Abstract
Features such as elasticity, scalability, universal access, low entry cost, and flexible billing motivate consumers to migrate their core businesses to the cloud. However, in doing so there are challenges about security, privacy, and compliance. Businesses are pressured to comply with regulations depending on their service types; for example, in the US government agencies are required to comply with FISMA, healthcare organizations are required to comply with HIPAA; public retail companies must to comply with SOX and PCI. We survey work on compliance issues and we conclude that the lack of reference architectures and relevant patterns makes compliance harder than it should be. We also explore current industrial trends of compliance approaches. We end by summarizing compliance issues and give some guidelines about what this architecture and its corresponding patterns should contain.
Highlights
In the last few years, the use of cloud services has become widespread
Yimam and Fernandez Journal of Internet Services and Applications (2016) 7:5 or software houses when implementing software systems that must be compliant, but we have found that the lack of a vendor-neutral standard compliance Reference Architecture (RA) is a basic challenge for service providers, service brokers, consumers, and auditors
Since compliance is strongly based on security measures and related policies, it is clear that an accepted RA describing specific regulations would provide a way to facilitate building systems that comply with the corresponding regulations
Summary
In the last few years, the use of cloud services has become widespread. According to International Data Corporation (IDC) [37], public spending on cloud services is estimated to reach $107 billion by the year 2017. Yimam and Fernandez Journal of Internet Services and Applications (2016) 7:5 or software houses when implementing software systems that must be compliant, but we have found that the lack of a vendor-neutral standard compliance Reference Architecture (RA) is a basic challenge for service providers, service brokers, consumers, and auditors. An RA can be used to guide system design and development; it can be a reference to indicate where the specific compliance policies should be applied in the system architecture. Consumers are challenged to evaluate service providers with no standard compliance RAs that could be used as a common reference and checklist. Since compliance is strongly based on security measures and related policies, it is clear that an accepted RA describing specific regulations would provide a way to facilitate building systems that comply with the corresponding regulations.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
