“Trustworthiness assurance is the key to cloud services success.”
Trustworthiness assurance is key to future use of cloud services for data and applications with specific security requirements. Similar to a personal relationship, trust in cloud services may be lost in an instant.
Specific guidelines for cloud providers are a starting point like the NIST Special Publication 800-144 Guidelines on Security and Privacy in Public Cloud Computing or the BSI White Paper: Security Recommendations for Cloud Computing Providers. They ask for a minimum of information security requirements for cloud services. Currently working groups are drafting more comprehensive international standards for secure cloud services which will replace national papers soon.
Organisations like the Cloud Security Alliance will certify cloud service providers according to the then international standards assuring higher security levels than the current CSA Security, Trust & Assurance Registry (STAR).
Several European states may need additional certifications for specific data and applications which include the control of the cloud services at any time as their data may never leave the specific state or Europe. This would include standardisation of monitoring interfaces for both, service providers and cus-tomers.
Customers must be able to monitor measurable parameters as agreed in the SLA. – in a dynamic cloud environment this would mean at any instant. Due to the specific European data protection laws additional requirements would need to be reflected in future standards. This includes: Specifying the exact location where personal data is processed by the cloud provider, in-cluding the technical and organisational processing environment – anytime.
From the speach by Henning Arendt at First CIRRUS workshop.
Henning Arendt is owner of @bc®, an independent Business Consultancy for Financial Services and Bi-ometrics Advisory, since 1998. He was the previous chair of the European Finance Forum and supported several EU projects e.g. as member of the CoMiFin (Communication middleware for Monitoring Financial critical Infrastructures) financial advisory board and partner of Parsifal (Protection and Trust in Finan-cial Infrastructures). He participated in the CEPS (Center for European Policy Studies) task force Protect-ing Critical Infrastructure in the EU. He is expert for biometrics for the European Commission and speak-er/moderator at international conferences. Previously he worked 25 years with IBM, 5 years based in the U.S.A.. He received his university degree Dipl.-Ing. from the Technische Universität Hannover.
Learn more about cloud-based platform that could be the key to the international success of your business! Click here.