European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT



Similar documents
European Cloud. Computing Strategy. State of play: Ken Ducatel DG CONNECT

Cloud Computing. and the European Strategy. State of play: Dan-Mihai CHIRILĂ DG CONNECT

European Cloud Computing Strategy

ENISA and Cloud Security

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Cloud and Critical Information Infrastructures

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Certification in the EU Cloud Strategy

ENISA and Cloud Security

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

Hans Bos Microsoft Nederland.

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Standards Coordination Final Report November 2013 VERSION 1.0

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Cloud certification guidelines and recommendations

Open Certification Framework. Vision Statement

Cloud Channel Summit #RCCS15

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

D4.1 Cloud certification guidelines and recommendations

Taking on the Cloud Challenge in Europe

Cloud certification guidelines and recommendations

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

The Cloud Security Alliance

ENISA and Cloud Security

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Standards for Cyber Security

Cloud Security Introduction and Overview

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

Berlin, 15 th November Mark Dunne SaaSAssurance

Global Efforts to Secure Cloud Computing

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

ICT 7: Advanced cloud infrastructures and services

EuroCloud Star Audit. A strong partnership that provides you with a competitive advantage

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Public Cloud Workshop Offerings

Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

Orchestrating the New Paradigm Cloud Assurance

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

The role of standards in driving cloud computing adoption

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

Building International Cooperation for Trustworthy ICT (BIC) Presented by: Michel Riguidel, Telecom Paris-Tech

Trends in Information Technology (IT) Auditing

Cloud Computing: Security, Risk and Governance Issues & International Developments in the Banking Sector. Panagiotis Droukas CISA, CRISC, CGEIT

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

Legal aspects of cloud computing

Cloud Computing An Auditor s Perspective

CLOUD SERVICE LEVEL AGREEMENTS Meeting Customer and Provider needs

10 Considerations for a Cloud Procurement. Anthony Kelly Erick Trombley David DeBrandt Carina Veksler January 2015

How to Lead the People in a Program Based Environment

Cloud for Europe trusted Cloud Services for the European market for public administrations

TOOLS and BEST PRACTICES

Why & How Cloud computing is enabling the digital transformation of financial services institutions

DS : Trust eservices. The policy context: eidas Regulation

How to ensure control and security when moving to SaaS/cloud applications

Standardised SLAs: how far can we go? DIHC, Euro-Par 2013, Aachan John Kennedy Intel Labs Europe

Cloud Computing A NIST Perspective & Beyond. Robert Bohn, PhD Advanced Network Technologies Division

Dr. Jesus Luna Garcia

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Robert Brammer. Senior Advisor to the Internet2 CEO Internet2 NET+ Security Assessment Forum. 8 April 2014

European Privacy Reporter

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Israeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective

Security in the Green Cloud

GRC Stack Research Sponsorship

I&IT Strategy & Cyber Security

CloudingSMEs Deliverable D5.5.1 Policy Development Guidelines

Privacy Compliance and Security SLA: CSA addressing the challenges

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

Walking the talk. Marnix Dekker. about the EC as cloud customer. CISO team, European Commission

Security standards for cloud usage

Accelerating Cloud adoption with Security Level Agreements automation, monitoring and industry standards compliance

Achieving Governance, Risk and Compliance Requirements with HISP Certification Course

Removing barriers to Cloud Computing in Europe Open Workshop

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Leveraging the Potential of Cloud Security Service Level Agreements through Standards

Cloud Competency Programme Workshop [1] Secure cloud services in a regulated environment

{Moving to the cloud}

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Why companies in the EU are adopting more and more cloud-based security solutions?

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Making Sure Cloud Security is Not Up in Smoke: Integrating Protection in the Acquisition Process Digital Government Institute Cloud-Enabled

! Global Efforts to Secure! Cloud Computing

Logically Securing a Public Cloud Service

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Adding value as a Cloud Broker. Nick Hyner Director Cloud Services EMEA Twitter Dell.com/Cloud

Securing external suppliers and supply chains: the ISF approach

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

ISO 27001:2005 & ISO 9001:2008

Altius IT Policy Collection Compliance and Standards Matrix

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Helix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia

ETSI -Standards in the cloud Mobile internet and cloud computing. Adam Heywood Senior Director, Europe Technical Sales

Selecting a Cloud Service Provider (CSP)

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments. Ben Wilson, Chair, CA / Browser Forum

Hot Topics in IT. CUAV Conference May 2012

Transcription:

European Cloud Computing Cloud standards Strategy Ken Ducatel DG CONNECT

The Cloud Computing Strategy The European Commission's strategy 'Unleashing the potential of cloud computing in Europe' Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy Cloud strategy's key actions Cutting through the jungle of technical standards Development of model 'safe and fair' contract terms and conditions A European Cloud Partnership to drive innovation and growth from the public sector. DG CONNECT working groups for the implementation of the strategy ETSI: Cloud Standards Coordination The Cloud Select Industry Group on Certification Schemes The Cloud Select Industry Group on Code of Conduct The Cloud Select Industry Group on Service Level Agreements Research: The Cloud Expert Group Steering Board Launched on 4-5/12/2012 Launched on 21/02/2013 Launched on 10/04/2013 Now completed Launched on 19/11/2012 The European Cloud Partnership Cloud for Europe To be launched In 11/ 2013

ETSI Cloud Standards Coordination Launched in December 2012 Workshop in Cannes, co-organized by EC, 200+ participants Definition of work structure: 3 TGs, a coordination group ( reference ) Work over half-way now Regular e-meetings (weekly), 4 Face-to-Face meetings TG1 and TG2 results provided: {roles, actors} and {use cases} Work on-going in TG3: consolidation, mapping, narrative the tough part

Done: Cloud Standards Coordination Interim report (end June 2013) Report to ECP Steering Board (July 2013) Ahead: Face to face meeting Sophia Antipolis (October 2013) Final report preparation Final Conference Brussels (11 December 2013)

Use case examples Application on a Cloud Cloud Bursting Data Portability Processing Sensitive Data Data Integrity Guaranteed Availability Phases: Acquisition; Operation; Termination

Standards coming up in the mapping draft of service acquisition Terminology and Metrics Service assessment and comparison Negotiation Standard expression of SLA Determining SLA targets/thresholds Customer DP obligations Customer retrieves service offers TMF TR178, NIST Metrics WS-Agreement, CSCC SLA White Paper, TMF GB963, SMI TMF GB917, WS-Agreement Negotiation ISO SC38 SLA Framework & Terminology ENISA Procure Secure CSA Guidance, Europrise specifications CSA Star registry, ISO27001/2

Standards & Security Certification Schemes: Why bother? Vendor Accountability & Consumer Trust Focus Areas Data Security Compliance with EU Data Protection Rules Benefits Cloud Users Ability to compare cloud offerings Outsource due diligence for compliance Cloud Vendors Legal certainty Cost reduction CSIGs Guiding Principles User-centric Voluntary, business driven Leverage global standards/schemes No one fits all: schemes to reflect various use cases Technology neutrality Lean and affordable Governance: separation of duties for standardization, accreditation and auditing

Identified EXISTING Certification schemes ISACA - COBIT Cloud Security Alliance Open Certification Schema SOC / ISAE 3402 / SSAE16 LeetSecurity Rating Europrise Cloud Industry Forum Code of Practice Fisma ISO 27001 Eurocloud Star Audit PCI-C TÜV Rheinland ISO 20000 / ITIL Initial Evaluation Data security: recognized standards/schemes, but only few fit for cloud purpose Data protection: no recognized standards/schemes yet Lack of transparency about some schemes (recognition, scope, added value, etc.) No one-stop shop in EU

On-going and potential ACTIONS Analysis of existing Certification Schemes Qualified list of certification schemes (ENISA 2014) Metaframework to assist comparison to be developed (ENISA 2014) Actions on Cloud Certification Schemes Emerging data security standards to cloud requirements (ISO 27018) Draft code of conduct for data protection in the cloud & prototypes Endorsement of code of conduct by regulatory authorities, (esp. Data Protection Authorities)?Refer to/ use cloud certification schemes in public procurement??eu-wide mutual recognition of cloud certificates? EU Policy Framework & Cloud Certification EU Data Protection Regulation EU NIS- Directive in Cyber Security Strategy

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information