Accountability For Cloud and Other Future Internet Services
Cloud and IT service providers should act as responsible stewards for the data of their customers and users. However the current absence of accountability frameworks for distributed IT services makes it difficult for users to understand, influence and determine how their service providers honour their obligations. A4Cloud will create solutions to support users in deciding and tracking how their data is used by cloud service providers. By combining methods of risk analysis, policy enforcement, monitoring and compliance auditing with tailored IT mechanisms for security, assurance and redress, A4Cloud aims to extend accountability across entire cloud service value chains, covering personal and business sensitive information in the cloud.
A4Cloud solutions will support service providers in preventing breaches of trust by using audited policy enforcement techniques, assessing the potential impact of policy violations, detecting violations, managing incidents and obtaining redress. It will develop techniques for improved trustworthiness of cloud ecosystems as prerequisite for accountability. Therefore it will create policies and tools that enforce responsibilities while striking a balance between transparency and privacy, and determine issues and constraints for regulators, corporate and institutional service providers, users, and their end-users. A4Cloud will have a lasting impact on the competitiveness of the European ICT sector by addressing major perceived barriers to trustworthy cloud-based services.
The role of NICS Lab in A4Cloud is mainly related to the areas of trust and security metrics, as well as to the security assessment part. In particular, we lead the work package in charge of defining metrics for non-functional properties that influence accountability. These metrics would be used during the course of the project as a support for the decision-making process.