On Thursday, 26th of March project coordinator TECNALIA represented by Ms. Erkuden Rios Velasco took part in Net Futures 2015 event held in Brussels. During the event Ms. Rios Velasco was leading Open discussion session on data protection, security and privacy. She formulated main discussion questions as follows:
- How can the security/data protection properties of cloud-based application be monitored and enforced at runtime when there is no (much) information of the policies applied by cloud providers? How can be overcome the lack of control in cloud provider chain?
- Are sticky policies (data protection requirements attached to the data) feasible in cloud-based applications?
- How can the users be empowered to define their privacy policies and continuously keep the control on what is happening to their data, while at the same time they are not overflown with messages and questions?
- What standards are needed to support the security-aware cloud-based applications? Is it needed an EU level security certification/audit model for CSPs?
- Is it needed a standard way for specifying the privacy and security properties in cloud SLAs? Are machine readable cloud SLAs needed?
Some of these questions we hope to elaborate within MUSA project by developing 3 main tools: First, an IDE for designing the application components taking into account security properties of the cloud services and preparing the components for the security enforcement at runtime. Second, an automatic discovery and deployment tool to deploy the components in the combination of cloud resources that best matches the functional and security requirements. And third, an Assurance Platform in form of SaaS for the continuous monitoring and enforcement of the security policies. When creating the tools, we aim to leverage results from previous EU projects and open source tools.
In connection with Net Futures 2015, MUSA offer was presented and included into “A portfolio of offers for trusted and secure services” curated by CloudWATCH project. The portfolio is a portfolio-catalog of 72 stimulating service offers for trusted and secure services that will emerge from the E2 unit of DG CONNECT Software & Services & Cloud Computing.
Please contact us for further details.