Presentation is loading. Please wait.

Presentation is loading. Please wait.

ENISA and Cloud Security

Published byChristian Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "ENISA and Cloud Security"— Presentation transcript:

1 ENISA and Cloud Security
Udo Helmbrecht | Executive Director EU28 Cloud Security Conference| Riga |

2 Positioning ENISA activities
POLICY IMPLEMENTATION HANDS ON MOBILISING COMMUNITIES RECOMMENDATIONS

3 EU Legislation The EU Cloud Strategy The Digital Single Market
The EU cloud strategy has been finalised ENISA supported the objective on Cloud Certification (next slide) DSM now calls for creating a European digital economy through the use of IoT, Cloud and Big Data Presentation Title | Speaker Name

4 ENISA’s Cloud Security work
2009 Cloud computing risk assessment 2009 Cloud security Assurance framework 2011 Security and resilience of GovClouds 2012 Procure secure (Security in SLAs) 2013 Critical cloud computing 2013 Incident reporting for cloud computing 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy Cloud Computing Schemes List (CCSL) 2014 Cloud Certification Meta-Framework (CCSM) 2014 Security frameworks for Gov Clouds 2015 Security guide for SMEs 2015 Post analysis for Cloud Incidents (in progress) This is an overview of the work we did in the past and are doing. Our early papers from 2009 are still widely downloaded and quoted. They basically give an overview of the main risks and benefits when moving to the cloud. Let me go over some of them quickly. Put in about “ENISA’s work on Cloud Computing, but concentrating on how we have helped industry secure a developing business model (work with CSA, support for the EU Cloud strategy). Here we can stress the fact that we look for security solutions that are economically viable and provide a reasonable trade-off between opportunity and risk. This is ENISA supporting economic growth.” All SecureCloud events are coorganized with CSA

5 Challenges and Opportunities for SMEs adopting Cloud
Geographic Spread Elasticity Physical Security Patching and updating Certification and compliance Risks Overloads Unexpected costs Vendor lock-in Administrative or legal outages Foreign jurisdiction issues Recommendation Assess your risks and opportunities using the ENISA SME Tool Share the Security questions with your Cloud provider Visit: eu/activities/Resilience- and-CIIP/cloud- computing/security-for- smes/sme-guide-tool Security Guide for SMEs 2015 ENISA believes security is a driver for cloud adoption

6 Governmental Clouds 2010: Guide on security and resilience for Governmental Clouds 2013: Good practice guide on how to securely deploy Governmental Clouds 2014: Security Framework for Governmental Clouds Studies on governmental Clouds Recommendations report 2013:  EC and MS to support the development of an EU strategy to foster the adoption of governmental Cloud;  EC and MS to develop a business model to guarantee the sustainability and economies of scale or governmental Cloud solutions;  MS and Cloud providers to foster the development of a framework to mitigate the “loss of control” issue;  EC and MS to promote the definition of a regulatory framework to address the “locality problem”;  MS and Cloud providers to encourage the development of governmental Cloud solutions compliant with EU and country specific regulation;  EC and MS to support the development of an SLA framework;  EC and MS to foster the adoption of baseline security measures for both public and private Cloud deployment models;  EC and MS to develop a certification framework;  Academia and Cloud providers to foster research on governmental Cloud security;  EC and MS to support privacy enhancement in the Cloud. Report 2014 creates this framework in steps for all [public sector to go cloud (from the request of a service till the end of a contract)

7 Governmental Clouds – Key Recommendations
Support the development of an EU strategy to foster the adoption of governmental Cloud; Develop a business model to guarantee the sustainability and economies of scale or governmental Cloud solutions; Promote the definition of a regulatory framework to address the “locality problem”; MS and Cloud providers to encourage the development of governmental Cloud solutions compliant with EU and country specific regulation; EC and MS to foster the adoption of baseline security measures for both public and private Cloud deployment models; EC and MS to develop a certification framework; Push for privacy enhancement in the Cloud (to promote governmental clouds adoption).

8 ENISA realising the EU Cloud Strategy: Certification
Strategic objective of EC Strategy: List of voluntary certification schemes Cloud Certification Schemes List (CCSL): List of existing certification schemes 13 Certification cloud related schemes included Users can understand what each certification means for a provider/ providers can assess which certification to obtain. The tools are officially announced the end of January, This service is offered by ENISA and we will continue – we are now in the process of adding new schemes. In 2012 the EC issued a communication called “European strategy for Cloud computing – unleashing the potential of cloud computing in Europe”. One of the actions outlined in the strategy is to assist the development of EU-wide voluntary certification schemes make a list of such schemes. In the strategy ENISA is asked to support this work. The tools and documents on this page have been developed by ENISA, in collaboration with the European Commission and the Cloud Selected Industry Group on Certification (aka C-SIG Certification). The creation of a list of certification schemes is explicitly mentioned as a key action in the European Cloud Strategy. Read more about the background of this work in ENISA's paper on Certification in the EU cloud strategy. CCSL is a list of (existing) certification schemes, relevant for cloud computing customers. CCSL provide potential customers with an overview of objective characteristics per scheme, to help them understand how the scheme works and if it is appropriate for their setting. CCSL was already implemented as an online tool and published in spring 2014. CCSM is a metaframework of existing certification schemes, which maps detailed security requirements in the public sector to security objectives in existing certification schemes. The goal of CCSM is to provide more transparency and help customers in the public sector with cloud procurement. Cloud Certification Schemes Meta-framework (CCSM): Meta-framework based on existing certification schemes Assist customers in the public sector with cloud procurement. Visit:

9 Cloud in the Critical Sectors
Critical Clouds Cloud Computing in the Finance Sector Cloud supporting Health care systems and services Cloud supporting eGovernment ENISA first talked about Critical Clouds in 2012 Currently ENISA is focusing on the challenges and opportunities cloud can offer (or cause) in the Finance and Health sector. In parallel we continue our work on governmental Clouds promoting Cloud usage in public administration

10 Summary of actions/recommendations for the Cloud community
01 ENISA creates online tools to support the SMEs and the public sector to “go- cloud” 02 Support the development of a common SLA framework for EU to support Governmental Clouds 03 Enhance trust through compliance and certification 04 Promote legislative background to support critical clouds 05 Engage into dialogue and promote partnerships between the public and private sector

11 Thank you and Welcome!

Download ppt "ENISA and Cloud Security"

Similar presentations

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.

Session 3: Safer Services in a Digital Society Security with RFID Gérald Santucci European Commission Head of Unit DG INFSO/D4.
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.

European Cloud Partnership Rainer Zimmermann European Commission Information Society and Media Directorate General Head of Unit Software & Service Architectures.
Stimulating the demand for innovation – Futuris Conference April 1st 2009 Henriette van Eijl Coordinator, Lead Market Initiative EC, DG Enterprise, Innovation.

Stimulating the demand for innovation – Futuris Conference April 1st 2009 Henriette van Eijl Coordinator, Lead Market Initiative EC, DG Enterprise, Innovation.
Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.

Public hearing European Standardization: improving competitiveness through a new regulatory framework - European Parliament / IMCO 6 key messages on European.
Enhancing ICT development and connectivity in Africa Erik Habers Head of Cooperation EU Delegation Nairobi.

Enhancing ICT development and connectivity in Africa Erik Habers Head of Cooperation EU Delegation Nairobi.
World Bank Financial Management Sector September 2010.

World Bank Financial Management Sector September 2010.
Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.

Digital Agenda Unleashing the Potential of Cloud Computing in Europe Ken Ducatel Head of Unit Software and Services, Cloud European Commission (Directorate.
European Cloud Computing Conference Panel 1: What should be the legal framework to help create a market for Cloud services? Dalibor Baskovc Member Executive.

European Cloud Computing Conference Panel 1: What should be the legal framework to help create a market for Cloud services? Dalibor Baskovc Member Executive.
EU SME policy The “Small Business Act” for Europe and its Review

EU SME policy The “Small Business Act” for Europe and its Review
Page 1 Overview on Co-Regulation the use of private certification in government regulation BMZ Conference Forests for Future Generations – Public and Private.

Page 1 Overview on Co-Regulation the use of private certification in government regulation BMZ Conference Forests for Future Generations – Public and Private.
In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
Www.enisa.europa.eu ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.

ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
This project is partially funded by the European Union’s Seventh Framework Programme: FP7-ICT-2013-10 and Grant agreement no: 610650 REPUBLIC OF SLOVENIA.

This project is partially funded by the European Union’s Seventh Framework Programme: FP7-ICT and Grant agreement no: REPUBLIC OF SLOVENIA.
SMART GRID DEVICES SECURITY CERTIFICATION

SMART GRID DEVICES SECURITY CERTIFICATION
European Investment Bank Group

European Investment Bank Group
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Together advancing small enterprise development. Who is Seda  Established in 2004  Government Agency – Falls under Department of Trade and Industry.

Together advancing small enterprise development. Who is Seda  Established in 2004  Government Agency – Falls under Department of Trade and Industry.
MEANS TO AN END: the OECD Approach for Effective Implementation of Public Procurement Systems Getting really strategic Paulo Magina Head of the Public.

MEANS TO AN END: the OECD Approach for Effective Implementation of Public Procurement Systems Getting really strategic Paulo Magina Head of the Public.

Similar presentations

Ads by Google