Background and motivation

Cloud computing is increasingly a necessary strategical ICT infrastructure component for European companies to successfully compete in the world-wide economy. The advantages of renting ICT infrastructures, platforms, and services, with easy access to scalability and elasticity, are driving an ever accelerating transfer toward the cloud of data and applications. Unfortunately, such a convenience comes at the price of the data owners losing control over their own data and any consequent misuse or security threats on them, which often limit the owner's adoption of the cloud's potential capabilities. On one hand, cloud providers can be assumed to employ basic security mechanisms for protecting data in storage, processing, and communication, devoting resources to ensure security that many medium and small companies may not be able to afford. On the other hand, data owners, when relying on the cloud, lose control over data and their processing, hence leaving them potentially exposed. Today data owners have to choose between having security but limited functionality or fully enjoying functionality but compromising on security and privacy guarantees. This situation has a strong detrimental impact on the adoption and acceptability of cloud services. Data owners may refrain from relying on the cloud for certain data, which they consider more sensitive or critical, or they use the cloud but remain exposed to the consequences of improper protection and control. 


The goal of ESCUDO-CLOUD

ESCUDO-CLOUD aims at empowering data owners as first class citizens of the cloud. ESCUDO-CLOUD provides effective and deployable solutions allowing data owners to maintain control over their data when relying on Cloud Service Providers (CSPs) for data storage, processing, and management, without sacrificing on functionality.


ESCUDO-CLOUD provides security by wrapping the data with a protection layer; this operates with associated metadata and access methods that enable fine-grained data retrieval, access support, and selective sharing to the owner and authorised users, while protecting data and actions on them from the providers.