frederic gittler, hewlett packard enterprise - governance, accountability and compliance in the...
TRANSCRIPT
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
Intro on Project Objectives & Overview
Frederic Gittler
Hewlett Packard Enterprise
A4Cloud Project
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
Disclaimer
The views expressed in this presentation have been collected and analyzed by the author;
they may not reflect official project positions
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
Introducing the Projects
Markets
Processes
Tools
Cloud for Europe Trusted Cloud Services for the European market for public administrations
SLA-Ready Making Cloud SLAs readily usable in the EU private sector (esp. SMEs)
A4Cloud Accountability for Cloud and Other Future Internet Services
PICSE Procurement innovation for cloud services in Europe
SPECS Secure Provisioning of Cloud Services based on SLA Management
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
Cloud for Europe Trusted Cloud Services for the European market for public administrations
Trust and Innovation for public sector cloud adoption
Using pre-commercial procurement • As an instrument for innovation • To involve industry in an open dialog to identify the challenges and better meet
the public sector needs • To involve SMEs to become providers for public sector market
Expected outputs of the project include: • Implementing a European PCP tender for innovative cloud solutions • Requirements and recommendations on legal concerns for the EU public sector • A gap analysis of the vendors’ supply of services and public sector requirements • A procedure for pre-commercial procurement • Presenting lessons learnt, best practice and recommendations for implementing
pre-commercial procurement in the cloud computing domain
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
PICSE Procurement innovation for cloud services in Europe
Build on the collaborative model from Helix Nebula to engage with providers and customers for cloud services • Set up a European Procurer’s Platform • Make the procurement model for cloud services simpler • Provide a range of best practices for implementing results • Set out a realistic roadmap for cloud procurement over the next five years • Lay the foundations for future joint procurements actions PICSE targets the needs of public research organisations and libraries intending to procure Cloud Services.
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
SLA-Ready Making Cloud SLAs readily usable in the EU private sector
Address cloud computing adoption barriers of both consumer and SMEs; e.g.: • Lack of privacy and data security • Provider lock-in and lack of standardization • Jurisdictional issues relating to applicable law • Law enforcement access to data. SLA-Ready will provide • Practical guides • User-friendly tutorial • Decision making support tools to help SMEs understand what to expect and what to look out when signing up with a cloud provider in order to get the best deal.
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
A4Cloud Accountability for Cloud and Other Future Internet Services
Accountability is probably the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services.
The project has built methods and tools which combine • Risk analysis • Policy definition and enforcement • Monitoring • Compliance auditing
They contribute to the governance of cloud activities, providing transparency and assisting legal, regulatory and socio-economic policy enforcement. They also create a shift towards individual users actively exercising control over their digital presence in the cloud.
NB – A4Cloud is releasing a preview of its Reference Architecture. See http://www.a4cloud.eu for details
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
SPECS Secure Provisioning of Cloud Services based on SLA Management
Develop and implement an open-source framework to offer Security-as-a-Service based on Service Level Agreements (SLA) specifying security parameters. The SPECS framework will contribute techniques and tools for: • Enabling a user-centric negotiation of security parameters in Cloud SLA, including
a trade-off evaluation process, in order to compose and use Cloud services fulfilling a minimum required security level (QoSec)
• Monitoring in real-time the fulfillment of SLAs and notifying users and CSPs when a SLAs not being fulfilled (e.g., due to a cyber-attack)
• Enforcing SLAs to keep a sustained QoSec. An enforcement framework will “react and adapt” in real-time to fluctuations in the QoSec by advising/applying the correct countermeasures (e.g., triggering a two-factor authentication mechanism)
GOVERNANCE ACCOUNTABILITY COMPLIANCE IN THE CLOUD WORKSHOP CSA EMEA CONGRESS – BERLIN – 16 November 2015
This work is partly funded from
the European Commission’s
Seventh Framework Programme
Thank you