ENISA and Cloud Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ENISA and Cloud Security"

Transcription

1 ENISA and Cloud Security Dimitra Liveri NIS Expert EuroCloud Forum 2015 Barcelona European Union Agency for Network and Information Security

2 Securing Europe s Information Society Operational Office in Athens 2

3 Positioning ENISA activities 3

4 Agenda Benefits of Cloud Computing Risks in Cloud Computing ENISA Activities in Cloud Security ENISA tools Risk Assessment for SMEs Cloud Certification Schemes List Next steps 4

5 Cloud Computing is a Business model Cloud Computing is another way of providing IT services Characteristics are - Highly standardized services - Highly standardized SLAs Using such a service is outsourcing Cloud SLAs are usually much more standardized than in other outsourcing contracts 5

6 Cloud Computing is a Deployment Model Cloud computing is a deployment model Information processing - In a shared environment - using shared computing resources Resources can be quickly scaled to meet changed demand Cloud deployments are usually much more standardized and automated than legacy IT Cloud is a deployment model Google / Conny Zhou 6

7 Cloud Opportunities Economies of Scale Better ROI Cost of security spread to all customers Efficient solutions More efficient resource utilization also means cost savings High Resiliency Better back up services Better business recovery Standardised solutions Better patch management Better software update management Portable and interoperable 7

8 Cloud Challenges Isolation Failures control resides to the cloud provider Loss of Governance Customer cedes some control to the provider (depending on the deployment model) This also affects security Management GUI and API compromise Identity and access management are particularly important Full access to all resources (keys to many kingdoms) Data protection The CSP usually becomes data processor in terms of DP legislation Data processing in datacentres abroad can imply that certain DP requirements cannot be met in the Cloud Presentation Title Speaker Name 8

9 Differences in Requirements for Governments vs. Companies Private Sector Difference depending on the scale i.e. Large companies and SMEs Investment from cost perspective Public Sector Legacy Data Legacy Applications Legacy Processes Special information assurance requirements EASIER TO MAKE THE RIGHT DECISION NEEDS MORE TIME TO ADOPT 9

10 ENISA s work in the area of Cloud 2009 Cloud computing risk assessment 2009 Cloud security Assurance framework 2012 Procure secure (Security in SLAs) 2013 Critical cloud computing 2013 Incident reporting for cloud computing 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy 2014 Cloud Certification Meta-Framework 2014 Procurement security in GovClouds 2015 Cloud Security guide for SMEs 10

11 ENISA engages the community ENISA Cloud Security and Resilience experts group 11

12 Cloud Computing Risk Assessment Addressed to: public sector, private sector (large companies and SMEs), governmental agencies 12

13 Risk Assessment in the Cloud Famous 2009 Guide Updated in 2012 Security Guide for SMEs

14 Security guide for SMEs Small and medium size enterprises (SMEs) are an important driver for innovation and growth in the EU Cloud Computing is a means for innovation, but cloud is for the SMEs still a challenge. ENISA in this study presents: - 11 security opportunities (compared to legacy IT benefits) - 11 security risks (compared with legacy IT risks) - 12 security questions for the SME to ask the provider (in one security cheat sheet - 2 comprehensive scenarios - Some legal advice 14

15 and online tool Where you can: rate your opportunities from cloud rate your risks produce a risks map get your security questions 15

16 Governmental Clouds Addressed to: public sector, governmental agencies 16

17 Governmental Cloud reports (1/2) 2010: Guide on security and resilience for Governmental Clouds Presentation of the security benefits and drawbacks for the public sector to go in the cloud First steps need to be done towards taking the decision to go cloud 2013: Good practice guide on how to securely deploy Governmental Clouds Definition of a governmental cloud (in a mature market) State of cloud computing adoption in the EU public sector Case studies of different approaches in adopting a cloud solution 17

18 Governmental Cloud reports (2/2) 2014: Security Framework for Governmental Clouds 4 phases, 10 different steps and the specific actions to be taken in each one 4 use case scenarios to find the solutions that better fits each implementation Presentation Title Speaker Name 18

19 Critical Clouds Addressed to: private sector, (public sector in some cases) 19

20 ENISA s Critical Cloud Study First assessment of CIIP aspects of Cloud computing Illustrates dependencies and provides examples for failures Provides recommendations for Cloud security governance from the CIIP perspective Conclusions can be applied to Governmental Cloud usage 20

21 Incident Reporting for Cloud Computing Cloud computing incidents could have major impact. Large scale incidents should be reported to improve trust Public sector and industry should agree on scope and thresholds of reporting. ENISA suggests a model for incident reporting of cloud incidents involving CSPs and regulators. 21

22 Cloud in the Critical Sectors Critical Clouds Cloud Computing in the Finance Sector Cloud supporting Health care systems and services Cloud supporting egovernment 22

23 Good Practices for the use of Cloud Computing in the area of Finance Sector Identification of critical challenges to cloud computing adoption in the Finance sector Assess legal and regulatory context (challenges and opportunities) in all member states Support industry and understand their uptake why do some use and some don t use cloud Propose recommendations 23

24 Cloud Certification Addressed to: private sector - large companies and SMEs, (public sector and governmental agencies in some cases) 24

25 The EU Cloud Strategy EU should not only be cloud-friendly, but also cloud active The European Commission s strategy Unleashing the potential of cloud computing in Europe Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy Cutting through the jungle of technical standards Development of model safe and fair contract terms and conditions A European Cloud Partnership to drive innovation and growth from the public sector I am pleased that ETSI launched and steered the Cloud Standards Coordination (CSC) initiative in a fully transparent and open way for all stakeholders....ensuring technical security requirements are mapped onto certification, as ENISA is leading... we officially launch the platform for public sector cooperation with this "Cloud for Europe" initiative. This is an enormous step forward. Neelie Kroes, European Commissioner for the Digital Agenda Oct

26 ENISA realising the EU Cloud Strategy: Certification Strategic objective of EC Strategy: List of voluntary certification schemes Cloud Certification Schemes List (CCSL): List of existing certification schemes 13 Certification schemes included Powered by ENISA, supported by the EC and the Cloud Selected Industry Group (C-SIG) Cloud Certification Schemes Metaframework (CCSM): Meta-framework based on existing certification schemes Mapping detailed ICT security requirements of the public sector in the EU (11 countries and more will come) Matrix will results to be used for procurement Visit: https://resilience.enisa.europa.eu/cloud-computing-certification 26

27 How we draw CCSM Country A Country B Security requirement Security requirement Security requirement Security requirement Security requirement Security requirement Security requirement Security requirement CCSM Security objectives Security objective Security objective Security objective Security objective Security objective Requirements not covered by CCSM or existing certification schemes remain to be evaluated separately. Cloud Certification Scheme Cloud Certification Scheme Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref Scheme ref 27

28 Next steps Ex-post analysis of cloud incidents (early 2016) EU perspective on ex post analysis (forensics) for cloud incidents: 8 countries(it, ES, IE, NL, GR, FR, EE, UK): Academia, LEAs, Forensics Specialists, CERTs. Challenges, procedures, tools, legal restrictions ICT in e-health (2016) Challenges and opportunities of ICT deployments in ehealth (medical records, patient records etc) Cloud computing use case in ehealth Big data use case in e Health 28

29 Thank you and Welcome! PO Box 1309, Heraklion, Greece Tel:

ENISA and Cloud Security

ENISA and Cloud Security ENISA and Cloud Security Rossen Naydenov Network Information Security Officer Critical Information Infrastructure Protection Department - ENISA European Union Agency for Network and Information Security

More information

ENISA and Cloud Security

ENISA and Cloud Security Click icon to add picture Click icon to add picture ENISA and Cloud Security Dimitra Liveri NIS Expert EuroCloud Forum 2015 Barcelona 07-10-2015 European Union Agency for Network and Informaton Security

More information

Cloud and Critical Information Infrastructures

Cloud and Critical Information Infrastructures Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information

More information

Cloud Computing - Cyber Security Challenges for the Finance Sector

Cloud Computing - Cyber Security Challenges for the Finance Sector Cloud Computing - Cyber Security Challenges for the Finance Sector Dr. Evangelos Ouzounis Head of Unit Secure Infrastructures and Services - ENISA European Union Agency For Network And Information Security

More information

Cloud Computing - Cyber Security Challenges

Cloud Computing - Cyber Security Challenges Cloud Computing - Cyber Security Challenges for the Finance Sector Dr. Evangelos Ouzounis Head of Unit Secure Infrastructures and Services - ENISA European Union Agency For Network And Information Security

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

European Cloud. Computing Strategy. State of play: 1-2014. Ken Ducatel DG CONNECT

European Cloud. Computing Strategy. State of play: 1-2014. Ken Ducatel DG CONNECT European Cloud State of play: 1-2014 Computing Strategy Ken Ducatel DG CONNECT What is at stake? Cloud as a growth engine Boost GDP : 940 bn cumulative impact for 2015-2020 250bn in 2020 Boosts productivity

More information

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012 ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was

More information

Prof. Udo Helmbrecht

Prof. Udo Helmbrecht Prof. Udo Helmbrecht Guiding EU Cybersecurity from Policy to Implementation Udo Helmbrecht Executive Director Information Security for the Public Sector 2015 Stockholm 02/09/15 European Union Agency for

More information

European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT

European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT European Cloud Computing Cloud standards Strategy Ken Ducatel DG CONNECT The Cloud Computing Strategy The European Commission's strategy 'Unleashing the potential of cloud computing in Europe' Adopted

More information

CIIP : ENISA s Role in Assisting Member States

CIIP : ENISA s Role in Assisting Member States CIIP : ENISA s Role in Assisting Member States Steve Purser Head of Core Operations SEDE Committee Brussels 21 April 2016 European Union Agency for Network and Information Security ENISA ENISA was formed

More information

European Cloud Computing Strategy

European Cloud Computing Strategy European Cloud Computing Strategy Key actions and state of play Jorge GASOS DG Connect, European Commission Jorge.Gasos@ec.europa.eu Impact on providers and users Cloud services: market forecast Supply

More information

European priorities in information security

European priorities in information security European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria

More information

Security and privacy standardization for the SME community

Security and privacy standardization for the SME community Security and privacy standardization for the SME community NLO meeting, Athens, March 4th 2015 European Union Agency for Network and Information Security www.enisa.europa.eu PROJECT CONTEXT European Union

More information

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security Cloud Security Standardisation & Certification Arjan de Jong Policy Advisor Information Security Overview Economics of standardization and certification (EU) Legal requirements for (cloud) security International

More information

National-level Risk Assessments

National-level Risk Assessments European Union Agency for Network and Information Security www.enisa.europa.eu Executive summary This report is based on a study and analysis of approaches to national-level risk assessment and threat

More information

Procurement Innovation for Cloud Services in Europe - PICSE

Procurement Innovation for Cloud Services in Europe - PICSE Procurement Innovation for Cloud Services in Europe - PICSE Sara Garavelli, Trust-IT Services s.garavelli@trust-itservices.com ICT Proposer s Day, 9 October 2014, Florence, Italy 1 The road to PICSE Cloud

More information

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013 EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber

More information

Some Public Sector Cloud Views

Some Public Sector Cloud Views Some Public Sector Cloud Views Herbert.Leitold@a-sit.at Digital Enterprise Europe, London, June 11 th, 2014 Zentrum für sichere Informationstechnologie - Austria Expectations and Take Up some are high

More information

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud

More information

Demystifying cloud computing for SMEs

Demystifying cloud computing for SMEs Demystifying cloud computing for SMEs Tools & Guides for SMEs moving to the Cloud Silvana Muscella, Founder and CEO Trust-IT Services Ltd s.muscella@trust-itservices.com @silvanamuscella www.cloudwatchhub.eu

More information

Cooperation in Securing National Critical Infrastructure

Cooperation in Securing National Critical Infrastructure Cooperation in Securing National Critical Infrastructure Dr. Steve Purser Head of Core Operations Department European Network and Information Security Agency Agenda About ENISA Protecting Critical Information

More information

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' EUROPEAN COMMISSION Brussels, 2.7.2014 SWD(2014) 214 final COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying

More information

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation

More information

An SME perspective on Cloud Computing November 09. Survey

An SME perspective on Cloud Computing November 09. Survey An SME perspective on Cloud Computing November 09 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA

More information

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt Cyber European Union Security Agency for Network Energia, and Informa8on Rome, Security 24/09/15

More information

Security Framework for Governmental Clouds

Security Framework for Governmental Clouds Security Framework for Governmental Clouds European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA)

More information

Berlin, 15 th November 2013. Mark Dunne SaaSAssurance

Berlin, 15 th November 2013. Mark Dunne SaaSAssurance Berlin, 15 th November 2013 Mark Dunne SaaSAssurance SaaSAssurance guidance to Irish Government on Cloud Adoption Who are SaaSAssurance? Diverse multilingual European team Focus on the here and now Digital

More information

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 paolo.balboni@bakernet.com Introduction & Structure ENISA Working Group

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

Cloud Computing. and the European Strategy. State of play: 12-2013. Dan-Mihai CHIRILĂ DG CONNECT

Cloud Computing. and the European Strategy. State of play: 12-2013. Dan-Mihai CHIRILĂ DG CONNECT Cloud Computing State of play: 12-2013 Dan-Mihai CHIRILĂ DG CONNECT and the European Strategy Cloud: an elastic execution environment of resources involving multiple stakeholders and providing a metered

More information

Cloud Computing Security ENISA. Daniele Catteddu, CISM, CISA. DigitPA egovernment e Cloud computing. www.enisa.europa.eu

Cloud Computing Security ENISA. Daniele Catteddu, CISM, CISA. DigitPA egovernment e Cloud computing. www.enisa.europa.eu Cloud Computing Security ENISA Daniele Catteddu, CISM, CISA DigitPA egovernment e Cloud computing Agenda Introduction to ENISA ENISA objectives in Cloud computing Reaching the objectives Benefits, risks

More information

The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service

The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service Introduction and overview of the workshop Alex Delis and Michael Pantazoglou, University of Athens www.sucreproject.eu

More information

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups For Discussion on 27 May 2014 Paper EGCCSS-6-3 Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups Purpose To propose the setting up of two Working Groups under

More information

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA. evangelos.ouzounis@enisa.europa.eu

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA. evangelos.ouzounis@enisa.europa.eu Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA evangelos.ouzounis@enisa.europa.eu 5 th German Anti-Spam Summit Koeln, 5 th of Sept. 2007 www.enisa.europa.eu 1 Agenda NIS a Challenge for the

More information

ENISA Cloud Computing Security Strategy

ENISA Cloud Computing Security Strategy ENISA Cloud Computing Security Strategy Dr Giles Hogben European Network and Information Security Agency (ENISA) What is Cloud Computing? Isn t it just old hat? What is cloud computing ENISA s understanding

More information

National Cyber Security Strategies

National Cyber Security Strategies May 2012 National Cyber Security Strategies About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is

More information

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union Council of the European Union Brussels, 4 July 2014 (OR. en) 11603/14 ADD 1 COVER NOTE From: date of receipt: 2 July 2014 To: No. Cion doc.: Subject: RECH 323 TELECOM 140 MI 521 DATAPROTECT 100 COMPET

More information

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA ViS!T - Verwaltung integriert sichere Informationstechnologie, Wien, 29.10.2014 European Union Agency

More information

The European CYberSecurity cppp ECYS Draft Proposal

The European CYberSecurity cppp ECYS Draft Proposal The European CYberSecurity cppp ECYS Draft Proposal 12 April 2016 The urgency to act We cannot miss the window opportunity for budgetary reasons: create a synergy among the different EC budgets via the

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

Summary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions

Summary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions Summary Report Report # 1 Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions COINS Summer School 2015 on Could Security Prepared by: Nabeel Ali

More information

Cloud Computing Security ENISA. Daniele Catteddu, CISM, CISA. Convegno Associazione Italiana Information Systems Auditors. www.enisa.europa.

Cloud Computing Security ENISA. Daniele Catteddu, CISM, CISA. Convegno Associazione Italiana Information Systems Auditors. www.enisa.europa. Cloud Computing Security ENISA Daniele Catteddu, CISM, CISA Convegno Associazione Italiana Information Systems Auditors Agenda Introduction to ENISA ENISA objectives in Cloud computing Reaching the objectives

More information

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape

More information

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Trust and Security Unit DG Communica5ons Networks, Content and Technology

More information

ENISA TRAINING. Tentative agenda for workshop. Supported and co- organised by: TLP WHITE JANUARY 2016

ENISA TRAINING. Tentative agenda for workshop. Supported and co- organised by: TLP WHITE JANUARY 2016 ENISA TRAINING Tentative agenda for workshop Supported and co- organised by: TLP WHITE JANUARY 2016 www.enisa.europa.eu European Union Agency For Network And Information Security Tentative agenda for the

More information

ICT 7: Advanced cloud infrastructures and services

ICT 7: Advanced cloud infrastructures and services ICT 7: Advanced cloud infrastructures and services Jorge GASOS DG CONNECT Jorge.Gasos@ec.europa.eu Cloud Computing: a fast growing market Cloud Computing - EU27 Global cloud computing market 8000 7000

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Standards Coordination Final Report November 2013 VERSION 1.0

Cloud Standards Coordination Final Report November 2013 VERSION 1.0 November 2013 VERSION 1.0 Executive Summary The European Commission Communication on the European Cloud strategy identifies a key action for standardisation in this context: Key action 1: Cutting through

More information

Cyber Europe 2012. Key Findings and Recommendations

Cyber Europe 2012. Key Findings and Recommendations Cyber Europe 2012 December 2012 On National and International Cyber Exercises S I Acknowledgements ENISA wishes to thank all persons and organisations which have contributed to this exercise. In particular,

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

European Union Agency for Network and Information Security ENISA ANNUAL REPORT European Union Agency for Network and Information Security ENISA ANNUAL REPORT 2013 Europe Direct is a service to help you find answers to your questions about the European Union. Freephone number (*):

More information

ehealth in support of safety, quality and continuity of care within and across borders

ehealth in support of safety, quality and continuity of care within and across borders ehealth in support of safety, quality and continuity of care within and across borders Gerard Comyn Acting Director Information Society & Media DG European Commission http://europa.eu.int/information_society/activities/health/index_en.htm

More information

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT - Research and Innovation of the NIS Platform 8 April

More information

CLOUD COMPUTING Contractual and data protection aspects

CLOUD COMPUTING Contractual and data protection aspects CLOUD COMPUTING Contractual and data protection aspects Cloudscape VI 25 February 2014, Bruxelles Paolo Balboni Ph.D., Founding Partner, ICT Legal Consulting Domenico Converso LL.M., Senior Associate,

More information

The role of certification and standards for trusted Cloud solutions

The role of certification and standards for trusted Cloud solutions The role of certification and standards for trusted Cloud solutions A CloudWATCH webinar 2014 Cloud Security Alliance - All Rights Reserved. Agenda 15:00 Welcome and Introduction 10 15:10 The role of

More information

Cloud Security Incident Reporting

Cloud Security Incident Reporting European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information

More information

EU policy on Network and Information Security and Critical Information Infrastructure Protection

EU policy on Network and Information Security and Critical Information Infrastructure Protection EU policy on Network and Information Security and Critical Information Infrastructure Protection Andrea SERVIDA European Commission Directorate General Information Society and Media - DG INFSO Unit A3

More information

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

ENISA workshop on Security Certification of ICT products in Europe

ENISA workshop on Security Certification of ICT products in Europe ENISA workshop on Security Certification of ICT products in Europe Introduction On 16th of March 2016 ENISA organised a workshop aiming at bringing together stakeholders from the ICT security certification

More information

Standards for Cyber Security

Standards for Cyber Security Best Practices in Computer Network Defense: Incident Detection and Response M.E. Hathaway (Ed.) IOS Press, 2014 2014 The authors and IOS Press. All rights reserved. doi:10.3233/978-1-61499-372-8-97 97

More information

Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL 2015. European Union Agency For Network And Information Security

Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL 2015. European Union Agency For Network And Information Security Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL 2015 www.enisa.europa.eu European Union Agency For Network And Information Security About ENISA The European Union Agency for Network

More information

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015

CLOUD COMPUTING LESSONS LEARNED. Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 CLOUD COMPUTING LESSONS LEARNED Marc Vael, Chief Audit Executive Smals / President ISACA Belgium, November 2015 WHEN WAS THE TERM USED FOR THE FIRST TIME? 26 th of October 1997 WHO HYPED ALL THIS? What's

More information

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems eenviper White Paper #4 Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems 1 Executive Summary Cloud computing could revolutionise public services

More information

Taking on the Cloud Challenge in Europe

Taking on the Cloud Challenge in Europe Taking on the Challenge in Europe scape VII Conference, Brussels Jonathan Sage Government and Regulatory Affairs Cyber Security and Policy Lead, Europe @jonathansage, uk.linkedin.com/in/jonathansageibm

More information

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services ICT 7: Advanced cloud infrastructures and services ICT 8: Boosting public sector productivity and innovation through cloud computing services ICT 9: Tools and Methods for Software Development Dan-Mihai

More information

suggests an excess which could create confusion necessary among cloud users and service providers alike.

suggests an excess which could create confusion necessary among cloud users and service providers alike. Organization Section Line Number Commen t Type General, Technical, Editorial MS 1 All Ge The document does not identify trends (if any) attributable to SMEs although these are listed as specific targets.

More information

Cloud Competency Programme Workshop [1] Secure cloud services in a regulated environment

Cloud Competency Programme Workshop [1] Secure cloud services in a regulated environment Cloud Competency Programme Workshop [1] Secure cloud services in a regulated environment Rob Price Member, Cloud Industry Forum www.cloudindustryforum.org Last 2 years in Public Sector Cloud Public Cloud

More information

Detect, SHARE, Protect

Detect, SHARE, Protect Detect, SHARE, Protect Solutions for Improving Threat Data Exchange among CERTs European Union Agency for Network and Information Security www.enisa.europa.eu Agenda Objectives Methodology Overview of

More information

OUTCOME OF PROCEEDINGS

OUTCOME OF PROCEEDINGS Council of the European Union Brussels, 18 November 2014 15585/14 COPS 303 POLMIL 103 CYBER 61 RELEX 934 JAI 880 TELECOM 210 CSC 249 CIS 13 COSI 114 OUTCOME OF PROCEEDINGS From: Council On: 17 18 November

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

Meeting the needs of Healthcare

Meeting the needs of Healthcare Meeting the needs of Healthcare Healthcare: quality care today, and a healthcare system for tomorrow Like all advanced healthcare systems the NHS is faced with growing pressure from rising expectations

More information

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big

More information

ICT transforming business in the UK. Ian Osborne Director, Business to Business, Intellect

ICT transforming business in the UK. Ian Osborne Director, Business to Business, Intellect ICT transforming business in the UK Ian Osborne Director, Business to Business, Intellect Agenda - ICT Transforming Society - Cloud Computing Cloud Data Centres - IT as a Service - Personal choices for

More information

Information Security: Cloud Computing

Information Security: Cloud Computing Information Security: Cloud Computing Simon Taylor MSc CLAS CISSP CISMP PCIRM Director & Principal Consultant All Rights Reserved. Taylor Baines Limited is a Registered Company in England & Wales. Registration

More information

ENISA s contribution to the development of Network and Information Security within the Community

ENISA s contribution to the development of Network and Information Security within the Community ENISA s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA WSIS Implementation Mechanism: Action Line C5. 15 May 2006 1

More information

eeurope Awards for egovernment - 2005 Winners, Honourable Mentions and Nominees

eeurope Awards for egovernment - 2005 Winners, Honourable Mentions and Nominees eeurope Awards for egovernment - 2005 Winners, Honourable Mentions and Nominees Enabling egovernment Theme 1: The right environment Creating the best environment to enable government, businesses and citizens

More information

EuroCloud Star Audit. A strong partnership that provides you with a competitive advantage

EuroCloud Star Audit. A strong partnership that provides you with a competitive advantage EuroCloud Star Audit A strong partnership that provides you with a competitive advantage Strong and advantageous? 5 topics to consider 99% of all organisations are SME, with little internal Know- how.

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

Dr. Jesus Luna Garcia

Dr. Jesus Luna Garcia Cloud Accountability and SLAs: research challenges and opportunities Dr. Jesus Luna Garcia jluna@cloudsecurityalliance.org Outline Cloud SLA s one year ago Open Research Challenges: Standardization/certification

More information

Privacy in the Cloud: Data Protection and Security in Cloud Computing

Privacy in the Cloud: Data Protection and Security in Cloud Computing SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on

More information

PCP and PPP trends and user stories in Europe

PCP and PPP trends and user stories in Europe PCP and PPP trends and user stories in Europe Sara Garavelli, Trust-IT Services Shareholder & Project Manager & PICSE - Procurement Innovation for Cloud Services in Europe s.garavelli@trust-itservices.com

More information

Cyber Security in Austria

Cyber Security in Austria Cyber Security in Austria The Austrian Cyber Security Strategy Andreas Reichard 18 th May, 2015 Roadmap Austrian Cyber Security Strategy 1/2 MRV MRV 11/2011 03/2012 06/2012 09/2012 10/2012 03/2013 Fed.

More information

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL) Role of contracts in Cloud Computing an Overview Kevin McGillivray Doctoral Candidate (NRCCL) Barriers/Challenges to Cloud Transparency Compliance Legal Shared infrastructure Subcontractors (and their

More information

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation

More information

CYSPA - EC projects supporting NIS

CYSPA - EC projects supporting NIS CYSPA - EC projects supporting NIS Nina Olesen, EOS March 2014 Athens, Greece www.cyspa.eu CYSPA the European project The European Cyber Security Protection Alliance, or CYSPA, is an initiative by 17 organisationsfrom

More information

Cloud standards: Ready for Prime Time. CloudWatch webinar: Standards ready for prime time (part 2) 1

Cloud standards: Ready for Prime Time. CloudWatch webinar: Standards ready for prime time (part 2) 1 Cloud standards: Ready for Prime Time CloudWatch webinar: Standards ready for prime time (part 2) 1 Agenda 15:00 Welcome and introduction 15:05 IEEE P2301: Guide for Cloud Portability and Interoperability

More information

Digital Agenda for Europe Cartagena de Indias, September 1, 2015

Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Javier Huerta Bravo From the Digital Agenda (2010)... Commission ICT strategy for 2010-2020 Problems identified: Lack of investment in networks

More information

Strategy 2012 2015. Providing resources for staff and students in higher and further education in the UK and beyond

Strategy 2012 2015. Providing resources for staff and students in higher and further education in the UK and beyond Providing resources for staff and students in higher and further education in the UK and beyond Strategy 2012 2015 EDINA is a JISC National Datacentre Table of Contents Introduction... 1 Vision... 1 Mission

More information

European Innovation Partnership on Active and Healthy Ageing. Action Group C2 Interoperable Independent Living Solutions

European Innovation Partnership on Active and Healthy Ageing. Action Group C2 Interoperable Independent Living Solutions European Innovation Partnership on Active and Healthy Ageing Action Group C2 Interoperable Independent Living Solutions Peter Wintlev-Jensen and Marianne van den Berg European Commission 21-22 June 2012

More information

Legal aspects of cloud computing

Legal aspects of cloud computing Legal aspects of cloud computing Belrim Events Cloud Computing - Revolution or Nightmare? Antoon Dierick, DLA Piper Brussels 20 March 2014 Agenda 1. What is Cloud computing? 2. Cloud from a regulatory

More information

TECHNICAL SPECIFICATION: FEDERATED CERTIFIED SERVICE BROKERAGE OF EU PUBLIC ADMINISTRATION CLOUD

TECHNICAL SPECIFICATION: FEDERATED CERTIFIED SERVICE BROKERAGE OF EU PUBLIC ADMINISTRATION CLOUD REALIZATION OF A RESEARCH AND DEVELOPMENT PROJECT (PRE-COMMERCIAL PROCUREMENT) ON CLOUD FOR EUROPE TECHNICAL SPECIFICATION: FEDERATED CERTIFIED SERVICE BROKERAGE OF EU PUBLIC ADMINISTRATION CLOUD ANNEX

More information

Cloud Security Guide for SMEs

Cloud Security Guide for SMEs European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information

More information

D4.1 Cloud certification guidelines and recommendations

D4.1 Cloud certification guidelines and recommendations Ref. Ares(2015)444655-04/02/2015 www.cloudwatchhub.eu D4.1 Cloud certification guidelines and recommendations Revised Version www.cloudwatchhub.eu info@cloudwatchhub.eu @CloudWatchHub Security and privacy

More information

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services Boosting Productivity and Innovation Through Public Sector Compliant Cloud Services dr. Mišo Vukadinović IT and e-services Directorate Ministry of the Interior, Slovenia September 26, 2014 Agenda Cloud

More information