End-User-Driven Approach for Regulatory Compliance in the Public Cloud

End-User-Driven Approach for Regulatory Compliance in the Public Cloud

Jitendra Singh (Dyal Singh Evening College, University of Delhi, India) and Vikas Kumar (Chaudhary Bansi Lal University, India)
DOI: 10.4018/IJSSMET.2021050101
OnDemand PDF Download:
No Current Special Offers


Regulatory compliance is equally binding on small and medium business groups. Owing to the small scale and limited budget, such SMBs are unable to seek expert advice. To adequately guard the SMBs in regulatory compliance, the present work proposed a third-party managed-end user-driven approach that renders the list of regulatory acts applicable in one's case according to the country of one's residence, services subscribed, and type of the operations to be carried out in subscribed cloud paradigm. The list of applicable regulatory acts are rendered at the subscriber's end only. In addition, the proposed method notifies the present state of compliance of under-considered cloud providers. Based on the recommendation received, the subscriber can proceed with his decision to subscribe or not to subscribe in the event if desired compliances do not exist. This technological assistance will eliminate the need to possess the required knowledge in regulatory acts or seeking advice from the regulatory expert.
Article Preview


Cloud computing is transforming the way Information technology (IT) resources are procured and used. Under the legacy based system, one needs to undergo the lengthy procurement procedure in order to purchase the IT infrastructure. In the era of recession and budgetary constraint, frequent purchases of IT resources were hampered (Singh, 2017). This rendered the enterprises to stay out of date with advanced and powerful technology. In addition, complying with the Murphy’s Law, IT resources procured get obsolete in the span of three to five years.

Due to limitation of fund and skilled resources, maintaining expensive resources and their updating is immensely challenging for start-up and SME. To transform the upfront cost into operation cost, cloud computing, a utility based model has evolved (Buyya, Yeo, Venugopal, Broberg, & Brandic, 2009). Accordingly, in cloud computing, resources are not to be maintained and managed by the subscriber, instead by the cloud provider (Singh, 2016). Cloud provider updates the resources at a single point that is at data centre site. Subscribers only pay for the resources subscribed and the duration of resource(s) utilized (Singh, Bhisikar, & Singh, 2013).

To precisely describe the cloud, several definitions of cloud computing exist (Buyya, Yeo, Venugopal, Broberg, & Brandic, 2009; Singh, Bhisikar, & Singh, 2013). However, the one widely accepted is proposed by National Institute of Standards and Technology (NIST) in its draft SP-800-145 and SP- 800-146 (Mell & Grance, 2011). According to the NIST, cloud computing is comprises of three deployment models namely, Private cloud, Public cloud, Hybrid cloud and Community Cloud. Each of them are offering three popular types of services namely Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) (Mell & Grance, 2011). Wide variety of devices that include Desktop, Laptop, and Tablets etc. can be used to access the cloud resources (Rittinghouse & Ransome, 2016). Measuring the duration and amount of resources utilized is the other striking capability of cloud computing that distinguishes it from legacy based system.

In order to reach at present state, several dominating paradigm is being leveraged by cloud paradigm that includes distributed system, Service oriented architecture, Grid computing, Web 3.0 etc. During the cloud’s journey from infancy towards the maturity, several noteworthy contributions have been surfaced that are immensely related to cloud based security, privacy and audit (Khan, 2016; Ferris, 2015; Singh & Raghuvanshi, 2017; Alkhater, Walters, & Wills, 2018).

Security in cloud computing is acting as a key hindrance to its exponential growth (Ali, Khan, & Vasilakos, 2015; Toosi, Calheiros, & Buyya, 2014). Subscribers remain apprehensive related to the data’s security that is stored away from their country of residence, at the same time they do not hold any control over it (Alkhater, Walters, & Wills, 2018; Yimam & Fernandez, 2016). In order to protect the subscriber’s interest, a number of regulations and standards have been evolved and same need to be complied by the cloud providers (Bracci, Corradi, & Foschini, 2014; Jaeger, Lin, & Grimes, 2008). In order to acquaint the user with the regulations and standards complied by the cloud provider, a dedicated web page endorsing compliance(s) is included at cloud providers web site. By undergoing the web page, one can learn the certification and compliance by under-considered cloud provider. This helps the subscribers to decide the appropriate type of cloud that is well suited to their need of regulatory compliance.

Cloud user base according to business size are:

  • Micro business subscribers

  • Small business subscriber

  • Medium business subscriber

  • Large enterprise subscribers

Complete Article List

Search this Journal:
Volume 13: 6 Issues (2022): 2 Released, 4 Forthcoming
Volume 12: 6 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing