www.cloudsecurityalliance.org copyright © 2011 cloud security alliance

21
www.cloudsecurityalliance.or Copyright © 2011 Cloud Security Alliance

Upload: daniel-mckenzie

Post on 17-Dec-2015

221 views

Category:

Documents


1 download

TRANSCRIPT

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Daniele Catteddu, Managing Director EMEA, CSA

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

WHO AM I?

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Why CSA has decided to reinforce its presence in EU?

Don’t ask me, ask Jim...

My assumptions are:

because EU is a huge potential market

because EU cloud market has different rules, needs and requirements than USA and rest of word,

because, we, Europeans are begging CSA for support :-)

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

CSA to contribute in shaping EU cloud policy

CSA as centre of gravity in EU cloud security

CSA as a hub for research projects and network of excellence connecting Industries, EU Institutions and Member States, Academia, Research Centres, Independent Experts

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

According to Gartner, Western Europe share of the worldwide cloud services

market is forecast to account for 29% in 2014.

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Europe not just "cloud-friendly" but "cloud-active"

First, the legal framework: users' rights, data protection and privacy - including the global aspects of each of those.

Second, technical and commercial fundamentals: boosting research efforts, and focussing them on critical issues such as security and reliability.

Third, the market: we will support pilot projects for cloud deployment, and push public procurers into action.

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

UK G Cloud

The Netherlands cloud strategy

French G Cloud

Danish G Cloud

Italian Cloud for PAs

etc

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Heterogeneous set of national rules

Restriction to data trans border

New Data Protection Directive to be published soon (Nov.)

Possible introduction of “Binding Safe Processor Rules” and mandatory incident reporting scheme

NO other legislative intervention to be expected

Strong support to open standards

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

FP 7 Information and Communication Technology Research Programme (ends 2013):

INTERNET OF SERVICES

FUTURE INTERNET PPP

FP 8 - HORIZON 2020: in preparation, to be launched 2013

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Involvement of CSA in the definition of EU Cloud Strategy, launched by Commissioner Kroes, due to be delivered in 2012

HOW?

CSA was requested to draft a position paper suggesting concrete actions.

We welcome your contributions!

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Reinforce territorial presence

Consolidate already existing EU Chapters

Support the creation of new chapters

Connect them and coordinate their activities

Knowledge transfer

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

A European virtual cyber security research centre

a multi-stakeholder NoE for cyber security

collaboration on cutting edge cyber security projects between European research and academic community, decision makers and technical experts from the industry, policy makers from EU Member States and EU Institutions, CERT/CSIRT and Cyber Security Operations Centres and international organisations.

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Creating consortia to participate in EC funded initiatives:

Networking of researchers for a high level multi organisational and cross-border collaboration – Network of Excellence

ICT - 2011.1.2 Cloud Computing, Internet of Services and Advanced Software engineering

SEC-2012.2.5-2 Cyber resilience – Secure cloud computing for critical infrastructure

...and more to come

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Constitution of an EU Advisory Board:

Provide high level strategic advices

CSA ambassadors

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Parameters: identification of security parameters (e.g.reachability, through-put, QoS, e2e availability) relevant in CLOUD SLA

Measuring: proposition of smart measuring system

SLA building: definition of security SLA model for cloud

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

WG on Privacy Level Agreements

PLA are meant to be similar to SLA for privacy

In PLA a CSP clearly declares the level of privacy that undertakes to maintain w.r.t. relevant data processing

PLA have a twofold objective:

Provide cloud customers with a tool to assess the level of compliance of the CSP w.r.t. Data Protection legislation

Offer contractual protection against possible damages due to lack of compliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

Help Us Secure Cloud Computingwww.cloudsecurityalliance.org

[email protected]

LinkedIn: www.linkedin.com/groups?gid=1864210

Twitter: @cloudsa

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance

www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.orgCopyright © 2011 Cloud Security Alliance