Towards enforcement of location compliance in cloud computing using policy

With the success of cloud computing, many companies are considering to put their own applications and data into the cloud. In a 2010 survey by KPMG on decision makers, 59% of the with 125 respondents agree with the statement that cloud computing is the future model of IT. But also a 76% majority of participants consider security issues to be their main concern regarding the use of cloud computing.

Cloud customers give away the control on their data, it is unknown where their data will be located, how often it is replicated, which security measures are taken etc.

To give customers more control about their data, it is desired to be able to enforce these client demands continually using policies that are attached to data. The research will focus mainly on the task of the cloud
service provider, the SaaS and PaaS level, and storage location restrictions as one of the demands in the policies.
The research tries to answer the research question: How to use customer demand policies to enforce compliancy by cloud service providers?

An important focus and example of a customer demands is the
location where data may be stored. The result of the research will be a guideline or a process description for the cloud service provider, describing how to comply to the demands of the customer, and how to prove this.