To main content

Putting the "Account" into Cloud Accountability

Abstract

Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have inadequate means to address it. In order to make the Cloud a viable alternative for all, accountability of the service providers is key, and with the advent of the EU General Data Protection Regulation (GDPR), ignoring accountability is something providers in the EU market will do at their peril. To be able to hold cloud service providers accountable for how they manage personal, sensitive and confidential information, there is a need for mechanisms that can mitigate risk, identify emerging risks, monitor policy violations, manage any incidents, and provide redress. We believe that being able to offer accountability as part of the service provision will represent a competitive edge for service providers catering to discerning cloud customers, also outside the GDPR sphere of influence. This paper will outline the fundamentals of accountability, and provide more details on what the actual ``account'' is all about.

Category

Academic chapter/article/Conference paper

Language

English

Author(s)

Affiliation

  • University of Stavanger
  • SINTEF Digital / Software Engineering, Safety and Security
  • United Kingdom

Year

2019

Publisher

SciTePress

Book

CLOSER 2019: Proceedings of the 9th International Conference on Cloud Computing and Services Science

ISBN

978-989-758-365-0

Page(s)

9 - 18

View this publication at Cristin