European Cloud. Computing Strategy. State of play: 1-2014. Ken Ducatel DG CONNECT



Similar documents
European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT

Cloud Computing. and the European Strategy. State of play: Dan-Mihai CHIRILĂ DG CONNECT

European Cloud Computing Strategy

ENISA and Cloud Security

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

Cloud and Critical Information Infrastructures

ENISA and Cloud Security

ICT 7: Advanced cloud infrastructures and services

Dr. Jesus Luna Garcia

Legal aspects of cloud computing

A Flexible and Comprehensive Approach to a Cloud Compliance Program

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services

D4.1 Cloud certification guidelines and recommendations

Certification in the EU Cloud Strategy

Hans Bos Microsoft Nederland.

Daniel Field, Atos Spain. Towards the European Open Science Cloud, Heidelberg, 20/01/2016

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Cloud certification guidelines and recommendations

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Cloud Standards Coordination Final Report November 2013 VERSION 1.0

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

the EU framework programme for research and innovation

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Cloud certification guidelines and recommendations

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

EuroCloud Deutschland_eco e.v. Cloud Computing is the future! For sure! But secure!

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Cloud Computing An Auditor s Perspective

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

ICT 6: Cloud computing

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION STAFF WORKING DOCUMENT. ANNEX I to the

CloudingSMEs Deliverable D5.5.1 Policy Development Guidelines

The Cloud Security Alliance

Your first EURES job. Progress Summary 2014Q4. March 2015

Cloud Computing Standards: Overview and ITU-T positioning

Electronic public procurement in the EU

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

European Cloud Strategy: trusted cloud and public sector

Rolling out eidas Regulation (EU) 910/2014. Boosting trust & security in the Digital Single Market

COMMITTEE ON STANDARDS AND TECHNICAL REGULATIONS (98/34 COMMITTEE)

ehealth in support of safety, quality and continuity of care within and across borders

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Orchestrating the New Paradigm Cloud Assurance

SLA Model Terms and Specifications: SLALOM Project Overview and Request for Feedback

A Guide to Horizon 2020 Funding for the Creative Industries

Prof. Udo Helmbrecht

Environmental footprinting of products. The policy outlook

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

WORK PROGRAMME Topic ICT 9: Tools and Methods for Software Development

An SME perspective on Cloud Computing November 09. Survey

ENISA and Cloud Security

Adopting Cloud Computing with a RISK Mitigation Strategy

Cloud Security Standards. Aziza Al Rashdi Director, Cyber Security Professional Services Oman National CERT Information Technology Authority

Cloud Security Certification

Security standards for cloud usage

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

Pharma CloudAdoption. and Qualification Trends

CFPB Readiness Series: Compliant Vendor Management Overview

Standards for Cyber Security

Environmental footprinting of products The policy outlook

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

E2E Project Management Process Governance (Electric Capital)

CloudingSMEs Deliverable D2.2.4 Roadmap reflecting the SMEs

Information Security Management Systems

Blend Approach of IT Service Management and PMBOK for Application Support Project

JA to support the ehealth Network

Standardised SLAs: how far can we go? DIHC, Euro-Par 2013, Aachan John Kennedy Intel Labs Europe

Certification of Electronic Health Record systems (EHR s)

Altius IT Policy Collection Compliance and Standards Matrix

CA Self-Governance: CA / Browser Forum Guidelines and Other Industry Developments. Ben Wilson, Chair, CA / Browser Forum

Transcription:

European Cloud State of play: 1-2014 Computing Strategy Ken Ducatel DG CONNECT

What is at stake? Cloud as a growth engine Boost GDP : 940 bn cumulative impact for 2015-2020 250bn in 2020 Boosts productivity and efficiency: Up to 90% of cost savings for public administrations Business creation: 400.000 new SMEs Potential for job creation: 3.8 million and private cloud-related 2/6/2014 companies jobs 2

European Council Conclusions: 24/25 October 2013 "Several strategic technologies such as Big Data and Cloud computing are important enablers for productivity and better services. Cloud computing should improve access to data and simplify their sharing. Big Data aims to process, collect, store and analyse large amounts of data. EU action should provide the right framework conditions for a single market for Big Data and Cloud computing, in particular by promoting high standards for secure, high-quality and reliable cloud services. The European Commission and the Member States, with the support of the "European Cloud Partnership", should continue to make every effort to put Europe at the forefront of cloud adoption. The European Council calls for the establishment of a strong network of national digital coordinators which could play a strategic role in Cloud, Big Data and Open Data development." http://www.consilium.europa.eu/uedocs/cms_data/docs/pressdata/en/ec/139197.pdf 3

The Cloud Computing Strategy The European Commission's strategy 'Unleashing the potential of cloud computing in Europe' Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy Cloud strategy's key actions Cutting through the jungle of technical standards Development of model 'safe and fair' contract terms and conditions A European Cloud Partnership to drive innovation and growth from the public sector. Groups working on implementing the strategy ETSI: Cloud Standards Coordination The Cloud Select Industry Group on Certification Schemes The Cloud Select Industry Group on Code of Conduct The Cloud Select Industry Group on Service Level Agreements The Cloud Computing Contract Group Steering Board Launched on 4-5/12/2012 Launched on 21/02/2013 Launched on 10/04/2013 The European Cloud Partnership Cloud for Europe Launched on 21/02/2013 Launched on 19/11/2013 Launched on 19/11/2012 To be launched In 11/ 2013

Progress Key action 1: Standards mapping by ETSI Cloud Standards Coordination Conference Brussels 11/12/2013 List of certification schemes ENISA list and meta-framework mid 2014 Pilots 2014 Key action 2: Cloud Service Level Agreements - Draft Templates end 2013 Code of conduct (data protection) Stable draft Jan 2014, to Art 29 WP, endorsement during this Commission Cloud Contract Group Launched 19/11/13 Key action 3 Cloud 4 Europe project Official launch 14 November 2013 Pre-notice April, tender early summer 2014 2/6/2014 5

European Cloud Computing Strategy Part II Details

Cloud Standards Mapping Launched in December 2012 Workshop in Cannes, co-organized by EC, 200+ participants Definition of work structure: 3 TGs, a coordination group ( reference ) TG1 for definition of Roles and TG2 for collection of Use Cases TG3 in charge of Use Case Analysis and Production of the Report ETSI Support: Laurent Vreck ETSI @ CSC Workshop 10/12/12013

A view of Cloud Standardization The final Report provides the following technical results: A definition of the roles in Cloud; The collection and classification of over 100 Cloud Use Cases; A list of around 20 relevant organizations in Cloud Standardization and a selection of around 150 associated documents, Standards & Specifications as well as Reports & White Papers; A classification of activities that need to be undertaken by Cloud Service Customers or Providers over the whole Cloud Service Life-Cycle; A mapping of the selected Cloud documents (in particular Standards & Specifications) on these activities. And conclusions on the status of Cloud Standardization general aspects (fragmentation, etc.) specific topics of Interoperability, Security & Privacy and SLA. 8

Activities mapped with Standards and Specifications (and other documents) Analysis of 5 Use Cases have identified activities through the Cloud Service Life-Cycle phases 3 phases: Acquisition, Operation, Termination Relevant documents from selected SDOs mapped with the activities Standards & Specs (and related R&WP) Identification of standards needed Generic & Specific Activities Only a few S&S per activity 9

Main conclusions NO Jungle of Standards Enough Standards to start with Despite new standards coming, some gaps identified Foster collaboration to ensure no fragmentation happens 10

Identified EXISTING Certification schemes Cloud Security Alliance Open Certification Schema SOC / ISAE 3402 / SSAE16 ISACA - COBIT LeetSecurity Rating Cloud Industry Forum Code of Practice Europrise Fisma ISO 27001 Eurocloud Star Audit PCI-C TÜV Rheinland ISO 20000 / ITIL Initial Evaluation Data security: recognized standards/schemes, but only few fit for cloud purpose Data protection: no recognized standards/schemes yet Lack of transparency about some schemes (recognition, scope, added value, etc.) No one-stop shop in EU

Solutions Listing certification schemes Anything can get on the list Characteristics that can be objectively assessed/discussed Who governs the scheme, who audits, what is the standard A process for adding/updating schemes Meta-framework to be developed by ENISA Part of ENISA s WP for 2014 High level security objectives Detailed auditable security measures Security measures divided in levels Mapping to existing schemes Close collaboration with CERT-SIG First draft due mid 2014 Pilots ECP?

SLAs: Creating A Common Vocabulary of Understanding Purchaser s Dilemma Cloud Contracts are not comparable and use different definitions I don t know which Cloud Delivery Options are right for my specific need I don t know if I have considered the most important aspects for this contract SIG SLA Support Template SLAs and Terms and Conditions Cloud Decision Flowchart Cloud Contract Checklist

Service Level Agreements Templates Increase Understanding and help focus on key Contract Topics Agreement within SIG about initial set with 11 important attributes to define standard options for SLAs and contracts Access Trust Security Availability of service Problem Resolution Reporting and Quality of Service Data Portability Auditability Certification and Compliance Limitations Penalties Data privacy conditions Data Location Security Provisions including backup and disaster recovery

Key Project Facts CSA-CP for PCP under FP7 24 partners from 11 states AT, BE, DE, EE, ES, FI, IT, NL, PT, SI, TR Main phases: 1. Preparation of PCP tender + dissemination 2. Cloud services through joint PCP (industry) Currently procures from AT, ES, FI, IT, NL, PT, SI Budget: ~ 13,5 M (~ 9,5 M for PCP) Start date: 1 st June 2013 Courtesy C4E 2/6/2014 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information