Presentation is loading. Please wait.

Presentation is loading. Please wait.

European Union Agency for Network and Information Security ENISA and Cloud Security Dimitra Liveri| NIS Expert EuroCloud Forum 2015| Barcelona|07-10-2015.

Published byChristine Georgina Andrews Modified over 8 years ago

Similar presentations

Presentation on theme: "European Union Agency for Network and Information Security ENISA and Cloud Security Dimitra Liveri| NIS Expert EuroCloud Forum 2015| Barcelona|07-10-2015."— Presentation transcript:

1 European Union Agency for Network and Information Security ENISA and Cloud Security Dimitra Liveri| NIS Expert EuroCloud Forum 2015| Barcelona|07-10-2015

2 2 Securing Europe’s Information Society Operational Office in Athens

3 3 Positioning ENISA activities

4 4 Benefits of Cloud Computing Risks in Cloud Computing ENISA Activities in Cloud Security ENISA tools Risk Assessment for SMEs Cloud Certification Schemes List Next steps Agenda

5 5 Cloud Computing is another way of providing IT services Characteristics are -Highly standardized services -Highly standardized SLAs Using such a service is outsourcing Cloud SLAs are usually much more standardized than in other outsourcing contracts Cloud Computing is a Business model

6 6 Cloud is a deployment model © Google / Conny Zhou Cloud Computing is a Deployment Model Cloud computing is a deployment model Information processing -In a shared environment -using shared computing resources Resources can be quickly scaled to meet changed demand Cloud deployments are usually much more standardized and automated than legacy IT

7 7 Economies of Scale Better ROI Cost of security spread to all customers High Resiliency Better back up services Better business recovery Cloud Opportunities Efficient solutions More efficient resource utilization also means cost savings Standardised solutions Better patch management Better software update management Portable and interoperable

8 8 Isolation Failures control resides to the cloud provider Loss of Governance Customer cedes some control to the provider (depending on the deployment model) This also affects security Presentation Title | Speaker Name Cloud Challenges Management GUI and API compromise Identity and access management are particularly important Full access to all resources (keys to many kingdoms) Data protection The CSP usually becomes data processor in terms of DP legislation Data processing in datacentres abroad can imply that certain DP requirements cannot be met in the Cloud

9 9 Public Sector Legacy Data Legacy Applications Legacy Processes Special information assurance requirements NEEDS MORE TIME TO ADOPT Differences in Requirements for Governments vs. Companies Private Sector Difference depending on the scale i.e. Large companies and SMEs Investment from cost perspective EASIER TO MAKE THE RIGHT DECISION

10 10 ENISA’s work in the area of Cloud 2009 Cloud computing risk assessment 2009 Cloud security Assurance framework 2012 Procure secure (Security in SLAs) 2013 Critical cloud computing 2013 Incident reporting for cloud computing 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy 2014 Cloud Certification Meta-Framework 2014 Procurement security in GovClouds 2015 Cloud Security guide for SMEs http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing

11 11 ENISA engages the community ENISA Cloud Security and Resilience experts group

12 12 Cloud Computing Risk Assessment Addressed to: public sector, private sector (large companies and SMEs), governmental agencies

13 13 Risk Assessment in the Cloud Famous 2009 GuideUpdated in 2012 Security Guide for SMEs – 2015

14 14 Security guide for SMEs Small and medium size enterprises (SMEs) are an important driver for innovation and growth in the EU Cloud Computing is a means for innovation, but cloud is for the SMEs still a challenge. ENISA in this study presents: -11 security opportunities (compared to legacy IT benefits) -11 security risks (compared with legacy IT risks) -12 security questions for the SME to ask the provider (in one security “cheat sheet” -2 comprehensive scenarios -Some legal advice

15 15 …and online tool Where you can: rate your opportunities from cloud rate your risks produce a risks map get your security questions

16 16 Governmental Clouds Addressed to: public sector, governmental agencies

17 17 Governmental Cloud reports (1/2) 2010: Guide on security and resilience for Governmental Clouds Presentation of the security benefits and drawbacks for the public sector to go in the cloud First steps need to be done towards taking the decision to go cloud 2013: Good practice guide on how to securely deploy Governmental Clouds Definition of a governmental cloud (in a mature market) State of cloud computing adoption in the EU public sector Case studies of different approaches in adopting a cloud solution

18 18Presentation Title | Speaker Name Governmental Cloud reports (2/2) 2014: Security Framework for Governmental Clouds 4 phases, 10 different steps and the specific actions to be taken in each one 4 use case scenarios to find the solutions that better fits each implementation

19 19 Critical Clouds Addressed to: private sector, (public sector in some cases)

20 20 ENISA’s Critical Cloud Study First assessment of CIIP aspects of Cloud computing Illustrates dependencies and provides examples for failures Provides recommendations for Cloud security governance from the CIIP perspective Conclusions can be applied to Governmental Cloud usage

21 21 Cloud computing incidents could have major impact. Large scale incidents should be reported to improve trust Public sector and industry should agree on scope and thresholds of reporting. ENISA suggests a model for incident reporting of cloud incidents involving CSPs and regulators. Incident Reporting for Cloud Computing

22 22 Critical Clouds Cloud in the Critical Sectors Cloud supporting Health care systems and services Cloud supporting eGovernment Cloud Computing in the Finance Sector

23 23 Identification of critical challenges to cloud computing adoption in the Finance sector Assess legal and regulatory context (challenges and opportunities) in all member states Support industry and understand their uptake – why do some use and some don’t use cloud Propose recommendations Good Practices for the use of Cloud Computing in the area of Finance Sector

24 24 Cloud Certification Addressed to: private sector - large companies and SMEs, (public sector and governmental agencies in some cases)

25 25 The EU Cloud Strategy “EU should not only be cloud-friendly, but also cloud–active” “I am pleased that ETSI launched and steered the Cloud Standards Coordination (CSC) initiative in a fully transparent and open way for all stakeholders.” “...ensuring technical security requirements are mapped onto certification, as ENISA is leading…” “... we officially launch the platform for public sector cooperation with this "Cloud for Europe" initiative. This is an enormous step forward.…” Neelie Kroes, European Commissioner for the Digital Agenda Oct 2013 “... we officially launch the platform for public sector cooperation with this "Cloud for Europe" initiative. This is an enormous step forward.…” Neelie Kroes, European Commissioner for the Digital Agenda Oct 2013 Cutting through the jungle of technical standards Development of model “safe and fair” contract terms and conditions A European Cloud Partnership to drive innovation and growth from the public sector The European Commission’s strategy “Unleashing the potential of cloud computing in Europe” Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy The European Commission’s strategy “Unleashing the potential of cloud computing in Europe” Adopted on 27 September 2012, it is designed to speed up and increase the use of cloud computing across the economy

26 26 ENISA realising the EU Cloud Strategy: Certification Strategic objective of EC Strategy: List of voluntary certification schemes Cloud Certification Schemes List (CCSL): List of existing certification schemes –13 Certification schemes included –Powered by ENISA, supported by the EC and the Cloud Selected Industry Group (C-SIG) Visit: https://resilience.enisa.europa.eu/cloud-computing-certificationhttps://resilience.enisa.europa.eu/cloud-computing-certification Cloud Certification Schemes Meta- framework (CCSM): Meta-framework based on existing certification schemes –Mapping detailed ICT security requirements of the public sector in the EU (11 countries and more will come) –Matrix will results to be used for procurement

27 27 How we draw CCSM

28 28 Next steps Ex-post analysis of cloud incidents (early 2016) EU perspective on ex post analysis (forensics) for cloud incidents: 8 countries(IT, ES, IE, NL, GR, FR, EE, UK): Academia, LEAs, Forensics Specialists, CERTs. Challenges, procedures, tools, legal restrictions ICT in e-Health (2016) Challenges and opportunities of ICT deployments in eHealth (medical records, patient records etc) Cloud computing use case in eHealth Big data use case in e Health

29 PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu Thank you and Welcome!

Download ppt "European Union Agency for Network and Information Security ENISA and Cloud Security Dimitra Liveri| NIS Expert EuroCloud Forum 2015| Barcelona|07-10-2015."

Similar presentations

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.

European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.
1 EU Strategy for the Baltic Sea Region as a tool to implement the EU2020 European Commission Directorate General Regional Policy Territorial Cooperation.

1 EU Strategy for the Baltic Sea Region as a tool to implement the EU2020 European Commission Directorate General Regional Policy Territorial Cooperation.
Paul Timmers eGovernment Unit Directorate General Information Society & Media European Commission Public eProcurement and EU eGovernment Developments 13.

Paul Timmers eGovernment Unit Directorate General Information Society & Media European Commission Public eProcurement and EU eGovernment Developments 13.
Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.
European Cloud Computing Conference Panel 1: What should be the legal framework to help create a market for Cloud services? Dalibor Baskovc Member Executive.

European Cloud Computing Conference Panel 1: What should be the legal framework to help create a market for Cloud services? Dalibor Baskovc Member Executive.
FP7 Preparations ISTC meeting 31 March 2004. Content FP7 preparation approach and timetable Context for FP7 and for ICT in FP7 Research in New Financial.

FP7 Preparations ISTC meeting 31 March Content FP7 preparation approach and timetable Context for FP7 and for ICT in FP7 Research in New Financial.
EU SME policy The “Small Business Act” for Europe and its Review

EU SME policy The “Small Business Act” for Europe and its Review
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
CEN WS/BII2 1 Spreading interoperability in eProcurement processes across Europe Open Seminar Brussels December 6, 2012.

CEN WS/BII2 1 Spreading interoperability in eProcurement processes across Europe Open Seminar Brussels December 6, 2012.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance.

Copyright © 2011 Cloud Security Alliance.
Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.

Policy recommendations for wider implementation of telemedicine Peeter Ross, MD, PhD e-Health expert, Estonian eHealth Foundation, Estonia.
Stakeholder meeting on the SHIFT²RAIL Strategic Master Plan Manuel Pereira, IST Lisbon ERRAC Vice Chairman 20 th June 2014, Brussels 1.

Stakeholder meeting on the SHIFT²RAIL Strategic Master Plan Manuel Pereira, IST Lisbon ERRAC Vice Chairman 20 th June 2014, Brussels 1.
EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.

EMAS III: A mature instrument for new challenges Soledad BLANCO Director, Directorate Industry DG Environment.
SMART GRID DEVICES SECURITY CERTIFICATION

SMART GRID DEVICES SECURITY CERTIFICATION
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
1 of 1 E- Health in the European Union Dr. Andrzej Rys Director for Health and Risk Assessment DG SANCO European Commission OPEN DAYS 2009 Mobility in.

1 of 1 E- Health in the European Union Dr. Andrzej Rys Director for Health and Risk Assessment DG SANCO European Commission OPEN DAYS 2009 Mobility in.
ENISA and Cloud Security

ENISA and Cloud Security

Similar presentations

Ads by Google