Enhanced Assurance about Cloud Service Provision Promises
It is envisaged that in future cloud service providers will increasingly be using a Privacy Level Agreement (PLA) to disclose their data protection practices. However, this is just a self-assessment relating to data protection compliance. Many cloud customers may wish for greater ease in comparing PLAs fromdifferent providers, as well as increased assurance about what is being claimed. We tackle this issue by means of proposing: a standardised representation for PLAs that can be used in a num-ber of ways, including automated comparison by software tools; an ontological ap-proach that can be used as a basis for such automated analysis; a way of expressing evidence that supports statements made in the PLA. As provision of evidence is key to obtain assurance and build trust about a cloud provider, we present an ontology for evidence and show how the linkage between evidence elements and data protection aspects in PLAs can be realised through an ontology-aware Graphical User Interface (GUI) based tool prototype we have developed. We also discuss how the resulting ma-chine readable version of PLA can be exploited by tools supporting a decision making process for service selection.
Michela D’Errico, Siani Pearson, "Enhanced Assurance about Cloud Service Provision Promises", Proc. IFIP Summer School, Edinburgh, Springer, 2016 (to appear).