Abstract: Besides traditional on-premise or virtual data centers, a growing number of companies process their data in cross-border cloud environments. The taxation of such companies is a highly regulated task. As a result, protecting sensitive data is of utmost importance, while also keeping records available on their whereabouts due to potential requests from financial authorities. The same challenges can be observed in other business areas, such as the health sector, with sensitive patient data. This paper presents early design considerations on how to orchestrate cloud services while being able to comply with existing laws and regulations. To this end, a coherent architecture is outlined and key building blocks are explained in detail. In order to validate compliance with the orchestration-specific designs, the architecture must be set up to create appropriate compliance enforcement strategies.
To comply with the laws and regulations explicitly, the authors introduce initial design considerations on the high-level architecture to orchestrate a cross-border data pipeline in a compliant manner. Further, the key components of the architecture are discussed. In general, compliance verification measures need to be reusable on different data flows without additional manual effort. Such measures can be captured in a compliance enforcement strategy, which must be preconfigured for every set of compliance requirements. Authors envision that in order for information that flows between blocks of a data flow to be compliant, it has to conform to associated strategies, just like how a business process is expected to follow a business process model. Cloud computing has raised new opportunities and challenges for information and knowledge management. Due to the availability of ever greater computational resources and data, the development of ever more complex algorithms and statistical data analysis methods, data-driven decision making is on the rise. Compliance with existing regulation frameworks is a key challenge when building and operating cross-border data pipelines.

Keywords: Data Security, Regulatory Compliance, Cross-Border Data Transfer, Secure Data Pipelines, Data Encryption, Tax Consulting, GDPR Compliance, Data Sovereignty, Audit Trails, Data Governance, PII Protection, Real-Time Monitoring, Compliance Automation, Cloud Security, International Tax Regulation

Downloads: | DOI: 10.17148/IJIREEICE.2020.81208