Security and Privacy Governance In Cloud Computing via SLAs and a Policy Orchestration Service

by Marco Casassa Mont, Kieran McCorry, Nick Papanikolaou, Siani Pearson
Abstract:
We present in this paper the novel concept of a policy orchestration service, which is designed to facilitate security and privacy governance in the enterprise, particularly for the case where various services are provided to the enterprise through external suppliers in the cloud. The orchestration service mediates between the enterprises’ internal decision support systems (which incorporate core security and privacy recommendations) and the cloud-based service providers, who are assumed to be bound by contractual service level agreements with the enterprise. The function of the orchestration service, which is intended to be accessed as a trusted service in the cloud, is to ensure that applicable security and privacy recommendations are actioned by service providers through adequate monitoring and enforcement mechanisms.
Reference:
Security and Privacy Governance In Cloud Computing via SLAs and a Policy Orchestration Service (Marco Casassa Mont, Kieran McCorry, Nick Papanikolaou, Siani Pearson), In Proceedings of the 2textsuperscriptnd International Conference on Cloud Computing and Services Science (CLOSER 2012), SciTePress, 2012.
Bibtex Entry:
@INPROCEEDINGS{CasassaMont2012,
  author = {Marco {Casassa Mont} and Kieran McCorry and Nick Papanikolaou and
	Siani Pearson},
  title = {Security and Privacy Governance In Cloud Computing via {SLAs} and
	a Policy Orchestration Service},
  booktitle = {Proceedings of the 2textsuperscript{nd} International Conference
	on Cloud Computing and Services Science (CLOSER 2012)},
  year = {2012},
  month = jan,
  publisher = {SciTePress},
  abstract = {We present in this paper the novel concept of a policy orchestration
	service, which is designed to facilitate security and privacy governance
	in the enterprise, particularly for the case where various services
	are provided to the enterprise through external suppliers in the
	cloud. The orchestration service mediates between the enterprises'
	internal decision support systems (which incorporate core security
	and privacy recommendations) and the cloud-based service providers,
	who are assumed to be bound by contractual service level agreements
	with the enterprise. The function of the orchestration service, which
	is intended to be accessed as a trusted service in the cloud, is
	to ensure that applicable security and privacy recommendations are
	actioned by service providers through adequate monitoring and enforcement
	mechanisms.},
  keywords = {cloud security, privacy, SLAs, decision support systems, enterprise
	computing, information governance},
  owner = {Nick},
  timestamp = {2012.02.23},
  url = {../files/paper-orchestrator.pdf}
}