- Cloud Security Alliance
advertisement
Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org Daniele Catteddu, Managing Director EMEA, CSA Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org WHO AM I? Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Why CSA has decided to reinforce its presence in EU? Don’t ask me, ask Jim... My assumptions are: because EU is a huge potential market because EU cloud market has different rules, needs and requirements than USA and rest of word, because, we, Europeans are begging CSA for support :-) Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org CSA to contribute in shaping EU cloud policy CSA as centre of gravity in EU cloud security CSA as a hub for research projects and network of excellence connecting Industries, EU Institutions and Member States, Academia, Research Centres, Independent Experts Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org According to Gartner, Western Europe share of the worldwide cloud services market is forecast to account for 29% in 2014. Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Europe not just "cloud-friendly" but "cloud-active" First, the legal framework: users' rights, data protection and privacy - including the global aspects of each of those. Second, technical and commercial fundamentals: boosting research efforts, and focussing them on critical issues such as security and reliability. Third, the market: we will support pilot projects for cloud deployment, and push public procurers into action. Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org UK G Cloud The Netherlands cloud strategy French G Cloud Danish G Cloud Italian Cloud for PAs etc Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Heterogeneous set of national rules Restriction to data trans border New Data Protection Directive to be published soon (Nov.) Possible introduction of “Binding Safe Processor Rules” and mandatory incident reporting scheme NO other legislative intervention to be expected Strong support to open standards Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org FP 7 Information and Communication Technology Research Programme (ends 2013): INTERNET OF SERVICES FUTURE INTERNET PPP FP 8 - HORIZON 2020: in preparation, to be launched 2013 Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Involvement of CSA in the definition of EU Cloud Strategy, launched by Commissioner Kroes, due to be delivered in 2012 HOW? CSA was requested to draft a position paper suggesting concrete actions. We welcome your contributions! Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Reinforce territorial presence Consolidate already existing EU Chapters Support the creation of new chapters Connect them and coordinate their activities Knowledge transfer Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org A European virtual cyber security research centre a multi-stakeholder NoE for cyber security collaboration on cutting edge cyber security projects between European research and academic community, decision makers and technical experts from the industry, policy makers from EU Member States and EU Institutions, CERT/CSIRT and Cyber Security Operations Centres and international organisations. Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Creating consortia to participate in EC funded initiatives: Networking of researchers for a high level multi organisational and cross-border collaboration – Network of Excellence ICT - 2011.1.2 Cloud Computing, Internet of Services and Advanced Software engineering SEC-2012.2.5-2 Cyber resilience – Secure cloud computing for critical infrastructure ...and more to come Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Constitution of an EU Advisory Board: Provide high level strategic advices CSA ambassadors Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Parameters: identification of security parameters (e.g.reachability, through-put, QoS, e2e availability) relevant in CLOUD SLA Measuring: proposition of smart measuring system SLA building: definition of security SLA model for cloud Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org WG on Privacy Level Agreements PLA are meant to be similar to SLA for privacy In PLA a CSP clearly declares the level of privacy that undertakes to maintain w.r.t. relevant data processing PLA have a twofold objective: Provide cloud customers with a tool to assess the level of compliance of the CSP w.r.t. Data Protection legislation Offer contractual protection against possible damages due to lack of compliance Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Help Us Secure Cloud Computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org LinkedIn: www.linkedin.com/groups?gid=1864210 Twitter: @cloudsa Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org Copyright©©2011 2011Cloud CloudSecurity SecurityAlliance Alliance Copyright www.cloudsecurityalliance.org www.cloudsecurityalliance.org
