A Blog dedicated to exploring privacy and technology

Privacy Assessments and their usefullness in the cloud, an empirical study

Posted by Wayne on December 12, 2010

It is about a tad over a year when I started writing my dissertation proposal now I am embarking on the next part of the journey – the actual study. In the past year I’ve had the opportunity to author or co-author a couple of papers that are related to my dissertation study. The first one was a position paper about risk assessment in the

PIA Image from ENISA

cloud and how would it be accomplished as a service. The second one just got published in a special edition of IEEE Security & Privacy on cloud computing and is about cloud provider transparency.

These are related to the dissertation study in that they all look at aspects of how privacy risk can be assessed in cloud environments. The dissertation study will differ in that it will empirically test three different privacy assessments against a ‘reference application’ that would run in cloud environments. The reference application will contain data that is regulated or needs to be protected as it is considered private data. The objective of the study is determine how well the privacy assessments work in cloud environments. Does multi-tenancy have an impact on the outcome or does elasticity? Does one assessment versus another do a better job in cloud environments?

The study is not an exhaustive one because it has to be something I can finish in a reasonable amount of time (and finish is the key word here!). It is however unique based on my review of the literature. There does not appear to be a lot of empirical data when it comes to privacy in the research. I honestly couldn’t find anything published about privacy assessments other than Clarke’s work which provides some excellent background and perspective on privacy assessments and where they originated from (hint: environment impact). Breaches – yes – lots of good stuff, privacy assessments – no, not so much. 

Now I just have to sign up three to five cloud providers to allow me to do the study. A bunch of folks said “sure, when you are ready let us know” when I approached them before but now I need real commitments from cloud providers. If anyone can help me by putting me into contact with the decision makers on research at the CSPs or is interested in learning more – please feel free to send me a note or a tweet. The abstract can be found here: Dissertation Abstract and I’ll glad provide more details to the study if you would like to learn more.


email: wayne.pauley at   twitter: @wpauley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: