1. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability for Data
Governance in the Cloud
Massimo Felici
Hewlett-Packard Laboratories
A4Cloud Summer School
Malaga, Spain, 3 June 2014
2. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Problem of Data Governance
• Data Governance in the Cloud
Accountability Definitions
• Conceptual Definition of Accountability
• Definition of Accountability for Data Stewardship in the Cloud
Accountability Model
• Accountability Attributes, Practices and Mechanisms
Accountability Governance
• Accountability Framework
• Accountability Context
• Accountability Governance
Accountability, Risk and Trust
Overview
3. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
PROBLEM OF DATA
GOVERNANCE
4. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Different national privacy or data protection laws in place
• The EU Data Protection Directive is currently going
through a legislative and revision process
• Complex evolving regulatory regimes to comply with
Regulatory Complexity
In Europe, it is necessary
to comply with the
different national laws
Specific mechanisms
(e.g. Binding Corporate
Rules, contracts) may be
in place in order to
guarantee data transfers
Other arrangements are
necessary to allow
transborder data flows
outside Europe, e.g. safe-
harbour agreement with
US
5. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Evolution of regulatory frameworks
Regulatory Frameworks
ASIA
APEC Cross Border Privacy Rules
New country laws
EUROPE
Binding Corporate Rules
Revision of EU Privacy Directive
NORTH AMERICA
Enforcement powers in Canada
Proposed Consumer Privacy Bill in USA
LATIN AMERICA
New laws in Mexico, Colombia
Proposed laws in Peru, Costa Rica, Chile ...
ACCOUNTABILITY
6. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Emerging Issues: Cloud supply chains, Complexity, Scale, (Big) Data mining
Cloud Ecosystem Challenges
Isolation Failure Compliance
Hazard
Incomplete Data
Deletion
Lock in Hazard
Loss of
Governance
7. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Problem of Data Governance
Different
regulatory
regimes
Complex
governance
environment
Lack of trust in
the cloud
Lack of
governance and
transparency
Transfer of data
into the cloud
8. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Globalisation and new technologies
• Cloud computing is the most significant shift in ICT deployments
• Global business environments
Uncertainty and trust (for customers, providers and regulators)
• Privacy and trust come from sound stewardship of information by service providers for
which we need to hold them accountable
Regulatory complexity for the cloud
• New technologies like cloud are straining traditional privacy frameworks
• It is necessary a clear and consistent framework of data protection rules
• Accountability addresses global interoperability
• Accountability allows avoidance of complex matrix of national laws and reduces
unnecessary layers of complexity for cloud providers
Drivers for Accountability
9. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
DEFINING
ACCOUNTABILITY
10. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
How do you define (characterise) Accountability?
Identify 3 keywords (features) that
characterise accountability
Accountability
11. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Conceptual Definition of Accountability
Defining Accountability
• Accountability consists of defining governance to comply in a
responsible manner with internal and external criteria, ensuring
implementation of appropriate actions, explaining and justifying
those actions and remedying any failure to act properly.
Conceptual Definition of Accountability
Applicable across different domains and
capturing a shared multidisciplinary
understanding within the project
Concerned about governance
Compliance with respect to internal and
external criteria defined by stakeholders
Responsibly and proactively (explaining,
justifying, remedying) delivery of actions
12. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Defining Accountability
• Accountability for an organisation consists of accepting responsibility for
the stewardship of personal and/or confidential data with which it is
entrusted in a cloud environment, for processing, storing, sharing,
deleting and otherwise using the data according to contractual and legal
requirements from the time it is collected until when the data are
destroyed (including onward transfer to and from third parties).
• It involves committing to legal and ethical obligations, policies,
procedures and mechanisms, explaining and demonstrating ethical
implementation to internal and external stakeholders and remedying any
failure to act properly.
Definition of Accountability for
Data Stewardship in the Cloud
Contextualising accountability for
data governance in cloud ecosystems
personal and/or confidential data
Ethical aspects of accountabilityDeploying different mechanisms
13. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Model
Observability
Verifiability
Attributability
Transparency
Responsibility
Liability
Remediability
Defining governance
Ensuring governance
Demonstrating governance
Holding to account
Accountability Definitions
Different mechanisms
supporting accountability
14. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Definitions
Conceptual attributes of accountability as used across different multidisciplinary domains; conceptual
basis for our definitions, and related taxonomic analysis
Observability is a property of an object, process or system which describes how well the internal
actions of the system can be described by observing the external outputs of the system.
Verifiability is a property of an object, process or system that its behavior can be verified against a
requirement or set of requirements.
Attributability is a property of an observation that discloses or can be assigned to actions of a
particular actor (or system element).
Transparency is the property of an accountable system that it is capable of ‘giving account’ of, or
providing visibility of, how it conforms to its governing rules and commitments.
Responsibility is defined as the state of being assigned to take action to ensure conformity to a
particular set of policies or rules.
Liability is the state of being liable (legally responsible).
Remediability is the state of being able to be remedied.
Accountability Attributes
15. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Attributes
Analyse
cloud
behaviour
Assess
compliance
Support
openness
Identify
causes
Provide
Assurance
16. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability practices, what organisations must do to be accountable, support
governance
• Defining Governance
Defines governance to responsibly comply with internal and external criteria,
particularly relating to treatment of personal data and/or confidential data
• Ensuring Governance
Ensures implementation of appropriate actions
• Demonstrating Governance
Explains and justifies those actions, namely, demonstrates regulatory compliance that
stakeholders’ expectations have been met and that organizational policies have been
followed
• Holding to Account
Remedies any failure to act properly, for example: notifies the affected data subjects
or organizations, and/or provides redress to affected data subjects or organizations,
even in global situations where multiple cloud service providers are involved
Accountability Practices
17. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Diverse accountability processes, non-technical mechanisms and technical tools that
support accountability practices, that is, accountability practices use them
Examples of Accountability Mechanisms
• Software Tools
• Governance processes
• Risk assessment
• Assurance
• Standards
• Legal mechanisms
• Sanctions
Accountability Mechanisms
18. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
From accountability to being accountable
• Operationalise the accountability definitions
• Capture different abstraction levels of accountability
• Identify attributes contributing towards accountability
• Characterise accountable organisations
• Identify elements of accountability practices
• Enable accountability practices
Accountability Model
19. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
FROM ACCOUNTABILITY
TO BEING ACCOUNTABLE
20. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Context
21. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Rationale
• Increase trust (and trustworthiness)
• Trust can be achieved through: sound stewardship of information by
service providers for which they need to be held accountable, and by
integrated design for privacy
• Increase transparency, redress and assurance in a
manageable way
• Motivate orgs to improve level of compliance
• Decrease complexity of complying with regulations in global business
environments
• Flexibility in return for demonstration
Accountability-based Approach
in the Cloud
22. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Organisations accountable for obligations in relation to
treatment of data
• Accountable organisations should ensure that
obligations to protect data are observed by all who store
and process the data, irrespective of where that
processing occurs.
• Obligation:
o Is a requirement, agreement or promise for which
there are certain consequences if it is breached.
o It can be one of three types: contractual, regulatory,
and normative (i.e. derived from social norms)
Obligations
23. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Context
Regulatory Regimes
Accountability
Cloud Ecosystems
Obligations,
responsibilities and
liabilities of actors
Clarification of
Requirements
Stakeholders
Requirements
Trustworthy
Account
Help with meeting
Obligations
Transparency
24. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
We take a ‘strong accountability’ approach
In particular, via:
• Being precise about what accountability means
• Joining technical measures to enhance the integrity and
authenticity of logs with enhanced reasoning about how
these logs show whether or not data protection
obligations have been fulfilled (trusted logs + analysis)
• Including verification by independent, trusted entities and
certification based on such verification
• Moving beyond accountability of procedures, to
accountability of practice
Accountability-based Approach
in the Cloud
25. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Framework
Supporting cloud actors
Supporting accountability
at different stages
Co-designing: Responsible
and ethical corporate
governance, Innovative
regulatory frameworks, and
Supporting technologies
Preventive – investigating and mitigating risk in order to
form policies and determine appropriate mechanisms to
put in place; putting in place appropriate policies,
procedures and technical mechanisms)
Detective – monitoring and
identifying policy violation;
putting in place detection
and traceability measures
Corrective – managing
incidents and providing
notifications and redress
26. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Governance
Claims
Supported by
arguments
Providing
Evidence
Questioning
Evidence
Deciding to
Trust
Emerging
Trustworthiness
27. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
ACCOUNTABILITY IN
CLOUD ECOSYSTEMS
28. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud Computing Roles
1. Cloud Subject: An entity whose data is processed by a cloud
provider, either directly or indirectly. When necessary we may
further distinguish:
a) Individual Cloud Subject, when the entity refers to a person.
b) Organisation Cloud Subject, when the entity refers to an
organisation.
2. Cloud Customer: An entity that (1) maintains a business
relationship with, and (2) uses services from a Cloud Provider.
When necessary we may further distinguish:
a) Individual Cloud Customer, when the entity refers to a
person.
b) Organisation Cloud Customer, when the entity refers to an
organisation..
3. Cloud Provider: An entity responsible for making a [cloud]
service available to Cloud Customers
4. Cloud Carrier: The intermediary entity that provides connectivity
and transport of cloud services between Cloud Providers and
Cloud Customers
5. Cloud Broker: An entity that manages the use, performance
and delivery of cloud services, and negotiates relationships
between Cloud Providers and Cloud Customers
6. Cloud Auditor: “An entity that can conduct independent
assessment of cloud services, information system operations,
performance and security of the cloud implementation, with
regards to a set of requirements, which may include security,
data protection, information system management, regulations
and ethics.
7. Cloud Supervisory Authority: An entity that oversees and
enforces the application of a set of rules.
29. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Data Protection Roles
1. Data subject: an identified or identifiable natural person (i.e.
living individual). An identifiable person is one who can be
identified, directly or indirectly, in particular by reference to an
identification number or to one or more factors specific to his
physical, physiological, mental, economic, cultural or social
identity.
2. Data controller: an entity which alone or jointly with others
determines the purposes and means of the processing of
personal data.
3. Data processor: an entity that processes personal data on
behalf of the controller.
4. Third party: an entity other than the data subject, the controller,
the processor and the persons who, under the direct authority of
the controller or the processor, is authorised to process the data.
5. Recipient: an entity to which data is disclosed, whether a third
party or not; (excluding authorities which receive data in the
framework of an inquiry).
6. Supervisory authority: an independent authority that enforces
the application of the data protection regulations in member
states, providing advice to the competent bodies with regard to
legislative and administrative measures relating to the
processing of personal data, hearing complaints lodged by
citizens with regard to the protection of their data protection
rights. The supervisory authority is either the Data Protection
Authority or, less frequently, the National Regulatory Authority in
the telecom sector in some member states.
30. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud Actor Roles
31. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud Actor Roles
Extended NIST cloud roles Data protection roles
Cloud subject Data subject
Cloud customer Data controller or
Data processor
Cloud provider Data processor or
Data controller
Cloud carrier Data processor or
Data controller (unlikely) or
Not applicable.
Cloud broker Data processor or
Data controller
Cloud auditor (Not Applicable)
Cloud supervisory authority Supervisory authority
(DPA or NRA)
(Not Applicable) Third party
(Not Applicable) Recipient
32. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Article 29 WP 173, Opinion 3/2010 on
the principle of accountability:
Data protection must move from
‘theory to practice’.
(i) the need for a controller to take
appropriate and effective measures
to implement data protection
principles;
(ii) the need to demonstrate upon
request that appropriate and
effective measures have been
taken. Thus, the controller shall
provide evidence of (i) above.
Accountability consists of:
• Defining and accepting
responsibility
• Ensuring implementation
of appropriate actions
• Explaining and justifying
actions
• Remediating failure
The Principle of Accountability
33. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Data controllers and data processors:
what's the difference?
Test by the UK Information
Commissioner’s Office (ICO)
Data Controllers
and Processors
34. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Emerging Issues: Cloud supply chains, Complexity, Scale, (Big) Data mining
Cloud Ecosystem Challenges
Isolation Failure Compliance
Hazard
Incomplete Data
Deletion
Lock in Hazard
Loss of
Governance
35. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability through cloud service supply chains to organisation that
uses cloud services
Accountability Relationships
Cloud provider nearly always DP
• may need to assume co-
controllership responsibilities
• may not know who the users
are or what their services are
being used for
DP is accountable for
cooperation with DC to:
• meet data subjects’ rights
• assist DC in providing security
measures
• act only on DC’s behalf
36. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud providers and cloud customers are accountable to cloud subjects
and Cloud Supervisory Authority
Accountability Relationships
• Cloud customer is in
general considered DC
• DC will be accountable for
applicable data protection
measures
37. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability to society
Accountability Relationships
• Cloud subject should
be the rationale and
real beneficiary of
accountability chain
• All actors ultimately
accountable to cloud
subject
38. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
1. Accountability should be viewed as a means to an end, not as alternative to
reframing basic privacy principles
• Organisations should be accountable for the personal and confidential information that they
collect, store, process and disseminate
2. Accountability must deliver effective solutions whilst avoiding where possible overly
prescriptive or burdensome requirements
3. Commitments of DC need to be well defined – (part of) responsibility
• Commitments of DC should include all applicable legal obligations + any industry standards
and declarations made by DC in privacy statements (def. of policies wrt. external criteria, 3
types of obligations)
• Clear allocation of privacy & security responsibilities across DC and DPs
4. Transparency
• Public nature of account where possible
• Commitments of DC need to be properly understood by DS (and other parties)
5. Verification of account
• Claims should be challengeable
• Strong enough verification process to show (extent to which) commitments have been fulfilled
• Guarantees needed about integrity and authenticity of evidence
• Actor carrying out verification needs to be trusted by DS and to have appropriate authority
and resources to carry out spot checking, etc.
Key Features
39. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
ACCOUNTABILITY, RISK
AND TRUST
40. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Emerging Issues: Cloud supply chains, Complexity, Scale, (Big) Data mining
Cloud Ecosystem Challenges
Isolation Failure Compliance
Hazard
Incomplete Data
Deletion
Lock in Hazard
Loss of
Governance
41. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Risk Assessment
RISK
Likelihood
or
Probability of
Occurrence
Impact
or
Severity
Threat Scenario
CSA top
threats
ENISA risk
analysis
Cloud
Ecosystem
Operational
Evidence
Expert
Judgement
42. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability, Risk and Trust
How does
Accountability relate to
Risk and Trust?
43. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability, Risk and Trust
STATEMENT YES MAY BE NO
Risk affects accountability
Risk requires trust
(dealing with uncertainty)
Some threats are specific to cloud services
Accountability mitigates risk
Accountability mediates risk and trust (enhancing
knowledge)
Accountability supports interactions in the cloud
Accountability supports trust decisions
Accountability enhances cloud trustworthiness
Trust facilitates interactions
Trust relies on operational evidence of trustworthiness
44. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability, Risk and Trust
45. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
• Risk affects accountability
• Risk requires trust (dealing with uncertainty)
• Accountability mitigates risk
• Accountability mediates risk and trust (enhancing knowledge)
• Trust facilitates interactions
• Trust relies on operational evidence of trustworthiness
Accountability, Risk and Trust
46. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability, Risk and Trust
47. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
SUMMARY
48. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Addressing data governance in the cloud
• Accountability Definitions
• Accountability Model
• Accountability Framework
• Accountability Governance
Accountability in Cloud Ecosystems
Accountability, Risk and Trust
Accountability Highlights
49. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
1. A4Cloud, Glossary of Terms and Definitions, November 2013.
2. M. Felici, T. Koulouris, and S. Pearson, “Accountability for Data
Governance in Cloud Ecosystems”, in 2013 IEEE International Conference
on Cloud Computing Technology and Science (CloudCom 2013),
Proceedings, IEEE, pp. 327–332, IEEE Computer Society, 2013.
3. M. Felici, M. G. Jaatun, E. Kosta, and N. Wainwright, “Bringing
Accountability to the Cloud: Addressing Emerging Threats and Legal
Perspectives”, in M. Felici (Ed.), Cyber Security and Privacy, CSP EU
FORUM 2013, Springer-Verlag, CCIS 182, pp. 28–40, 2013.
4. M. Felici, S. Pearson, “Accountability, Risk and Trust in Cloud Services:
Towards an Accountability-based Approach to Risk and Trust Governance”,
IEEE 2014 International Workshop on Security and Privacy Engineering
(SPE 2014), IEEE Services 2014 (To appear).
Further Readings
50. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Thank You.