Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers

• URL: http://arxiv.org/abs/2203.04887v1
• Date: Wed, 9 Mar 2022 16:59:36 GMT
• Title: Getting Critical: Making Sense of the EU Cybersecurity Framework for Cloud Providers
• Authors: Ian Walden and Johan David Michels
• Abstract summary: We examine whether all cloud services should be treated as critical infrastructure. We look at the proposed revision of the General Data Protection Regulation and the Network Information Systems Directive. We conclude that since cloud providers are subject to both divergent and divergent regulatory approaches can lead to unintended outcomes and high compliance costs.
• Score: 0.799536002595393
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this chapter, we review how the EU cybersecurity regulatory framework impacts providers of cloud computing services. We examine the evolving regulatory treatment of cloud services as an enabler of the EU's digital economy and question whether all cloud services should be treated as critical infrastructure. Further, we look at how the safeguarding and incident notification obligations under the General Data Protection Regulation ('GDPR') and the Network and Information Systems Directive ('NISD') apply to cloud providers. We also consider the proposed revision of the NISD and look at newly developed voluntary assurance mechanisms for cloud providers, including codes of conduct and certification schemes. We conclude that, since cloud providers are typically subject to both NISD and GDPR and to the jurisdiction of multiple regulators, they face divergent regulatory approaches, which can lead to unintended outcomes and high compliance costs.

Related papers

• Advocate -- Trustworthy Evidence in Cloud Systems [39.58317527488534]
  The rapid evolution of cloud-native applications, characterized by dynamic, interconnected services, presents significant challenges for maintaining trustworthy and auditable systems. Traditional methods of verification and certification are often inadequate due to the fast-past and dynamic development practices common in cloud computing. This paper introduces Advocate, a novel agent-based system designed to generate verifiable evidence of cloud-native application operations.
  arXiv  Detail & Related papers  (2024-10-17T12:09:26Z)
• Unlocking the Potential of Binding Corporate Rules (BCRs) in Health Data Transfers [0.0]
  This chapter explores the essential role of Corporate Rules (BCRs) in managing and secure health data. The chapter situates BCRs within broader spectrum of transferring sensitive international data. The chapter calls for proactive measures to BCR adoption streamline approval processes, and promote innovative approaches.
  arXiv  Detail & Related papers  (2024-07-31T02:09:52Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Reflection of Federal Data Protection Standards on Cloud Governance [0.0]
  This research focuses on cloud governance by harmoniously combining multiple data security measures with legislative authority. We present legal aspects aimed at the prevention of data breaches, as well as the technical requirements regarding the implementation of data protection mechanisms.
  arXiv  Detail & Related papers  (2024-02-26T17:04:01Z)
• Service Level Agreements and Security SLA: A Comprehensive Survey [51.000851088730684]
  This survey paper identifies state of the art covering concepts, approaches, and open problems of SLA management. It contributes by carrying out a comprehensive review and covering the gap between the analyses proposed in existing surveys and the most recent literature on this topic. It proposes a novel classification criterium to organize the analysis based on SLA life cycle phases.
  arXiv  Detail & Related papers  (2024-01-31T12:33:41Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• The risks of risk-based AI regulation: taking liability seriously [46.90451304069951]
  The development and regulation of AI seems to have reached a critical stage. Some experts are calling for a moratorium on the training of AI systems more powerful than GPT-4. This paper analyses the most advanced legal proposal, the European Union's AI Act.
  arXiv  Detail & Related papers  (2023-11-03T12:51:37Z)
• Emergent (In)Security of Multi-Cloud Environments [3.3819025097691537]
  A majority of IT organizations have workloads spread across different cloud service providers, growing their multi-cloud environments. The increase in the number of attack vectors creates a challenge of how to prioritize mitigations and countermeasures. We conducted an analysis of multi-cloud threat vectors enabling calculation and prioritization for the identified mitigations and countermeasures.
  arXiv  Detail & Related papers  (2023-11-02T14:02:33Z)
• Accountability in Offline Reinforcement Learning: Explaining Decisions with a Corpus of Examples [70.84093873437425]
  This paper introduces the Accountable Offline Controller (AOC) that employs the offline dataset as the Decision Corpus. AOC operates effectively in low-data scenarios, can be extended to the strictly offline imitation setting, and displays qualities of both conservation and adaptability. We assess AOC's performance in both simulated and real-world healthcare scenarios, emphasizing its capability to manage offline control tasks with high levels of performance while maintaining accountability.
  arXiv  Detail & Related papers  (2023-10-11T17:20:32Z)
• Know Your Customer: Balancing Innovation and Regulation for Financial Inclusion [8.657646730603098]
  We study how tension impacts the deployment of privacy-sensitive technologies aimed at financial inclusion. We build and demonstrate a prototype solution based on open source decentralized identifiers and verifiable credentials software. We consider the policy implications stemming from these tensions and provide guidelines for the further design of related technologies.
  arXiv  Detail & Related papers  (2021-12-17T21:09:51Z)
• Regulation conform DLT-operable payment adapter based on trustless - justified trust combined generalized state channels [77.34726150561087]
  Economy of Things (EoT) will be based on software agents running on peer-to-peer trustless networks. We give an overview of current solutions that differ in their fundamental values and technological possibilities. We propose to combine the strengths of the crypto based, decentralized trustless elements with established and well regulated means of payment.
  arXiv  Detail & Related papers  (2020-07-03T10:45:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.