2018 8th International Conference on Computer Science and Information Technology (CSIT) ISBN: 978-1-5386-4152-1

Cloud Computing: Legal and Security Issues

Mohammad Abdallah
Hussam Hourani
Faculty of Science and IT
Faculty of Science and IT
Al Zaytoonah University of Jordan
Al Zaytoonah University of Jordan
Amman, Jordan
Amman, Jordan
m.abdallah@zuj.edu.jo
hussam.hourani@gmail.com

Abstract— Cloud Computing is a new era that helps the services cloud providers. In this case, the licenses can be
organizations to move fast and adopts different services that adopted as per User or Entity.
accelerate building and hosting their services and reach
customers and third parties quickly. However, there are
challenges related to Cloud Computing that the Services
Providers must consider and implement. This paper highlights
the Cloud Computing Legal, Contractual and Security
challenges. In addition, it gives some suggested solutions for
some of the highlighted key challenges.

Keywords—Cloud Computing, Legal, Contractual, Security.

I. INTRODUCTION
Cloud Computing is defined as a large-scale distributed
computing paradigm. It is becoming an important topic for
businesses and organizations, where different types of
services are provided in a competitive time frame over the Figure 1. Cloud Services Model
internet, which accelerates operating the businesses to
deliver faster and to scale up in a competitive timeframe.
B. Cloud Deployment Models
Cloud Computing offers Cost Reduction (pay-per-use),
Maintenance, Enhance Productivity, Scalability, and There are three deployment models in Cloud Computing
Elasticity for Businesses.[1] as shown in Figure 2.
Few important topics are highlighted hereafter which
give an overview of cloud main concepts and architectures
and then address some legal, contractual and security and
data privacy issues related to Cloud Computing.

A. Cloud Computing Service Models

Cloud Computing offers the following three main
services:
 Infrastructure as a Service (IaaS): in this type,
infrastructure is provided as a service to clients,
where the client handles all software and application
installed on the provided infrastructure. The usage
time of CPU is measured, and the storage usage and
data transfer are measured per gigabyte.
 Platform as a Service (PaaS): By Using PaaS, the
clients develop their application on the provided
platforms and toolkits that are hosted by the Cloud.
 Software as a Service (SaaS): The client in this model
will be using the Software that is provided and hosted
Figure 1 highlights these services by the client side. A
client can choose which Model to adopt based on Business
Needs, Technical requirements, Nature of the business, the
criticality of their data, the associated security needs and
Hardware/Software/Connectivity related requirements
maintaining the Integrity of the customer’s Specifications. by
Figure 2. Cloud Deployment Model
 Private Cloud: this Model delivers services from a
business's data center to a specific organization and
the organization members only. Other organization
cannot access the services [2,10].
 Public Cloud: in this Model, the services are given by
specific provider and mostly being used on the basis
of pay per use. In addition, the third party will
manage the resources and services across
organizations [10].
 Hybrid Cloud: This model offers a combination of
public cloud services and private cloud, with
orchestration and automation between the two models
[2].

978-1-5386-4152-1/18/$31.00 ©2018 IEEE 13

2018 8th International Conference on Computer Science and Information Technology (CSIT)
C. Cloud computing basic components
The basic components on which cloud computing
deployed are as shown in Figure 3, as following [3]:
Figure 3. Basic Cloud Computing Components
1) Virtualization: Creates the virtual instance of the
resource such as operating system, servers,.etc.
2) Multi-tenancy: Shares multi customers and users
resources or applications to optimal utilization.
3) Cloud storage: Maintained, managed, and backed up
storage remotely
4) The hypervisor: Run on a single hardware host to
manage and monitors the various operating systems.
5) Cloud Network: Provides the connectivity over the
datacenters and the internet
6) Platforms: Environment setup and tools.
II. CLOUD COMPUTING LEGAL AND CONTRACTUAL
CHALLENGES
As Cloud computing serves in cross counties and regions,
and as it is new technology that has dynamic complex
aspects, the dynamic legal environment affects both public
and privates laws. Protecting the rights of the customers and
service providers becoming a key challenge for Cloud
computing. The regulations and law must be efficient and
fair for both parties. The complexity comes from the Cloud
Computing dynamic environment in cross counties and
regions, where each county has its law and regulations and
jurisdiction. All parties including Service providers,
Customers, and the third parties must craft the contracts and
align with the law so that the whole setup work successfully
during the implementation and future upgrades and support
[11].
Many key questions related to law and regulations might
cause serious issues like what happens in case of provider
bankruptcy? What is the Auditing Requirement? what is the
data retention obligations? [11]
A. Cloud Computing Legal and regulatory challenges
As per the natural of Cloud Computing architecture and
the Technology Models, there are substantial legal aspects to
be taken into consideration for the provisions of Cloud
Computing services. Figure 4 shows the main Legal
challenges for Cloud computing.
978-1-5386-4152-1/18/$31.00 ©2018 IEEE
ISBN: 978-1-5386-4152-1
Figure 4. Legal Challenges
The following are the Key issues to highlight:
 Applicable law and jurisdiction: The issue is related
to the identification of Cloud Computing applicable
rules, policies, regulations and laws and competent
jurisdictions for the provided services in the related
counties and regions. This can be addressed mainly
by the geographical location of the stakeholders
involved, and the rights and obligations of each
stakeholder are determined by applicable regulations
in the relevant country. There might be also some
special regulations or polices or rules to handle the
data flow across borders and the different related
jurisdictions to craft rules [5, 11].
 Handling disputes in the cloud: This issue addresses
the accountability between the different entities and
how to handle the reinforce trust between customs
and Cloud Computing services providers. Due to the
nature and unique characteristics of Cloud
Computing services, it might be difficult to identify
the competent related jurisdiction between countries
and regions. This issue has been handled in some
regions like in Europe by assigning a specific
regulator entity who can handle the disputes, but
still, this is inside Europe and not comprehensive and
not applicable outside Europe [5, 11].
 Politics and Governments Relationships: This issue
addresses the changes of the governments’
relationships and politics between countries and the
effect of the relationship changes on the Cloud
Computing that serves the relevant countries and the
scope of the regulation and the laws to govern these
changes. An example for this: if the relationship
between two counties has been suspended due to
some political issues or others, and if the Cloud
Computing Services Provider is in one of the
counties and the client is in the other, what will
happen and what regulations and law are there to
protect the both client’s and the service provider’s
rights? One of the solutions for this is to have an
14
2018 8th International Conference on Computer Science and Information Technology (CSIT) ISBN: 978-1-5386-4152-1

independent regulatory that govern the Cloud III. CLOUD COMPUTING SECURITY
Computing worldwide, however this need a lot of Security is the most complex challenge in a distributed and
efforts and international interference to establish this multi-tier architecture environment, and therefore is a key
governance body and to craft the rules and challenge in Cloud computing. Figure 5 shows the major
regulations related to Cloud Computing services. security concepts of Cloud Computing [3, 9, 10]:
In general, there are some related Cloud computing
regulations and law in regions like Europe which are
substantially more restrictive than regulations and laws in
other regions. More regulations and policies across counties
and regions need to take care of Cloud Computing to secure
and govern the relationship between all parties including
services providers, customers, and the engaged third parties.
Creating an independent regulatory body that govern the
Regulations and laws of Cloud Computing over countries is
crucial to protect both Services providers and the clients.

B. Cloud Computing Contractual Provisions

The Scope and the Quality and all terms and conditions
of the services must be agreed between the service provider,
the customer, and the third parties. The agreement can be
achieved through a detailed Service Level Agreements
(SLAs). It is very important to align the SLAs with the
relevant counties regulations and laws to make sure that all
SLAs terms and conditions are fully in the range of the
regulations. [5, 11].
The following are some key challenges that must covered
in the Contract, SLAs and any legal documents signed
between both Services provider and Clients:
 legal framework robustness: is the legal framework
robust enough to cover to the flexibility in cloud
computing solutions and services, this is when
customer for example requires to scale up and
upgrade in the short or long run. The Legal
framework must adopt the agreements flexibility of
cloud computing and must serve the terms and
conditions associated with the agreements. [5]
 Data-Flows over borders: it is important to highlight
how countries laws and regulations have addressed
the problem of data flows over borders, and how to
reflect this in the related contracts, SLAs and legal
documents between service providers and their
customers under the scope of specific jurisdiction.
[5, 11].
 Cloud Computing Services Catalog : It is
recommended to organize the Cloud Computing
services into some-how a Services Catalog so that
customers can choose well-defined and clear service
packages from the offering catalog
 Liability limitations: A critical topic to highlight is
that there might be a Cloud Computing contracts
limit the liability of hosting provider to a level that is
not in line with the potential risk. This need to be
thoroughly addressed in contracts. [11]
The above challenges and the proposed solution must be
taken in consideration to have a solid agreement between
both parties the service provider and the clients
Figure. 5. Cloud Security Concepts
A. Cloud Computing provider’s security obligations and
cybercrime
The main issue to question: is Cloud Computing services
robustness, reliability, availability, and security are crucial
for customers to go with this technology? Protecting the
customer’s data against accidental loss or theft by third
parties is a key driver for Cloud to move forward and for
clients to adopt this business Model. To handle this issue:
 Legal terms and measures will need to be considered
to meet the security requirements imposed by the
Data Protection Area.[5,11]
 Cloud service providers need to be able to
collaborate efficiently with law enforcement bodies
and related entities.[5,11]
 Effective international collaboration between all
parties and legal bodies must be in place.[5,11]
B. A proposed solution for Security and data privacy
issues
Some researchers recommended to solve the security
requirements by providing effective governance, better
encryption techniques, disaster and backup recovery
management and a scheme for secure virtualization in the
cloud system, apply comprehensive security policy and
Service Level Agreement (SLA) [3, 6, 10].
Silva [4] proposed a software architecture that proved to
be viable from experiments with techniques such as
homomorphic encryption and hardware security extensions
by using Intel SGX(Software Guard eXtensions) as shown in
figure 6.

978-1-5386-4152-1/18/$31.00 ©2018 IEEE 15

2018 8th International Conference on Computer Science and Information Technology (CSIT)
Figure 5. Proposed Solution
For homomorphic encryption, the main advantage
identified was the viability to implement in any environment,
although it is less efficient [4, 7].
Intel SGX used for the first time in a cloud computing
orchestrator yields much lower response times and allows
performing various forms of computation on data, but it
demands a specific infrastructure from the service
provider.[4]
This proposed architecture is applicable for both private
and public deployment models
There are many other security techniques and
architecture that are adopted nowadays that might sort out
the security issues and the data protection. However, this is
still un-mature topic that needs to be taken care in the short
and long run.
IV. CONCLUSION
In this paper, we highlighted the main issues of Cloud
Computing and some key challenges related to Legal,
contractual and Security issues. Cloud Computing services
providers must secure the key issues related to Data Privacy,
Security and align with Legal and Regulations aspects of the
Cloud Computing. A collaboration between services
provides, customers and Legal bodies in all regions and
across countries are essential to succeed going forward for
businesses to adopt the Cloud Computing technology in
organizations. Reform of the current rules, regulations,
policies, and law is critical as early as possible to avoid any
major failures for Cloud Computing implementations in the
short and long run. This is a key driver for Cloud
Computing expansion and continuity.
The geographical location of the stakeholders involved,
and the rights and obligations of the stakeholders are
determined by applicable regulations in the relevant
countries, so it is important to align with the relevant
978-1-5386-4152-1/18/$31.00 ©2018 IEEE
ISBN: 978-1-5386-4152-1
counties regulations and make sure that all terms and
conditions in Cloud Computing agreements are covered by
the law.
Creating an independent regulatory body that govern the
Regulations and laws of Cloud Computing over countries is
crucial to protect both Services providers and the clients.
The future work will focus on the Legal and Regulations,
Security and Data Privacy issues related to Cloud computing
across regions and countries to facilitate the rules and
policies within a legal frameworks. This will secure the
organizations and business and encourage them to adopt
Cloud Computing technology in the future.
V. REFERENCES
[1] Moghe, U., Lakkadwala, P., & Mishra, D. K. (2012). Cloud
computing: Survey of different utilization techniques. 2012 CSI Sixth
International Conference on Software Engineering (CONSEG).
doi:10.1109/conseg.2012.6349524.
[2] Bokhari, M. U., Makki, Q., & Tamandani, Y. K. (2017). A Survey on
Cloud Computing. Advances in Intelligent Systems and Computing
Big Data Analytics, 149-164. doi:10.1007/978-981-10-6620-7_16.
[3] Singh, S., Jeong, Y., & Park, J. H. (2016). A survey on cloud
computing security: Issues, threats, and solutions. Journal of Network
and Computer Applications, 75, 200-222.
doi:10.1016/j.jnca.2016.09.002.
[4] Silva, L. V., Barbosa, P., Marinho, R., & Brito, A. (2018). Security
and privacy aware data aggregation on cloud computing. Journal of
Internet Services and Applications, 9(1). doi:10.1186/s13174-018-
0078-3.
[5] Robinson, N., Valeri, L., Cave, J., Starkey, T., Graux, H., Creese, S.,
& Hopkins, P. (2011). The Cloud: Understanding the Security, Privacy
and Trust Challenges. Santa Monica: RAND Corporation..
[6] Kumar, M. M., & Vijayan, R. (2017). Privacy authentication using key
attribute-based encryption in mobile cloud computing. IOP
Conference Series: Materials Science and Engineering, 263, 042069.
doi:10.1088/1757-899x/263/4/042069
[7] Hayward, R., & Chiang, C. (2015). Parallelizing fully homomorphic
encryption for a cloud environment. Journal of Applied Research and
Technology, 13(2), 245-252. doi:10.1016/j.jart.2015.06.004
[8] Chandramohan, D., Vengattaraman, T., & Dhavachelvan, P. (2017). A
secure data privacy preservation for on-demand cloud service. Journal
of King Saud University - Engineering Sciences, 29(2), 144-150.
doi:10.1016/j.jksues.2015.12.002
[9] Deshmukh, P. (2017). Design of cloud security in the EHR for Indian
healthcare services. Journal of King Saud University - Computer and
Information Sciences, 29(3), 281-287.
doi:10.1016/j.jksuci.2016.01.002
[10] Sukumaran, S. C., & Mohammed, M. (2018). PCR and Bio-signature
for data confidentiality and integrity in mobile cloud computing.
Journal of King Saud University - Computer and Information
Sciences. doi:10.1016/j.jksuci.2018.03.008
[11] Gordon, D. G. (2016). Legal Aspects of Cloud Computing.
Encyclopedia of Cloud Computing, 462-475.
doi:10.1002/9781118821930.ch38
16