A Cloud Service Broker with Legal-Rule Compliance Checking and Quality Assurance Capabilities

The ICT industry, and specifically critical sectors such as healthcare, transportation, energy and government require as mandatory the compliance of the ICT systems and services with legislation and regulation, as well as with standards. In the era of cloud computing, and particularly in a public cloud scenario, this compliance management issue is exacerbated by the distributed nature of the system and by the limited control of the customer on the infrastructure/services. Also if the cloud industry is aware of this legislation/regulation compliance issue (e.g. the compliance program of Amazon, Google and Microsoft Azure), right now, there are nor reference architectures neither mechanisms capable to check and to assure, off-line and at run-time, that the compliance is guaranteed during the whole life cycle of a cloud service.Cloud service brokerage can play an important role in law/regulation compliance management of cloud services. In this paper we propose a broker-based solution for the management of law/regulation compliance. In the specific first we define a reference architecture for a legislation-aware cloud service broker, and second we propose an autonomic manager that integrate the MAPE-K control loop with the LegEx framework for the management of the legal compliance checking lifecycle.