Secure and resilient cloud services for a trusted cloud market - CloudWATCH2 at Cloud Security Expo, London
CloudWATCH2 played an important role at Cloud Security Expo London in March this year, highlighting the importance of greater trust and transparency in the cloud market and showcased new security- and privacy- by-design solutions emerging from EC-funded projects. Cloud Security Expo London is one of the most important and best-attended cloud events in Europe, provided an excellent forum for networking and outreach activities for the services offered by CloudWATCH2.
As cloud computing enters a new wave characterised by critical applications and multi-cloud environments we was keen to exploit all of the opportunities offered by the Expo and played an active role in managing an information stand dedicated to promoting 7 EU research projects that contribute to the EC’s cluster on Data Protection, Security and Privacy in the cloud.
“These projects are working collaboratively on challenges related to the Free Flow of Data for the European Digital Single Market and have really benefitted from this joint outreach activity”
Nicholas Ferguson, Trust-IT Services and CloudWATCH2 coordinator.
CloudWATCH2 produced and distributed a catalogue promoting the activities of these projects and other projects within the cluster http://www.cloudwatchhub.eu/cloudsecurity. Collectively, the stand gave the projects the opportunity to promote their services and products, at what is without a doubt one of the sector’s most prominent service-oriented events. This met well with both the outreach objectives of the projects and the DPSP cluster itself.
CloudWATCH2 also delivered workshops, addressing the most critical issues for uptake of cloud technology for SMEs, Public Authorities and R&D. These included how to exploit the opportunities offered by the Digital Single Market (DSM); and how to navigate successfully within the framework of the new EU General Data Protection Regulation (GDPR). A brief summary of these three workshops is provided in the following.
The Cloudwatch2-supported workshops
Essentials towards a secure cloud for the Digital Single Market and future cloud market
This workshop, led by Frank Sullivan, Strategic Blue, highlighted the importance of transparency and comparability in the DSM. The multi-stakeholder panel included: Daniele Catteddu, Cloud Security Alliance; Erkuden Rios, Tecnalia; Steve Chambers, Cloud Pro; Sue Daley, TechUK.
During the session, the significance of interoperability and portability emerged as one of the key concerns of businesses investing in the cloud. The issue of over compliance to security certifications also emerged as a criticality.
Indeed, with such a small number of IaaS providers on the market, over-reliance on one provider is most definitely an issue and can make investment in the cloud a high-risk option for businesses. For any business, spreading investment across a number of service providers is always preferable to depending solely on one.
The workshop also highlighted the current skills gap in Europe and the need for early IT training in schools to prepare people to adapt to existing technologies and those that will emerge in the future.
Data ownership was also discussed and, in particular, ownership of non-sensitive data. The value of this data, seen as the ‘new gold’ of the cloud, was discussed and further, whether or not individuals should receive royalties from companies when their data is used.
See the slides here.
GDPR Clinic - European General Data Protection Regulation: a Strategic Compliance Approach
This deep-dive training session, led by Nicola Franchetto, ICT Legal Consulting, provided the opportunity for a deep dive into the new provisions of the EU regulation 2016/679 and in particular, how companies can set up a sound and effective corporate Data Protection Compliance Programme in a practical way within this framework. The session ran for over an hour with plenty of time for participant-specific Q&As. A guide to cloud contracts http://www.cloudwatchhub.eu/legal-guide-cloud-smes was published specifically for the event and also distributed at the information stand.
See the slides here.
Market and Technology Readiness Levels (MTRL) - Why market readiness is important for successful innovation launches
Without a common framework to understand how mature a technology is, or its level of traction with its target users or constituents, funding and operational decisions take longer. The MTRL framework, on the other hand, provides a common language for project leaders and funding decision makers to articulate their progress between stages.
See the slides here.
Based on this methodology, this workshop, led by Michel Drescher, University of Oxford and Frank Sullivan, Strategic Blue, raised awareness of careful planning for both projects and companies when developing services. This is a topic that CloudWATCH 2 is covering ingreater depth at the next Unit E2 Concertation meeting with detailed engagement from CloudTeams, MUSA and WAZIUP
As a result of the workshop, the methodology developed will be extended to a further 3 projects over the coming months.
Recommendations for Cloud Computing sector
- Future directions: Standards are key for the DSM so that all stakeholders actually speak the same language. Interoperability and portability are key. Compliance is important but there is a risk that companies try to over comply. This can cause security risks. Companies recognise the UISP of certification but this means that they have too many certifications and too many external checks of systems, heightening the risk of security breaches.
- Bridging the digital skills gap: people being left behind a natural result of any change; training as key; identification of new types of jobs, importance of a long-term strategy for certainty and regulation in changing job market and to offer stability. IT needs to be incorporated more into schools so that children learn the basics and can then adapt to new technologies when they join the workforce. Don’t forget the human side of technology. The “How” of technology is important but don’t forget the “Who”.
- Regulation: regulation should be a channel for future direction and guidance, allowing companies to scale. Standards are key for regulation but do not move as fast as technology: the standardisation process is a long one. What is unclear is how regulation will be introduced but market self-regulation is preferred fostering a culture of trust.
- Data ownership: Non-sensitive data is the new gold; as people get smarter they will want to have royalty rights over their data and sell it to providers; However, it is impossible to give monetary value to data itself. It is what you do with it that counts. It’s the company who is analysing the data that is actually doing the work and should receive money for this. Also, there is no value in an individual’s data, the value is when it is put together with other people’s data that it becomes valuable.
- An unbalanced market: There are too few cloud service providers. A more balanced market is required with more providers offering more choice. Relying on one CSP is not a good idea for a company. Services should be spread to avoid risk of failure. Therefore Interoperability and portability are key. Amazon are monopolising the market not purposefully but because they offer such a good service.
Cloud Security Expo was an opportunity to support dissemination of the outputs of some of the most innovative projects of European research in the field of cloud computing. CloudWATCH2's main objective is to promote the activities of these projects, and to accomplish this a Catalogue of Software & Cloud Services has been created by collecting a list of open source software and cloud services funded by European Union.
Each service offer gives an overview of the pain points that the projects address from a user-perspective. It is now possible to consult the catalogue based on the technical priorities addressed and the vertical markets targeted.
Forty-two funded projects have already been included in the catalogue and more than 20 brand new projects will be added next weeks.
Consult our Catalogue and find your needs in just one click.