ESCUDO-CLOUD - Enforceable Security in the Cloud to Uphold Data Ownership
Today, users placing data in the cloud need to put complete trust that the Cloud Service Providers (CSPs) will correctly manage such data. As a matter of fact, all CSPs can apply security measures in the services they offer, but these measures either give full trust to the CSP and allow it to have full access to the data, or greatly limit the functionality that the CSP is able to offer on the outsourced data.
ESCUDO-CLOUD will provide protection guarantees giving the data owners full control over their data in the cloud, while at the same time giving the cloud functionality over them. The goal of ESCUDO-CLOUD is to empower data owners as first class citizens of the cloud.
This goal will be achieved by providing enforceable security, that is, techniques wrapping the data to provide a layer of protection to the eyes of the storing/processing CSP itself, setting the trust boundary at the client side, which means assuming correct and trusted behaviour only by the client. Data owners will then remain in control over their data when relying on CSPs for data storage, processing, and management.
ESCUDO-CLOUD will be beneficial to both data owners and Cloud Service Providers (CSPs). Data owners will be enabled to outsource their data while maintaining control over them, with the ability to regulate access to them and share them with other users in a selective way and with assurance that their data will remain protected from the CSPs. Data owners will then be able to rely on CSPs and use their services for a wider range of applications.
CSPs significantly benefit, in addition to the increased market penetration that robust data ownership would provide, from reduced regulatory risks, audit costs, and general security threats that they would have to face in the absence of such protection. Freeing CSPs from the worries of protecting data, allows them to even handle the data outside their own control. For instance, it would enable a CSP itself to rely on other services for outsourcing storage and computation, behaving as a broker providing a virtualised cloud service, without worrying about the possible improper exposure of user information, which is guaranteed to be self-protected. This would benefit both larger as well as smaller players in the market, as well as individual users.