The concept behind Cloud computing has been around for a long time, with Salesforce.com offering the first real enterprise level services via a simple website interface in 1999.

This was quickly followed in 2002 with one of the first Amazon Cloud offering a variety of web services including storage, computational facilities and even Mechanical Turk crowdsourcing. Self-service using online services hosted in the Cloud offer significant scope for cost reduction by service providers.

Secure Society

Project Objectives

However, there are some concerns. Of course, there may be concern that critical services becomes dependent on a third party, and this was identified as a major concern (fourth out of a list of ten). That's not all. At number five in the top ten is a concern that the government will have access to data. But that's not really just about Cloud computing. More importantly though is a concern about the inadvertent disclosure or security risks with critical data. This was rated as the top concern. This is a particular concern in areas such as healthcare and social care, where the data captured and shared is likely to be highly sensitive and the risks of data protection breaches are high, potentially undermining user privacy and leaving service providers with substantial liabilities.

There's a balance to be struck, therefore, between the benefits of cost reduction and sharing resources on the one hand and the risks of lost or compromised data. OPERANDO addresses these concerns for the main stakeholders in online service provision. OPERANDO will design and develop as well as validate and exploit an innovative privacy enforcement platform in support of Privacy as a Service type business models.

Specific field trials will be conducted in public administration, health- and social care, using the OPERANDO privacy enforcement framework to provide greater control and transparency to data subjects (the clients) themselves, facilitate engagement and open communication between service users and their support network, and in so doing create a broad, open market for online privacy services. At the same time, of course, OPERANDO will provide new mechanisms and support for other stakeholders: service providers will be able to specify and enforce user-centric access rights, whilst also predicting future challenges; and regulators will be able to check whether or not appropriate compliance has been met and more importantly, validate who has been given access to sensitive data.

IT Innovation's Role

IT Innovation is leading in two key areas in the OPERANDO project, building on our expertise in information security, privacy, trust and research ethics. We are providing policy evaluation technology based on SAM from SERSCIS that will be used to combine policy constraints from regulations, end users and service providers, and determine the resulting access to data in systems of interacting services. We aim to use this technology to support three main features of OPERANDO:

  • helping service designers and operators analyse the consequences of proposed access control policies given the business logic driving service interactions, so avoiding errors in service design and configuration;
  • helping end users decide whether or not to grant access by services to their data, including access by one service to another, given their privacy preferences;
  • helping data protection auditors to verify that services are compliant with regulations.

We are also providing overall leadership for the field trials, including the specification of and support for ethical trial protocols, drawing on previous experience from the FP7 FIRE programme, and supporting the iterative assessment and validation of project objectives and potential impact assessment.

We're especially interested to collaborate in OPERANDO, because this helps us extend and consolidate our experience and knowledge in key areas around privacy and sensitive data management, as well as trust, ethics and related constructs. This will, of course, contribute to the extension of our software portfolio in terms of security and privacy services (policy recommendation and enforcement; authentication; user-centred monitoring and review of privacy). OPERANDO therefore takes us further into the area of complex and secure data management, opening up future opportunities in health- and social care.

Project Fact Sheet

The OPERANDO project is a 35 month project funded by the EC H2020 framework programme.

Coordinator: Oxford Computer Consultants, UK
Website: http://www.operando.eu
Twitter: @OperandoH2020

European emblem This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 653704.