Abstract
To address data protection concerns, authorities and standards bodies worldwide have released a plethora of regulations, guidelines, and software controls to be applied to Cloud data. As a result, service providers maintaining their end-user’s private attributes have seen a surge in compliance requirements. Since most of these regulations are not available in a machine-processable format, it requires significant manual effort to adhere to them. Often many of the laws have overlapping rules, but as they are not referencing each other, providers must duplicate efforts to comply with each regulation. We have done a detailed study of all the data protection regulations that apply to Cloud data. We have developed an integrated, semantically rich knowledge graph that captures these various data compliance regulations. It includes the data threats and security controls that are needed to mitigate the risks. In this paper, we present this knowledge graph in detail, along with the system that we have developed to evaluate it. We have validated our knowledge graph against the privacy policies of various Cloud service providers like Amazon, Google, IBM, and Rackspace. This knowledge graph is available in the public domain and can be used by organizations to automate their compliance processes and set their enterprise Cloud security policies.
Highlights
Cloud Services are increasingly maintaining their consumer’s confidential attributes, like personal, browsing patterns, and financial payment details, to facilitate seamless user experience
We have developed a comprehensive representation of the rules encapsulated in Payment Card Industry Data Security Standard (PCI DSS) and GDPR [44]
We reviewed the potential threats faced by Cloud consumers and determined the compliance models and security controls that should be in place to manage these risks [61]
Summary
Cloud Services are increasingly maintaining their consumer’s confidential attributes, like personal, browsing patterns, and financial payment details, to facilitate seamless user experience. A significant portion of this consumer data is often shared by the Cloud service providers with their subsidiaries and third parties for further analysis to ensure customer retention and increase their purchase volume. Even though Cloud-based services provide cost savings and rapid provisioning/scaling, privacy and security of Cloud data remain a concern for most consumers [42]. Because of this surge in sensitive information on the Cloud, regulatory organizations world over are formulating data protection legislation, like the European Union’s General Data Protection Regulation (EU GDPR) [63] and Payment Card Industry Data Security Standard (PCI DSS) [64], etc.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
