Risk-Driven Compliant Access Controls for Clouds
AI-generated Key Points
⚠The license of the paper does not allow us to build upon its content and the key points are generated using the paper metadata rather than the full article.
- Benefits of cloud computing: cost savings and increased agility
- Security and regulatory compliance concerns hinder adoption
- Public clouds are commonly used but can create conflicts when exchanging private data due to multiple jurisdictions with varying degrees of harmonization
- Measurable solutions specific to cloud contexts are needed for managing regulatory compliance
- "Risk-Driven Compliant Access Controls for Clouds" proposes an approach that begins with a conceptual model of explicit regulatory requirements for exchanging private data in multijurisdictional environments
- Metrics for non-compliance or risks to compliance would be integrated into standard data access-control policies and checked at policy analysis time before decisions regarding data access are made
- This approach could help organizations using cloud technology better manage regulatory compliance risks associated with the exchange of private data across multiple jurisdictions while also addressing security concerns
- The authors argue that such an approach could increase acceptance and adoption of cloud computing by addressing ongoing challenges related to security and regulatory compliance concerns.
Authors: Hanene Boussi Rahmouni, Kamran Munir, Mohammed Odeh, Richard McClatchey
Abstract: There is widespread agreement that cloud computing have proven cost cutting and agility benefits. However, security and regulatory compliance issues are continuing to challenge the wide acceptance of such technology both from social and commercial stakeholders. An important facture behind this is the fact that clouds and in particular public clouds are usually deployed and used within broad geographical or even international domains. This implies that the exchange of private and other protected data within the cloud environment would be governed by multiple jurisdictions. These jurisdictions have a great degree of harmonisation; however, they present possible conflicts that are hard to negotiate at run time. So far, important efforts were played in order to deal with regulatory compliance management for large distributed systems. However, measurable solutions are required for the context of cloud. In this position paper, we are suggesting an approach that starts with a conceptual model of explicit regulatory requirements for exchanging private data on a multijurisdictional environment and build on it in order to define metrics for non-compliance or, in other terms, risks to compliance. These metrics will be integrated within usual data access-control policies and will be checked at policy analysis time before a decision to allow/deny the data access is made.
Ask questions about this paper to our AI assistant
You can also chat with multiple papers at once here.
⚠The license of the paper does not allow us to build upon its content and the AI assistant only knows about the paper metadata rather than the full article.
Assess the quality of the AI-generated content by voting
Why do we need votes?
Votes are used to determine whether we need to re-run our summarizing tools. If the count reaches -10, our tools can be restarted.
Similar papers summarized with our AI tools
Navigate through even more similar papers through atree representation
Look for similar papers (in beta version)
By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.
Disclaimer: The AI-based summarization tool and virtual assistant provided on this website may not always provide accurate and complete summaries or responses. We encourage you to carefully review and evaluate the generated content to ensure its quality and relevance to your needs.