Legal issues in clouds: towards a risk inventory.

Cloud computing technologies have reached a high level of development, yet a number of obstacles still exist that must be overcome before widespread commercial adoption can become a reality. In a cloud environment, end users requesting services and cloud providers negotiate service-level agreements (SLAs) that provide explicit statements of all expectations and obligations of the participants. If cloud computing is to experience widespread commercial adoption, then incorporating risk assessment techniques is essential during SLA negotiation and service operation. This article focuses on the legal issues surrounding risk assessment in cloud computing. Specifically, it analyses risk regarding data protection and security, and presents the requirements of an inherent risk inventory. The usefulness of such a risk inventory is described in the context of the OPTIMIS project

A Brokering Framework for Assessing Legal Risks in Big Data and the Cloud

“Cloud computing” and “Big Data” are amongst the most hyped-up terms and buzzwords of the moment. After decades in which individuals and companies used to host their data and applications using their own IT infrastructure, the world has seen the stunning transformation of the Internet. Major shifts occurred when these infrastructures began to be outsourced to public Cloud providers to match commercial expectations. Storing, sharing and transferring data and databases over the Internet is convenient, yet legal risks cannot be eliminated. Legal risk is a fast-growing area of research and covers various aspects of law. Current studies and research on Cloud computing legal risk assessment have been, however, limited in scope and focused mainly on security and privacy aspects. There is little systematic research on the risks, threats and impact of the legal issues inherent to database rights and “ownership” rights of data. Database rights seem to be outdated and there is a significant gap in the scientific literature when it comes to the understanding of how to apply its provisions in the Big Data era. This means that we need a whole new framework for understanding, protecting and sharing data in the Cloud. The scheme we propose in this chapter is based on a risk assessment-brokering framework that works side by side with Service Level Agreements (SLAs). This proposed framework will provide better control for Cloud users and will go a long way to increase confidence and reinforce trust in Cloud computing transactions

Discovering changes of the change control board process during a software development project using process mining

During a software process improvement program, the current state of software development processes is being assessed and improvement actions are being determined. However, these improvement actions are based on process models obtained during interviews and document studies, e.g. quality manuals. Such improvements are scarcely based on the practical way of working in an organization; they do not take into account shortcuts made due to e.g. time pressure. Becoming conscious about the presence of such deviations and understanding their causes and impacts, consequences for particular software process improvement activities in a particular organization could be proposed. This paper reports on the application of process mining techniques to discover shortcomings in the Change Control Board process in an organization during the different lifecycle phases and to determine improvement activities. © 2009 Springer Berlin Heidelberg