The ‘EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union’ was aimed at bringing together practitioners, academics and policy makers to discuss the level of cloud computing security in the context of current and future policy activities. The conference covered topics like legal and compliance issues, technical advancements, privacy and personal data protection, critical information infrastructures and cloud certification.The conference addressed the role of cloud computing for the development of the digital economy in Europe and discussed users' concerns on cloud security as a main barrier to the adoption of cloud services in Europe.
The conference proceedings led to a series of key findings:
- There is a need to raise awareness and educate users and SMEs on cloud security, to encourage safe and responsible use of cloud services. “Informed customers” should be able to ask the right questions to providers and understand where their responsibilities lay, and SMEs understand that they are co-responsible for the security of the cloud services provided. A risk assessment culture should be nourished applicable to all. Transparency of cloud services must be improved by the implementation of continuous monitoring mechanisms, increasing accountability through evidence-based assurance solutions, and certification, keeping in mind that one size does not fit all. Rapid, context-based information sharing of incidents within the industry sectors, will also enable collaborative information security able to respond quickly to the changing cybersecurity landscape.
- There is a need for flexible policy approaches towards cloud security to allow further technological advancements. Within this framework co-regulatory and self-regulatory initiatives should be supported, and create technology-neutral legal guidelines and obligations based on principles, to allow for flexible solutions. Europe-wide solutions should be encouraged
- Data protection is an important element to be considered. Implementation of existing rules and techniques should be encouraged and this information should be shared.
- Governmental clouds bring benefits to cloud security. There is space to strengthen cooperation and define clear procurement guidelines built on cooperation between industry and public sector. Furthermore, customised solutions based on the needs of each country and sharing of best practices can be encouraged.
- Cloud benefits from an open market. Meanwhile discussions are required on security in relation to data location requirements, foreign jurisdiction and access to European data.
- As cloud usage for critical sectors is increasing there is a need for elaborated security measures and specific risk assessment techniques addressing each critical sector’s needs.
Read the full feature covering the Conference key findings here https://www.enisa.europa.eu/media/news-items/key-conclusions-on-the-clou...
For the "EU28 Cloud Security Conference: Reaching the Cloud Era in the European Union" agenda and presentations visit https://www.enisa.europa.eu/events/enisa-events/cloud-security-conferenc...
Source & image credits: www.enisa.europa.eu
Comments
Add new comment