EuroCloud Slovenia Dalibor Baskovc Direktor Zavoda e_Oblak (alias EuroCloud Slovenia), podpredsednik EuroCloud Europe dalibor.baskovc@eurocloud.si dalibor.baskovc@eurocloud.org Nova Gorica, INFOSEK “Zakaj Slovenija potrebuje Certificirane Revizorje za oblačne (cloud )rešitve in kakšne so koristi za podjetja” 18.novembra, 2015

Eurocloud Slovenia, ustanovljen 2010, Dimičeva 13, Ljubljana, GZS Slovenia

EuroCloud Slovenia-kompetenčni center za računalništvo v oblaku

Dana�šnji poudarki

• Kako lahko izberemo pravo oblačno storitev, 

• Kako zagotovimo skladnost s politiko podjetja in lokalno zakonodajo

• Kako lahko zagotovimo transparenten in skladen nivo pričakovanj - tako na strani ponudnika kot na strani uporabnika storitev računalni�štva v oblaku

Zdaj pa zares: Kako dosežemo te cilje

• Na vsako od the področij je možno odgovoriti s pomočjo certificiranih strokovnjakov po ECSA shemi

• Izobraževanje vsebuje:

– Vzpostavitev projekta certificiranja

– Ocena oblačne storitve in primerjava storitev z ostalimi ponudniki na osnovi mednarodnega kataloga storitev

– Izvedba analize vrzeli proti željeni stonji certificiranja in lokalni zakonodaji

– Izvedba pred-analize z namenom ugotovitve stopnje zrelosti storitve pri ponudniku

Kratka zgodovina ECSA 2015 izobraževanje v Sloveniji: http://eurocloud.si/2015/04/07/ecsa-izobrazevanje-v-sloveniji/

ECSA proces za ponudnike

ECSA proces za ponudnike

ECSA proces za ponudnike

ECSA proces za ponudnike

ECSA proces za uporabnike

        12  

EuroCloud  Star  Audit  Based on European Quality Values for a Worldwide Usage

EuroCloud  Europe  Who  we  are   13  

What is EuroCloud

Who  we  are   Our  Mission   Our  Service  § independent    § non-­‐profit  § network  of  na0onal  organiza0ons    

§ facilitates  growth  of  cloud  based  services  and  innova0ons  

§ Trust  in  Cloud  § Research  and  Innova0on  

§ Start  Up  Encouragement  

§ Standards  and  Interoperability  

§ Legal  Framework  Harmoniza0on  

§ Networking    § Knowledge  Exchange  

§ Foster  EU  Strategy  § Guidelines  § Cer0fica0on    § Award  § Congress  § Research  Projects  

EuroCloud  Europe  Who  we  are   14  

EC  Countries  -­‐  A  

• Austria  • France  • Germany  • Hungary  • Italia  • Luxembourg  • Netherlands  • Poland  • Portugal  • Romania  • Slovakia  • Slovenia  • Spain  • Sweden  • Switzerland  • United  Kingdom  

EC  Countries  -­‐  B  

• Belgium  • Denmark  • Greece    • Ireland  • Malta  • Monaco  • Russia  • Serbia  

In  Founda0on  

• Bulgaria  • Cyprus  • Lithuania  • Turkey  • Ukraine  

EuroCloud  Europe  Coordinators,  EC  Countries,  In  Founda@on   15  

EuroCloud  Europe  Mission   16  

EuroCloud Europe (ECE) aims to facilitate acceptance for Cloud Services on the international market, as well as to support the consumer oriented provision of those services as their needs demand. Therefore, ECE maintains a constant dialogue with the partners of the EuroCloud network and various governmental organisations.

ECE Mission

EuroCloud  Europe  Why  is  a  Cloud  Cer@fica@on  needed   17  

Why Certification

From  Outsourcing    .  .  .  .  .  .  .  .  .  .  .  .  .  .    to  Cloud  Sourcing  

What  is    different?      Cloud  Services  has    to  be  seen  as  a  supply  chain  with  mul0ple  suppliers  

What  are  the    main  challenges?    The  Cloud  IT  delivery  model  requires  a  different  view  on    risk  management  

How  to  address    them?    Change  the  assessment  according  to  the  nature  Cloud    Service  Delivery  

What  are  the  requirements  to  dis@nguish?  -­‐  consumer  CLOUD  -­‐  business  CLOUD  -­‐  high  security        CLOUD  

ECSA  Introduc@on  IT  Sourcing  changes   18  

Traditional: complex B2B Contracts with QoS, KPI, Compensation, Monitoring and Auditing Cloud: standard contracts for standard services

Traditional: Individual, specific long-term calculated over several years Cloud: Standard, industrialized, shared services, large volumes, large investments, short contracts

The same cloud service can provide: •  different use case •  different requirements

for the SLA

Complexity of law: •  Licenses •  Identity management •  Obtaining SLA's

Traditional: A fully responsible provider with known subcontractors Cloud: Provider chain, cross-border, network, bandwidth as an additional risk

ECSA  introduc@on  Important  aspects  on  the  way  from  Outsourcing  to  Cloud  Sourcing  19  

ECSA  Ecosystem  What  needs  to  be  addressed   20  

§  Cloud  Specific  Assessment  §  Security  Assessment  §  Legal  Compliance  Assessment      §  Data  Privacy  Assessment  §  Common  Scope  -­‐  no  nego0a0ons  §  Complete  Cloud  Supply  Chain  covered  §  publicly  available  Controls    

EuroCloud  Europe  What  is  the  Business  Case   21  

Business Cases For

Certification

EuroCloud  Europe  What  is  the  Business  Case   22  

Compare  and  Differen@ate   transparent  Compare  

Build  up  trust  trustworthy    atmosphere     Nego@ate  

Procurement  Process   cost  efficient  BUY  

Sales  Process  faster  with    

less  lead  effort   SELL  

EuroCloud  Europe  What  is  ECSA   23  

What is

ECSA

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   24  

The  EuroCloud  Star  Audit  (ECSA)  is  a  sophis0cated  cer0fica0on  scheme,  especially  designed  to  asses  cloud  service  with  degree  of  maturity  ra0ng.   1

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   25  

Established in spring 2011 EuroCloud evaluates a cloud service against the requirements of the ECSA audit scheme and covers all participants of the specific supply chain of a cloud service.

2

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   26  

The ECSA audit has a non-negotiable mandatory bandwidth of all important areas of a cloud service: 3

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   27  

§  provider's profile §  contract and compliance

including data privacy protection against local law

§  Security §  Operations §  Environment and technical

infrastructure §  Processes §  Relevant parts of the application and

implementation §  Interoperability and data portability

4

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   28  

ECSA has a modular structure and offers three maturity level (indicted by awarded stars). It is not only suitable for large enterprises, but can also be achieved by a SME-type of cloud provider. 5

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   29  

If a cloud services matches the ECSA audit criteria the ECSA certificate is granted. 6

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   30  

As far as there are no changes made within the cloud service profile and assessment areas, the certificate is valid for two years. 7

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   31  

The ECSA certificate is a meaningful selection tool for customers who want to use trustworthy cloud services and it reduces the necessity to perform costly individual audits. 8

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   32  

The EuroCloud Star Audit is a joined activity performed by the ECSA partners within an eco-system of various roles. 9

ECSA  Ecosystem  What  is  the  EuroCloud  Staraudit  (ECSA)   33  

With the ECSA EuroCloud Europe delivers a valuable instrument with a high level of transparency and guidance for customers and providers alike.

10

EuroCloud  Europe  What  is  ECSA   34  

ECSA

Scope

CSP  Profile  Contract  and  

Compliance  

Security  and  Data  Privacy  

Opera@on  DC  Infra-­‐structure  

Opera@onal  Process   Applica@on  

•  Transparency about the full Cloud Service Supply Chain

•  Data Center Location •  Subcontractors •  Existing certifications

•  Security Management •  Security Technology •  Data Privacy •  Data Protection

•  Service Management •  Support services

•  Fair andsSave contract terms

•  Respect to local law and regulations

•  Special Data Privacy requirements according to local law

•  Technical Data Center infrastructure

•  Reslience •  Perimeter Security •  Emergency Plans

•  Open interfaces •  Data Migration •  Standards •  Vendor LockIn •  Portability

ECSA  Introduc@on  ECSA  Scope   35  

EuroCloud  Europe  ECSA  Tools  that  can  be  used   36  

ECSA Tools

EuroCloud  Europe  ECSA  Tools  that  can  be  used   37  

The  ECSA  Assessment  is  an  online  service  offered  by  EuroCloud  that  is  used  by  CSPs,   CSCs   and   ECSA   auditors,   trainers   and   consultants   to   perform   several  ECSA   related   tasks   such   as   Self-­‐Assessment,   Compliance-­‐Check,   Vendor-­‐Comparison,  Checklist-­‐development  as  well  as  Audi0ng  related  work.    

EuroCloud  Europe  ECSA  Tools  that  can  be  used   38  

ECSA Partner Model

&

Eco-System

ECSA  Ecosystem  Type  of  Partnership  within  ECSA  

INDIVIDUAL ORGANISATION

Type of Partnership

39  

40

Več informacij o partnerstvih:

• https://eurocloud-staraudit.eu/news/news-detail/news/cloud28-and-ecsa-a-strong-partnership.html

• Cloud 28_ EU initiative

• 2014 letter of interest HP-EUROCLOUD

• 2014 01 31 HP Cloud28_- Country v2_1

• http://www.cloud28plus.eu/content/Cloud28–and-ECSA–a-strong-partnership?extId=&caid=

• http://www.computerweekly.com/news/4500254544/HP-Cloud-28-enters-beta-and-introduces-self-certification-scheme-for-providers

Vabljeni  na  izbobraževanje  na  Palsit  v    februarju/marcu  2016:  Vaš  interes  posredujte  na:  info@eurocloud.si  info@palsit.si  Contacts:  dalibor.baskovc@eurocloud.si  dalibor.baskovc@eurocloud.org  daliborb@zeleno.co