Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers

• URL: http://arxiv.org/abs/2203.04887v1
• Date: Wed, 9 Mar 2022 16:59:36 GMT
• Title: Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers
• Authors: Ian Walden and Johan David Michels
• Abstract summary: We examine whether all cloud services should be treated as critical infrastructure. We look at the proposed revision of the General Data Protection Regulation and the Network Information Systems Directive. We conclude that since cloud providers are subject to both divergent and divergent regulatory approaches can lead to unintended outcomes and high compliance costs.
• Score: 0.799536002595393
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this chapter, we review how the EU cybersecurity regulatory framework impacts providers of cloud computing services. We examine the evolving regulatory treatment of cloud services as an enabler of the EU's digital economy and question whether all cloud services should be treated as critical infrastructure. Further, we look at how the safeguarding and incident notification obligations under the General Data Protection Regulation ('GDPR') and the Network and Information Systems Directive ('NISD') apply to cloud providers. We also consider the proposed revision of the NISD and look at newly developed voluntary assurance mechanisms for cloud providers, including codes of conduct and certification schemes. We conclude that, since cloud providers are typically subject to both NISD and GDPR and to the jurisdiction of multiple regulators, they face divergent regulatory approaches, which can lead to unintended outcomes and high compliance costs.

Related papers

• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Mitigating Data Sharing in Public Cloud using Blockchain [0.0]
  We propose a secure data ecosystem in the cloud with the key aspects being Data Rights, Data Sharing, and Data Validation. This will ensure that existing public cloud-based systems can easily deploy blockchain enhancing trustworthiness and non-repudiation of cloud data.
  arXiv  Detail & Related papers  (2024-04-21T13:12:44Z)
• Reflection of Federal Data Protection Standards on Cloud Governance [0.0]
  This research focuses on cloud governance by harmoniously combining multiple data security measures with legislative authority. We present legal aspects aimed at the prevention of data breaches, as well as the technical requirements regarding the implementation of data protection mechanisms.
  arXiv  Detail & Related papers  (2024-02-26T17:04:01Z)
• Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
  This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management. It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic. It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
  arXiv  Detail & Related papers  (2024-01-31T12:33:41Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• Emergent (In)Security of Multi-Cloud Environments [3.3819025097691537]
  A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures. We conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures.
  arXiv  Detail & Related papers  (2023-11-02T14:02:33Z)
• Accountability in Offline Reinforcement Learning: Explaining Decisions with a Corpus of Examples [70.84093873437425]
  This paper introduces the Accountable Offline Controller (AOC) that employs the offline dataset as the Decision Corpus. AOC operates effectively in low-data scenarios, can be extended to the strictly offline imitation setting, and displays qualities of both conservation and adaptability. We assess AOC's performance in both simulated and real-world healthcare scenarios, emphasizing its capability to manage offline control tasks with high levels of performance while maintaining accountability.
  arXiv  Detail & Related papers  (2023-10-11T17:20:32Z)
• Managing Cold-start in The Serverless Cloud with Temporal Convolutional Networks [0.0]
  Serverless cloud is an innovative cloud service model that frees customers from most cloud management duties. A big threat to the serverless cloud's performance is cold-start, which is when the time of provisioning the needed cloud resource to serve customers' requests incurs unacceptable costs to the service providers and/or the customers. This paper proposes a novel low-coupling, high-cohesion ensemble policy that addresses the cold-start problem at infrastructure- and function-levels of the serverless cloud stack.
  arXiv  Detail & Related papers  (2023-04-01T21:54:22Z)
• Know Your Customer: Balancing Innovation and Regulation for Financial Inclusion [8.657646730603098]
  We study how tension impacts the deployment of privacy-sensitive technologies aimed at financial inclusion. We build and demonstrate a prototype solution based on open source decentralized identifiers and verifiable credentials software. We consider the policy implications stemming from these tensions and provide guidelines for the further design of related technologies.
  arXiv  Detail & Related papers  (2021-12-17T21:09:51Z)
• Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
  Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
  arXiv  Detail & Related papers  (2020-07-03T10:45:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.