European Cloud Computing Strategy · 2014. 2. 5. · Dr Ken Ducatel DG CONNECT . What is at stake?...
Transcript of European Cloud Computing Strategy · 2014. 2. 5. · Dr Ken Ducatel DG CONNECT . What is at stake?...
European Cloud Computing Strategy
Dr Ken Ducatel
DG CONNECT
What is at stake?
2/4/2014 2
Cloud as a growth engine
Business creation: • 400.000 new
SMEs Boosts productivity and efficiency: • Up to 90% of cost
savings for public administrations and private companies
Boost GDP : • €940 bn
cumulative impact for 2015-2020
• €250bn in 2020
Potential for job creation: • 3.8 million
cloud-related jobs
0%
5%
10%
15%
20%
25%
30%
1% to 4%
5% to 9%
10% to 19%
20% to 29%
30% to 49%
50% or more
We have seen (or expect
to see) a cost
increase
Too early to
tell
Don't know
Cost Savings
Almost all users see cost savings peaking at
10-20%
2/4/2014
3
But.... Need for Trust, Regulatory Certainty and Openness
2/4/2014
4
Legal
jurisdiction Security and
data protection Trust Data Acces and
Portability
Feb-14 © IDC
Barriers’ Analysis: Clustering
Indicator 1 - Assessment of cloud relevance
Average Impact Indicator*
Legal Jurisdiction 1.00 0.72
Data location 0.71 0.58
Security& data protection 0.93 0.70
Trust 0.86 0.70
Data Access and Portability 0.79 0.66
Change control 0.45 0.33 Ownership of customisation 0.36 0.61
Local support 0.54 0.42
Evaluation of Usefulness 0.27 0.84
Local language 0.09 0.45
Slow Internet Connection 0.18 0.17
Tax incentives on capital spending 0.00 0.22
5 * Average Impact Indicator: Average of Indicators 2, 3, 5, 6. Indicator 4 included in indicator 5.
Data
Jurisdiction
/location
Interoperability
and Tech
Transparency
Business
Security/
Trust
Industrial
policy
IDC 2012
Cloud computing services: public sector drivers and draggers
Drivers Draggers
Security worries
Contracts
Budgeting & costs
Scalability Technology
Standards
Audit
Legal compliance
Reversability
Data location
New demands: Mobility, BYOD, etc
Cost caps
Capital caps
Interoperability
Legacy apps, etc
Cutting through
the jungle of
technical
standards
The Cloud Select Industry Group
on Service Level Agreements
The Cloud Select Industry Group
on Certification Schemes
The Cloud Select Industry Group on
Code of Conduct
ETSI: Cloud Standards
Coordination
The European Cloud Partnership
Cloud strategy's key actions
Groups working on
implementing the strategy
Development of
model 'safe and
fair' contract terms
and conditions
A European
Cloud Partnership
to drive
innovation and
growth from the
public sector.
The Cloud Computing
Contract Group
The European
Commission's
strategy
'Unleashing the
potential of cloud
computing in
Europe'
Adopted on 27
September 2012, it is
designed to speed up
and increase the use
of cloud computing
across the economy
The Cloud Computing
Strategy
Launched on
4-5/12/2012
Launched on
21/02/2013
Launched on
10/04/2013
Launched on
21/02/2013
Launched on
19/11/2013
Launched on
19/11/2012 Steering Board
Cloud for Europe To be launched
In 11/ 2013
Progress
2/4/2014 8
• Key action 1:
• Standards mapping by ETSI
– Cloud Standards Coordination Conference Brussels 11/12/2013
• List of certification schemes
– ENISA list and meta-framework mid 2014
– Pilots 2014
• Key action 2:
• Cloud Service Level Agreements
- Draft Templates mid 2014
• Code of conduct (data protection)
– Stable draft Feb 2014,
– to Art 29 WP, endorsement during this Commission
• Cloud Contract Group
– first results mid 2014
• Key action 3
• Cloud 4 Europe project
– Official launch 14 November 2013
– Pre-notice April, tender early summer 2014
Cloud Standards Mapping
ETSI @ CSC Workshop – 10/12/12013
• Launched in December 2012
• Workshop in Cannes, co-organized by EC, 200+ participants
• Definition of work structure: 3 TGs, a coordination group (‘reference’)
TG1 for definition of Roles and TG2 for collection of Use Cases
TG3 in charge of Use Case Analysis and Production of the Report
ETSI Support: Laurent Vreck
Identified EXISTING Certification schemes
• Data security: recognized standards/schemes, but only few fit for cloud purpose
• Data protection: no recognized standards/schemes yet
• Lack of transparency about some schemes (recognition, scope, added value, etc.)
• No one-stop shop in EU
Initial Evaluation Cloud Security Alliance –
Open Certification Schema
ISO 27001
Europrise
Eurocloud Star Audit
SOC / ISAE 3402 / SSAE16
Fisma
PCI-C
Cloud Industry Forum
Code of Practice ISO 20000 / ITIL
ISACA - COBIT
LeetSecurity
Rating
TÜV Rheinland
Solutions • Listing certification schemes
– Anything can get on the list
– Characteristics that can be objectively assessed/discussed
– Who governs the scheme, who audits, what is the standard
– A process for adding/updating schemes
• Meta-framework to be developed by ENISA
– Part of ENISA’s WP for 2014
– High level security objectives
– Detailed auditable security measures
– Security measures divided in levels
– Mapping to existing schemes
– Close collaboration with CERT-SIG
– First draft due mid 2014
– Pilots ECP?
SLAs: Creating A Common Vocabulary of Understanding
Purchaser’s Dilemma SIG SLA Support
“Cloud Contracts are not comparable and use different definitions”
Template SLAs and Terms and Conditions
“I don’t know which Cloud Delivery Options are right for my specific need”
Cloud Decision Flowchart
“I don’t know if I have considered the most important aspects for this contract”
Cloud Contract Checklist
Code of Conduct on DP: Background
14 Oct 2013 CSIG Plenary
• Directive 95/46/EC art 27 encourages adoption of codes of conduct and their endorsement by art 29 Working Party
• EC Cloud Computing Strategy of 29-09-2012 “Work with industry to agree a code of conduct for cloud computing providers to support a uniform application of data protection rules which may be submitted to the Article 29 Working Party for endorsement in order to ensure legal certainty and coherence between the code of conduct and EU law.”
Data Protection Code of Conduct
14 Oct 2013 CSIG Plenary
• Code of Conduct Working Group
1st meeting 10 April 2013
Under DG Connect’s Cloud Select Industry Group
Continuous drafting until end of August
• Work progress
• WP29 Technology subgroup presentation on Sept 5th,
• Observation of WP29 TS on Sept on principles for the CoC on Sept 17th
• Cloud-Select Industry Group plenary on Oct 14th
• CoC group plenary session on Oct 21st
• Set up drafting team to produce second draft by end of year
• Stable draft for February 2014 for presentation to WP29 in March
• Aim for endorsement before end of this Commission
2/4/2014 15
• Key action 3 European Cloud Partnership
• European Cloud Partnership Steering Board
• Cloud 4 Europe project
EU approaches to Public sector cloud adoption: 3 main emerging Models
16
Country Procurement and marketplace Model
Resource Pooling
Model
Standalone applications
Model UK Yes Abandoned Yes
Italy Yes
Germany Yes (but limited) Yes (marginal)
Denmark Yes
France Yes Yes
Netherlands Yes (future) Yes
Portugal Yes Yes (project)
Spain Yes
Belgium Abandoned Yes
Austria Yes (long-term future) Yes (future)
2/4/2014 17
• Privacy and security are common barriers –addressed but stressed at different levels
• Other:
• Regulatory issues (e.g. requirements for sharing data between administration in Italy - rigidity in EU procurement law (G-cloud))
• Technical issues (e.g. lack of maturity of technologies)
• Financial issues (e.g. assessing real costs of cloud deployment)
• Adapting SLAs to cloud and public sector
• Changes in process and ways of working are, if not a barrier, a main challenge in implementing cloud initiative in the public sector:
Cloud requires adjustment in ICT management processes, automation of tasks and changes in skills requirements for staff, pulling resources together between administrations used to manage their own bespoke ICT solutions, etc.
Public sector & policy barriers
ECP Steering Board Membership • Toomas Hendrik Ilves, Chair of Steering Board, President
of Estonia
• Léo Apotheker, former CEO of SAP AG and HP
• Thierry Breton, Chairman and CEO of ATOS
• Bernard Charlès, President and CEO of Dassault Systèmes
• Kate Craig-Wood, Managing Director of Memset
• Christian Fredrikson, President and CEO of F-Secure
Corporation
• Michael Gorriz, CIO of Daimler AG and President of
EuroCIO
• Jim Hagemann-Snabe, Co-CEO of SAP AG
• Vivek Dev, CEO Digital Services, Telefonica Digital
• Pierre Nanterme, CEO of Accenture
• Karl-Heinz Streibich, CEO, Chairman of the Management
Board and Group Executive Board of Software AG
• Hans Vestberg, President and CEO of Ericsson
18
• Werner Vogels, Vice President and Chief Technology Officer of
Amazon.com
• Katarina de Brisis, Norwegian Ministry of Government
Administration and Reform, Deputy Director General of the
Department of ICT policy and public sector reform
• Aitor Cubo Contreras, Deputy Director General of Programs,
Studies and Promotion of Electronic Administration, Spanish
Ministry of Finance and Public Administrations
• Jacques Marzin, ICT Corporate Director for France, Direction
interministérielle des systèmes d'information et de
communication de l’État
• Michael Hange, President of the German Federal Office for
Information Security
• Maarten Hillenaar, Government CIO and Director of the
central government ICT-policy department, Dutch Ministry of
the Interior and Kingdom Relations
• Reinhard Posch, CIO and Chair of the Austrian e-Government
DIGITAL:AUSTRIA, Austrian Federal Government
• Andrzej Ręgowski, Vice-Minister, Polish Ministry of Administration and Digital Affairs
2/4/2014 19
Cloud-for-Europe main characteristics
PREPARE PUBLIC SECTOR FOR PROCURING SECURE, RELIABLE, COST-EFFECTIVE CC SERVICES, AND
AVOIDING LOCK-IN.
• Funded thru RTD programme.
• Umbrella initiative: adding to and building on national initiatives – best of breed.
• Inclusive: vehicle for getting a wide range of interested countries on-board through consultation, dissemination, awareness raising and training.
• Cooperation public sector-industry through pre-commercial procurement.