المشغل الوسيط أو المشغلين المراقبين. نظرًا لأن الحوسبة السحابية هي تقنية مستمرة تقدم العديد من الخدمات لتطبيقات الأعمال الأساسية وأنظمة قابلة للتكيف لإدارة الاتفاقيات عبر الإنترنت تعتبر مهمة تحافظ على اتفاقية مستوى الخدمةو جودة الخدمة لمستخدم السحابة. إذا فشل مزود الخدمة في الحفاظ على الخدمة المطلوبة ، فإن اتفاقية مستوى الخدمة تعتبر انتهاكًا لاتفاقية مستوى الخدمة. الهدف الرئيسي هو تقليل انتهاكات اتفاقية مستوى الخدمة (SLA) للحفاظ على جودة الخدمة لمستخدمي السحابة. في هذه المقالة البحثية ، اقترحنا صندوق أدوات للمساعدة في إجراء تبادل اتفاقية مستوى الخدمة مع مزودي الخدمة والذي سيمكن العميل السحابي من الإشارة إلى متطلبات جودة الخدمة واقترح خوارزمية بالإضافة إلى نموذج التفاوض من اجل التفاوض على الطلب مع الخدمة لمقدمي الخدمة لإنتاج اتفاقية أفضل بين مقدم الخدمة ومستهلك الخدمة السحابية. وبالتالي ، يمكن للإطار الذي تمت مناقشته تقليل انتهاكات اتفاقية مستوى الخدمة وكذلك خيبات الأمل في المفاوضات وتوسيع نطاق كفاية التكلفة. علاوة على ذلك ، فإن مجموعة أدوات اتفاقية مستوى الخدمة المقترحة منتجة بشكل إضافي للعملاء حتى يتمكن العملاء من تأمين سداد قيمة معقولة مقابل تقليل جودة الخدمة أو وقت التنازل. يوضح هذا البحث أنه يمكن الحفاظ على مستوى الضمان في موفري الخدمات السحابية من خلال نقل الخدمات دون انقطاع من منظور العميل.Online service is used to be as Pay-Per-Use in Cloud computing. Service user need not be in a long time contract with cloud service providers. Service level agreements (SLAs) are understandings marked between a cloud service providers and others, for example, a service user, intermediary operator, or observing operators. Since cloud computing is an ongoing technology giving numerous services to basic business applications and adaptable systems to manage online agreements are significant. SLA maintains the quality-of-service to the cloud user. If service provider fails to maintain the required service SLA is considered to be SLA violated. The main aim is to minimize the SLA violations for maintain the QoS of their cloud users. In this research article, a toolbox is proposed to help the procedure of exchanging of a SLA with the service providers that will enable the cloud client in indicating service quality demands and an algorithm as well as Negotiation model is also proposed to negotiate the request with the service providers to produce a better agreement between service provider and cloud service consumer. Subsequently, the discussed framework can reduce SLA violations as well as negotiation disappointments and have expanded cost-adequacy. Moreover, the suggested SLA toolkit is additionally productive to clients so clients can secure a sensible value repayment for diminished QoS or conceding time. This research shows the assurance level in the cloud service providers can be kept up by as yet conveying the services with no interruption from the client's perspectiv

Taming the cloud: Safety, certification and compliance for software services - Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011

The maturity of IT processes, such as software development, can be and is often certified. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, with an increasing adoption of the Service-Oriented Architecture (SOA) design pattern and the deployment of Software-as-a-Service (SaaS) on Cloud infrastructures. In this talk we discuss some issues surrounding engineering Software Services for Cloud infrastructures and highlight the need for enhanced control, service-level agreement and compliance mechanisms for Software Services. Cloud Infrastructures and Service Mash-ups

Cloud service localisation

The essence of cloud computing is the provision of software and hardware services to a range of users in dierent locations. The aim of cloud service localisation is to facilitate the internationalisation and localisation of cloud services by allowing their adaption to dierent locales. We address the lingual localisation by providing service-level language translation techniques to adopt services to dierent languages and regulatory localisation by providing standards-based mappings to achieve regulatory compliance with regionally varying laws, standards and regulations. The aim is to support and enforce the explicit modelling of aspects particularly relevant to localisation and runtime support consisting of tools and middleware services to automating the deployment based on models of locales, driven by the two localisation dimensions. We focus here on an ontology-based conceptual information model that integrates locale specication in a coherent way