Grounded in the Cloud
Showing results for 
Search instead for 
Do you mean 

Keys to achieving trust and accountability in the cloud

JudyRedman ‎06-29-2011 08:00 AM - edited ‎07-01-2011 08:59 AM

You’ve read or heard the news….Sony, Lockheed and other big organizations are hacked; Amazon’s cloud goes down.  The FBI shuts down servers in its mission to take down the LulzSec hackers. It’s no wonder CIOs and IT leaders are nervous aboutcloud computing security and data in the cloud. 


Earlier this year, I reported on a and IDG survey of more than 450 IT professionals.  What was the number one challenge of cloud computing according to survey participants?  You guessed it—security.  A whopping 71 percent of enterprises placed security among their top three concerns.  The second and third most cited challenges are concerns about information access and concerns about information governance



This lack of confidence is a key inhibitor to cloud computing and threatens to undermine the pace at which cloud is endorsed and implemented by organizations.  What’s needed is research and a framework or conceptual model for accountability and trust in cloud computing. The smart innovators at HP Labs are doing just that, putting their minds, experience and knowledge to work to address these issues of trust, security and privacy in clouds.


Research in cloud accountability needed

While much research and innovation has gone into preventive controls for security and privacy in the cloud, the TrustCloud research led by HP Labs Singapore found that few are focusing on detective controls around the areas of cloud accountability and auditability. Detective controls are those that identify privacy or security risks that go against the privacy and security policies and procedures of an organization.  Detective approaches complement preventive approaches as they enable the investigation not only of external risks, but also risks from within the Cloud Service Provider (CSP). Detective approaches can also be applied in a less invasive manner than preventive approaches. Here are two examples of detective controls:


  1.     an intrusion detection system on a host or network
  2.    security audit consisting of trails, logs and analysis tools


The TrustCloud framework

 cloud trust diagram2.jpgIn addition to detective controls, HP researchers have developed a conceptual model—the TrustCloud framework—that potentially can be used to give cloud users a single point of view for accountability of the CSP. They examined accountability in the cloud from all aspects, using the Cloud Accountability Life Cycle.  The lifecycle consists of seven phases of cloud accountability that include policy planning, sense and trace, logging, safekeeping of logs, reporting and replaying, auditing and optimizing and rectifying. Then they examine the five layers of cloud accountability and recommend the technical and policy-based approaches for each layer that will help to achieve a trusted cloud.  These five layers include:


1.      System Layer

2.      Data Layer

3.      Workflow Layer

4.      Laws & Regulations

5.      Policies


What’s next? The researchers are currently researching and developing solutions for each layer, with one example being a logging mechanism for the system layer of cloud accountability.


To learn more about achieving a trusted cloud through the use of detective controls and the TrustCloud framework, which addresses accountability in cloud computing via technical and policy-based approaches, download the technical report. 



Related links:




About the Author


Judy Redman has been writing about all areas of technology for more than 20 years.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all