Green Paper on Cloud Security
The CIRRUS Green Paper aims to take stock of discussion and debate on three fundamental pillars in cloud security as identified by the CIRRUS project, namely standardisation, certification, and international cooperation. Starting from the analysis of four different perspectives (i.e. security, privacy and data protection and Service Level Agreements (SLAs)) this Green Paper covers technological, policy and legal aspects related to cloud security.
This CIRRUS Green Paper contains a set of 21 recommendations mainly covering three main identified topics. Overall, our analysis and recommendations identify trust, assurance and transparency as a major enablers for cloud adoption and highlights specific actions needed in the areas of security, privacy and SLAs.
The recommendations focus on the areas of policy definition and enforcement, standard and research, and supports:
• the development of educational and awareness programs, as well as best practices easily consumable for SMEs, Pubic Administration and consumers
• the creation and dissemination of tools to help customer in defining requirements, assessment the risks, monitoring the execution of SLAs and the application of their right to privacy and data protection.
• the acceleration of the activities related to the standardization of SLA, continuous monitoring protocols, forensics.
• research in the areas such as machine-to-machine consent protocol, real time monitoring and data analytics.
We would like to highlight that our recommendations have a short-medium time horizon. This is because CIRRUS believes that given the delay, compared to USA and ASIA, which the European cloud market has accumulated in the terms of maturity and adoption of cloud computing, the effort of our decision makers should be devoted to actions that can guarantee a quick acceleration of the level of cloud adoption.