Protecting sensitive data in the cloud-to-edge continuum: The FogProtect approach

Data produced by end devices like smartphones, sensors or IoT devices can be stored and processed across a continuum of compute resources, from end devices via fog nodes to the cloud, enabling reduced latency, increased processing speed and energy savings. However, the data may be sensitive (e.g., personal data or confidential commercially sensitive information), with regulatory or other requirements for its protection. Protecting sensitive data in the dynamic, heterogeneous, and decentralized cloud-to-edge continuum is very challenging. This paper describes a solution: FogProtect, an integrated set of four technologies to protect data in the cloud-to-edge continuum. FogProtect addresses four concerns: (i) control and enforcement of distributed data access and usage; (ii) management of distributed data protection policies; (iii) risk assessment for data assets in the cloud-to-edge continuum; (iv) automated optimisation and adaptation to address identified risks. FogProtect operates dynamically, reacting to system changes or detected vulnerabilities to keep the data secure across the cloud-to-edge continuum. This paper describes an overview of the FogProtect concept, discusses each of the four approaches, and illustrates their usage for the protection of data in three real-world use cases.