- Cloud Security Alliance
Download
Report
Transcript - Cloud Security Alliance
Copyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.org
Daniele Catteddu, Managing Director EMEA, CSA
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
WHO AM I?
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Why CSA has decided to reinforce its presence in
EU?
Don’t ask me, ask Jim...
My assumptions are:
because EU is a huge potential market
because EU cloud market has different rules, needs
and requirements than USA and rest of word,
because, we, Europeans are begging CSA for
support :-)
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
CSA to contribute in shaping EU cloud policy
CSA as centre of gravity in EU cloud security
CSA as a hub for research projects and network
of excellence connecting Industries, EU
Institutions and Member States, Academia,
Research Centres, Independent Experts
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
According to Gartner, Western Europe share
of the worldwide cloud services market is
forecast to account for 29% in 2014.
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Europe not just "cloud-friendly" but "cloud-active"
First, the legal framework: users' rights, data protection and
privacy - including the global aspects of each of those.
Second, technical and commercial fundamentals: boosting
research efforts, and focussing them on critical issues such
as security and reliability.
Third, the market: we will support pilot projects for cloud
deployment, and push public procurers into action.
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
UK G Cloud
The Netherlands cloud strategy
French G Cloud
Danish G Cloud
Italian Cloud for PAs
etc
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Heterogeneous set of national rules
Restriction to data trans border
New Data Protection Directive to be published soon
(Nov.)
Possible introduction of “Binding Safe Processor
Rules” and mandatory incident reporting scheme
NO other legislative intervention to be expected
Strong support to open standards
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
FP 7 Information and Communication Technology
Research Programme (ends 2013):
INTERNET OF SERVICES
FUTURE INTERNET PPP
FP 8 - HORIZON 2020: in preparation, to be
launched 2013
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Involvement of CSA in the definition of EU Cloud Strategy,
launched by Commissioner Kroes, due to be delivered in
2012
HOW?
CSA was requested to draft a position paper suggesting
concrete actions.
We welcome your contributions!
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Reinforce territorial presence
Consolidate already existing EU Chapters
Support the creation of new chapters
Connect them and coordinate their activities
Knowledge transfer
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
A European virtual cyber security research centre
a multi-stakeholder NoE for cyber security
collaboration on cutting edge cyber security projects
between European research and academic
community, decision makers and technical experts
from the industry, policy makers from EU Member
States and EU Institutions, CERT/CSIRT and Cyber
Security Operations Centres and international
organisations.
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Creating consortia to participate in EC funded
initiatives:
Networking of researchers for a high level multi
organisational and cross-border collaboration – Network
of Excellence
ICT - 2011.1.2 Cloud Computing, Internet of Services
and Advanced Software engineering
SEC-2012.2.5-2 Cyber resilience – Secure cloud
computing for critical infrastructure
...and more to come
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Constitution of an EU Advisory Board:
Provide high level strategic advices
CSA ambassadors
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Parameters: identification of security parameters
(e.g.reachability, through-put, QoS, e2e
availability) relevant in CLOUD SLA
Measuring: proposition of smart measuring system
SLA building: definition of security SLA model for cloud
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
WG on Privacy Level Agreements
PLA are meant to be similar to SLA for privacy
In PLA a CSP clearly declares the level of privacy that
undertakes to maintain w.r.t. relevant data processing
PLA have a twofold objective:
Provide cloud customers with a tool to assess the level of
compliance of the CSP w.r.t. Data Protection legislation
Offer contractual protection against possible damages due to
lack of compliance
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Help Us Secure Cloud Computing
www.cloudsecurityalliance.org
[email protected]
LinkedIn: www.linkedin.com/groups?gid=1864210
Twitter: @cloudsa
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org
Copyright©©2011
2011Cloud
CloudSecurity
SecurityAlliance
Alliance
Copyright
www.cloudsecurityalliance.org
www.cloudsecurityalliance.org