Security and privacy certifications and attestations have been identified as one of most effective and efficient means to increase the level of trust in cloud service and stimulate their adoption.
Based on this assumption, a number of efforts have been started in Europe at policy level, mainly led by the European Commission (EC) and their Special Industry Group on Certification, the European Union Agency for Network and Information Security (ENISA) and the European Telecommunications Standards Institute (ETSI), where CloudWATCH plays a role.
There is now a growing interest in European solutions for cloud standards and software industry development beyond the European Union. Building on this work CloudWATCH aims to provide guidance to cloud service customers, cloud service providers and policy makers in their evaluation of suitable security and privacy certification schemes for cloud services. A core activity within CloudWATCH is looking into the topics of standards and certification in order to understand if and how certification can increase the level of trust in the cloud computing business model. Specifically, CloudWATCH is leading activities on certification and testing standard compliance with the aim of providing sound recommendations based on real-life cases and clear explanations on protection from risks.
Certification recommendations report
As well as our own Certification recommendations report, in this section you can find guidance for cloud service customers, especially public administrations and small and medium companies, cloud service providers and policy makers in their evaluation of possible options for “certifying” the level of security and privacy of cloud services. We also have information on the main security and privacy certification schemes currently available.
Certified Cloud Service is TÜV Rheinland's certification for cloud services of any kind and any operation model. Trustworthiness, transparency and quality are the key criteria in a company's search for a cloud service - whether it wants to use infrastructure as a service, platform as a service or software as a service, one of the greatest issues for potential customers is the security of their corporate data.