www.cloudsecurityalliance.org copyright © 2011 cloud security alliance
TRANSCRIPT
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Daniele Catteddu, Managing Director EMEA, CSA
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
WHO AM I?
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Why CSA has decided to reinforce its presence in EU?
Don’t ask me, ask Jim...
My assumptions are:
because EU is a huge potential market
because EU cloud market has different rules, needs and requirements than USA and rest of word,
because, we, Europeans are begging CSA for support :-)
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
CSA to contribute in shaping EU cloud policy
CSA as centre of gravity in EU cloud security
CSA as a hub for research projects and network of excellence connecting Industries, EU Institutions and Member States, Academia, Research Centres, Independent Experts
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
According to Gartner, Western Europe share of the worldwide cloud services
market is forecast to account for 29% in 2014.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Europe not just "cloud-friendly" but "cloud-active"
First, the legal framework: users' rights, data protection and privacy - including the global aspects of each of those.
Second, technical and commercial fundamentals: boosting research efforts, and focussing them on critical issues such as security and reliability.
Third, the market: we will support pilot projects for cloud deployment, and push public procurers into action.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
UK G Cloud
The Netherlands cloud strategy
French G Cloud
Danish G Cloud
Italian Cloud for PAs
etc
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Heterogeneous set of national rules
Restriction to data trans border
New Data Protection Directive to be published soon (Nov.)
Possible introduction of “Binding Safe Processor Rules” and mandatory incident reporting scheme
NO other legislative intervention to be expected
Strong support to open standards
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
FP 7 Information and Communication Technology Research Programme (ends 2013):
INTERNET OF SERVICES
FUTURE INTERNET PPP
FP 8 - HORIZON 2020: in preparation, to be launched 2013
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Involvement of CSA in the definition of EU Cloud Strategy, launched by Commissioner Kroes, due to be delivered in 2012
HOW?
CSA was requested to draft a position paper suggesting concrete actions.
We welcome your contributions!
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Reinforce territorial presence
Consolidate already existing EU Chapters
Support the creation of new chapters
Connect them and coordinate their activities
Knowledge transfer
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
A European virtual cyber security research centre
a multi-stakeholder NoE for cyber security
collaboration on cutting edge cyber security projects between European research and academic community, decision makers and technical experts from the industry, policy makers from EU Member States and EU Institutions, CERT/CSIRT and Cyber Security Operations Centres and international organisations.
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Creating consortia to participate in EC funded initiatives:
Networking of researchers for a high level multi organisational and cross-border collaboration – Network of Excellence
ICT - 2011.1.2 Cloud Computing, Internet of Services and Advanced Software engineering
SEC-2012.2.5-2 Cyber resilience – Secure cloud computing for critical infrastructure
...and more to come
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Constitution of an EU Advisory Board:
Provide high level strategic advices
CSA ambassadors
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Parameters: identification of security parameters (e.g.reachability, through-put, QoS, e2e availability) relevant in CLOUD SLA
Measuring: proposition of smart measuring system
SLA building: definition of security SLA model for cloud
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
WG on Privacy Level Agreements
PLA are meant to be similar to SLA for privacy
In PLA a CSP clearly declares the level of privacy that undertakes to maintain w.r.t. relevant data processing
PLA have a twofold objective:
Provide cloud customers with a tool to assess the level of compliance of the CSP w.r.t. Data Protection legislation
Offer contractual protection against possible damages due to lack of compliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance
Help Us Secure Cloud Computingwww.cloudsecurityalliance.org
LinkedIn: www.linkedin.com/groups?gid=1864210
Twitter: @cloudsa