AUTOMATING COMPLIANCE FOR CLOUD COMPUTING SERVICES

We present an integrated approach for automating service providers’ compliance with data protection laws and regulations, business and technical requirements in cloud computing. The techniques we propose in particular include: natural-language analysis (of legislative and regulatory texts, and corporate security rulebooks) and extraction of enforceable rules, use of sticky policies, automated policy enforcement and active monitoring of data, particularly in cloud environments. We discuss ongoing work on developing a software tool for natural-language processing of cloud terms of service and other related policy texts. We also identify opportunities for future software development in the area of cloud computing compliance.