Copyright © 2011 Cloud Security Alliance

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Daniele Catteddu, Managing Director EMEA, CSA

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance WHO AM I?

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Why CSA has decided to reinforce its presence in EU? Don’t ask me, ask Jim... My assumptions are: because EU is a huge potential market because EU cloud market has different rules, needs and requirements than USA and rest of word, because, we, Europeans are begging CSA for support :-)

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance CSA to contribute in shaping EU cloud policy CSA as centre of gravity in EU cloud security CSA as a hub for research projects and network of excellence connecting Industries, EU Institutions and Member States, Academia, Research Centres, Independent Experts

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance According to Gartner, Western Europe share of the worldwide cloud services market is forecast to account for 29% in 2014.

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Europe not just "cloud-friendly" but "cloud-active" First, the legal framework: users' rights, data protection and privacy - including the global aspects of each of those. Second, technical and commercial fundamentals: boosting research efforts, and focussing them on critical issues such as security and reliability. Third, the market: we will support pilot projects for cloud deployment, and push public procurers into action.

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance UK G Cloud The Netherlands cloud strategy French G Cloud Danish G Cloud Italian Cloud for PAs etc

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Heterogeneous set of national rules Restriction to data trans border New Data Protection Directive to be published soon (Nov.) Possible introduction of “Binding Safe Processor Rules” and mandatory incident reporting scheme NO other legislative intervention to be expected Strong support to open standards

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance FP 7 Information and Communication Technology Research Programme (ends 2013): INTERNET OF SERVICES FUTURE INTERNET PPP FP 8 - HORIZON 2020: in preparation, to be launched 2013

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Involvement of CSA in the definition of EU Cloud Strategy, launched by Commissioner Kroes, due to be delivered in 2012 HOW? CSA was requested to draft a position paper suggesting concrete actions. We welcome your contributions!

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Reinforce territorial presence Consolidate already existing EU Chapters Support the creation of new chapters Connect them and coordinate their activities Knowledge transfer

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance A European virtual cyber security research centre a multi-stakeholder NoE for cyber security collaboration on cutting edge cyber security projects between European research and academic community, decision makers and technical experts from the industry, policy makers from EU Member States and EU Institutions, CERT/CSIRT and Cyber Security Operations Centres and international organisations.

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Creating consortia to participate in EC funded initiatives: Networking of researchers for a high level multi organisational and cross-border collaboration – Network of Excellence ICT Cloud Computing, Internet of Services and Advanced Software engineering SEC Cyber resilience – Secure cloud computing for critical infrastructure...and more to come

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Constitution of an EU Advisory Board: Provide high level strategic advices CSA ambassadors

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Parameters: identification of security parameters (e.g.reachability, through-put, QoS, e2e availability) relevant in CLOUD SLA Measuring: proposition of smart measuring system SLA building: definition of security SLA model for cloud

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance WG on Privacy Level Agreements PLA are meant to be similar to SLA for privacy In PLA a CSP clearly declares the level of privacy that undertakes to maintain w.r.t. relevant data processing PLA have a twofold objective: Provide cloud customers with a tool to assess the level of compliance of the CSP w.r.t. Data Protection legislation Offer contractual protection against possible damages due to lack of compliance

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Help Us Secure Cloud Computing LinkedIn:

Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance Copyright © 2011 Cloud Security Alliance