Security and privacy certifications and attestations have been identified as one of most effective and efficient means to increase the level of trust in cloud service and stimulate their adoption.

Based on this assumption, a number of efforts have been started in Europe at policy level, mainly led by the European Commission (EC) and their Special Industry Group on Certification, the European Union Agency for Network and Information Security (ENISA) and the European Telecommunications Standards Institute (ETSI), where CloudWATCH plays a role.

There is now a growing interest in European solutions for cloud standards and software industry development beyond the European Union. Building on this work CloudWATCH aims to provide guidance to cloud service customers, cloud service providers and policy makers in their evaluation of suitable security and privacy certification schemes for cloud services. A core activity within CloudWATCH is looking into the topics of standards and certification in order to understand if and how certification can increase the level of trust in the cloud computing business model. Specifically, CloudWATCH is leading activities on certification and testing standard compliance with the aim of providing sound recommendations based on real-life cases and clear explanations on protection from risks.

Certification recommendations report

As well as our own Certification recommendations report, in this section you can find guidance for cloud service customers, especially public administrations and small and medium companies, cloud service providers and policy makers in their evaluation of possible options for “certifying” the level of security and privacy of cloud services. We also have information on the main security and privacy certification schemes currently available.


CloudWATCH2: Takeaways from Cloud for Europe Certification Workshop

Monday, 14 September, 2015 - 16:15
A key takeaway of the workshop is the complexity of risk assessment for cloud services. There is a general lack of standards in cloud-specific risk assessment. An Existing ISO standard relates mainly to ICT security so there is a gap there. ENISA have identified 150 cloud risks and the Cloud Security Alliance 133 cloud controls. However, clearly checking and mapping these is a massive job for companies and is usually just too large especially for SMEs.

TÜV Rheinland Certified Cloud Service

Certified Cloud Service is TÜV Rheinland's certification for cloud services of any kind and any operation model. Trustworthiness, transparency and quality are the key criteria in a company's search for a cloud service - whether it wants to use infrastructure as a service, platform as a service or software as a service, one of the greatest issues for potential customers is the security of their corporate data.