Complying with Data Handling Requirements in Cloud Storage Systems

In past years, cloud storage systems saw an enormous rise in usage. However, despite their popularity and importance as underlying infrastructure for more complex cloud services, today's cloud storage systems do not account for compliance with regulatory, organizational, or contractual data handling requirements by design. Since legislation increasingly responds to rising data protection and privacy concerns, complying with data handling requirements becomes a crucial property for cloud storage systems. We present PRADA, a practical approach to account for compliance with data handling requirements in key-value based cloud storage systems. To achieve this goal, PRADA introduces a transparent data handling layer, which empowers clients to request specific data handling requirements and enables operators of cloud storage systems to comply with them. We implement PRADA on top of the distributed database Cassandra and show in our evaluation that complying with data handling requirements in cloud storage systems is practical in real-world cloud deployments as used for microblogging, data sharing in the Internet of Things, and distributed email storage.Comment: 14 pages, 11 figures; revised manuscript, accepted for publication in IEEE Transactions on Cloud Computin

Risk and Compliance Management for Cloud Computing Services: Designing a Reference Model

More and more companies are making use of Cloud Computing Services in order to reduce costs and to increase theflexibility of their IT infrastructures. Currently, the focus is shifting towards problems of risk and compliance which includeas well the realm of Cloud Computing security. For instance, since the storage locations of data may shift or remain unknownto the user, the problem of the applicable jurisdiction arises and impede the adoption and management of Cloud ComputingServices. Therefore, companies need new methods to avoid being fined for compliance violations, to manage risk factors aswell as to manage processes and decision rights. This paper presents a reference model that serves to support companies inmanaging and reducing risk and compliance efforts. We developed the model on the solid basis of a systematic literaturereview and practical requirements by analyzing Cloud Computing Service offers

A Study on Data Protection in Cloud Environment

Data protection in the online environment pertains to the safeguarding of sensitive or important data kept, analyzed, or sent in cloud-based systems. It entails assuring data confidentiality, integrity, and availability, as well as adhering to appropriate data protection requirements. In a nutshell, cloud data protection seeks to protect data against unauthorized access, deletion, or breaches while retaining its accuracy and accessible to authorized users. This is accomplished in the cloud environment using various security measures, encryption approaches, access controls, disaster recovery and backup processes, and constant monitoring and threat detection.  The research significance of data protection in the cloud environment can be summarized as follows: Security and Privacy: Research in data protection in the cloud helps address the security and privacy concerns associated with storing and processing sensitive data in cloud-based systems. It explores and develops advanced security mechanisms, encryption techniques, and access controls to protect data from unauthorized access, data breaches, and privacy violations. Trust and Confidence: Research in data protection contributes to building trust and confidence in cloud computing. By developing robust security solutions and demonstrating their effectiveness, research helps alleviate concerns about data security and privacy, fostering greater adoption of cloud services by organizations and individuals. Compliance and Regulations: Cloud computing often involves compliance with data protection regulations and industry standards. Research in this area explores the legal and regulatory aspects of data protection in the cloud and helps organizations understand and comply with relevant requirements. Data Resilience and Recovery: Research in data protection focuses on ensuring data resilience and developing efficient data recovery mechanisms in the cloud. It explores backup and disaster recovery strategies, data replication techniques, and data loss prevention methods to minimize downtime, recover data promptly, and maintain business continuity in the event of system failures or disasters. By addressing these research areas, studies on data protection in the cloud environment contribute to enhancing security, privacy, compliance, and resilience in cloud computing. They provide valuable insights, practical solutions, and guidelines for organizations and service providers to protect data effectively and maintain the trust of users in cloud-based services. The weighted product method approach is commonly used to choose the best data protection in cloud environment. CCSS1, CCSS2, CCSS3, CCSS4, CCSS5 data visibility, data integrity, Maintains compliance, Data security, Data storage. From the result it is seen that CCSS2 got highest rank whereas CCSS5 got lowest rank According to the results, CCSS2 was ranked first

A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.The concept of cloud computing offers measurable computational or information resources as a service over the Internet. The major motivation behind the cloud setup is economic benefits, because it assures the reduction in expenditure for operational and infrastructural purposes. To transform it into a reality there are some impediments and hurdles which are required to be tackled, most profound of which are security, privacy and reliability issues. As the user data is revealed to the cloud, it departs the protection-sphere of the data owner. However, this brings partly new security and privacy concerns. This work focuses on these issues related to various cloud services and deployment models by spotlighting their major challenges. While the classical cryptography is an ancient discipline, modern cryptography, which has been mostly developed in the last few decades, is the subject of study which needs to be implemented so as to ensure strong security and privacy mechanisms in today’s real-world scenarios. The technological solutions, short and long term research goals of the cloud security will be described and addressed using various classical cryptographic mechanisms as well as modern ones. This work explores the new directions in cloud computing security, while highlighting the correct selection of these fundamental technologies from cryptographic point of view

Enhancing reuse of data and biological material in medical research : from FAIR to FAIR-Health

The known challenge of underutilization of data and biological material from biorepositories as potential resources formedical research has been the focus of discussion for over a decade. Recently developed guidelines for improved data availability and reusability—entitled FAIR Principles (Findability, Accessibility, Interoperability, and Reusability)—are likely to address only parts of the problem. In this article,we argue that biologicalmaterial and data should be viewed as a unified resource. This approach would facilitate access to complete provenance information, which is a prerequisite for reproducibility and meaningful integration of the data. A unified view also allows for optimization of long-term storage strategies, as demonstrated in the case of biobanks.Wepropose an extension of the FAIR Principles to include the following additional components: (1) quality aspects related to research reproducibility and meaningful reuse of the data, (2) incentives to stimulate effective enrichment of data sets and biological material collections and its reuse on all levels, and (3) privacy-respecting approaches for working with the human material and data. These FAIR-Health principles should then be applied to both the biological material and data. We also propose the development of common guidelines for cloud architectures, due to the unprecedented growth of volume and breadth of medical data generation, as well as the associated need to process the data efficiently.peer-reviewe