Automating Compliance for Cloud Computing Services

by Nick Papanikolaou, Siani Pearson, Marco Casassa Mont, Ryan Ko
Abstract:
We present an integrated approach for automating service providers’ compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural-language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforceable rules, use of sticky policies, automated policy enforcement and active monitoring of data, particularly in cloud environments. We discuss ongoing work on developing a software tool for natural-language processing of cloud terms of service and other related policy texts. We also identify opportunities for future software development in the area of cloud computing compliance.
Reference:
Automating Compliance for Cloud Computing Services (Nick Papanikolaou, Siani Pearson, Marco Casassa Mont, Ryan Ko), In Proceedings of the 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012), SciTePress, 2012.
Bibtex Entry:
@INPROCEEDINGS{Papanikolaou2012b,
  author = {Nick Papanikolaou and Siani Pearson and Marco {Casassa Mont} and
	Ryan Ko},
  title = {Automating Compliance for Cloud Computing Services},
  booktitle = {Proceedings of the 2nd International Conference on Cloud Computing
	and Services Science ({CLOSER} 2012)},
  year = {2012},
  month = jan,
  publisher = {SciTePress},
  abstract = {We present an integrated approach for automating service providers'
	compliance with data protection laws and regulations, business and
	technical requirements in cloud computing. The techniques we propose
	in particular include: natural-language analysis (of legislative
	and regulatory texts, and corporate security rulebooks) and extraction
	of enforceable rules, use of sticky policies, automated policy enforcement
	and active monitoring of data, particularly in cloud environments.
	We discuss ongoing work on developing a software tool for natural-language
	processing of cloud terms of service and other related policy texts.
	We also identify opportunities for future software development in
	the area of cloud computing compliance.},
  keywords = {cloud computing, compliance, accountability, natural language processing,
	policy enforcement},
  owner = {Nick},
  timestamp = {2012.02.23},
  url = {../files/paper-nlp.pdf}
}