Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
EuroCloud Slovenia Dalibor Baskovc Direktor Zavoda e_Oblak (alias EuroCloud Slovenia), podpredsednik EuroCloud Europe [email protected] [email protected] Nova Gorica, INFOSEK “Zakaj Slovenija potrebuje Certificirane Revizorje za oblačne (cloud )rešitve in kakšne so koristi za podjetja” 18.novembra, 2015
Eurocloud Slovenia, ustanovljen 2010, Dimičeva 13, Ljubljana, GZS Slovenia
EuroCloud Slovenia-kompetenčni center za računalništvo v oblaku
Dana�šnji poudarki
• Kako lahko izberemo pravo oblačno storitev,
• Kako zagotovimo skladnost s politiko podjetja in lokalno zakonodajo
• Kako lahko zagotovimo transparenten in skladen nivo pričakovanj - tako na strani ponudnika kot na strani uporabnika storitev računalni�štva v oblaku
Zdaj pa zares: Kako dosežemo te cilje
• Na vsako od the področij je možno odgovoriti s pomočjo certificiranih strokovnjakov po ECSA shemi
• Izobraževanje vsebuje:
– Vzpostavitev projekta certificiranja
– Ocena oblačne storitve in primerjava storitev z ostalimi ponudniki na osnovi mednarodnega kataloga storitev
– Izvedba analize vrzeli proti željeni stonji certificiranja in lokalni zakonodaji
– Izvedba pred-analize z namenom ugotovitve stopnje zrelosti storitve pri ponudniku
Kratka zgodovina ECSA 2015 izobraževanje v Sloveniji: http://eurocloud.si/2015/04/07/ecsa-izobrazevanje-v-sloveniji/
ECSA proces za ponudnike
ECSA proces za ponudnike
ECSA proces za ponudnike
ECSA proces za ponudnike
ECSA proces za uporabnike
12
EuroCloud Star Audit Based on European Quality Values for a Worldwide Usage
EuroCloud Europe Who we are 13
What is EuroCloud
Who we are Our Mission Our Service § independent § non-‐profit § network of na0onal organiza0ons
§ facilitates growth of cloud based services and innova0ons
§ Trust in Cloud § Research and Innova0on
§ Start Up Encouragement
§ Standards and Interoperability
§ Legal Framework Harmoniza0on
§ Networking § Knowledge Exchange
§ Foster EU Strategy § Guidelines § Cer0fica0on § Award § Congress § Research Projects
EuroCloud Europe Who we are 14
EC Countries -‐ A
• Austria • France • Germany • Hungary • Italia • Luxembourg • Netherlands • Poland • Portugal • Romania • Slovakia • Slovenia • Spain • Sweden • Switzerland • United Kingdom
EC Countries -‐ B
• Belgium • Denmark • Greece • Ireland • Malta • Monaco • Russia • Serbia
In Founda0on
• Bulgaria • Cyprus • Lithuania • Turkey • Ukraine
EuroCloud Europe Coordinators, EC Countries, In Founda@on 15
EuroCloud Europe Mission 16
EuroCloud Europe (ECE) aims to facilitate acceptance for Cloud Services on the international market, as well as to support the consumer oriented provision of those services as their needs demand. Therefore, ECE maintains a constant dialogue with the partners of the EuroCloud network and various governmental organisations.
ECE Mission
EuroCloud Europe Why is a Cloud Cer@fica@on needed 17
Why Certification
From Outsourcing . . . . . . . . . . . . . . to Cloud Sourcing
What is different? Cloud Services has to be seen as a supply chain with mul0ple suppliers
What are the main challenges? The Cloud IT delivery model requires a different view on risk management
How to address them? Change the assessment according to the nature Cloud Service Delivery
What are the requirements to dis@nguish? -‐ consumer CLOUD -‐ business CLOUD -‐ high security CLOUD
ECSA Introduc@on IT Sourcing changes 18
Traditional: complex B2B Contracts with QoS, KPI, Compensation, Monitoring and Auditing Cloud: standard contracts for standard services
Traditional: Individual, specific long-term calculated over several years Cloud: Standard, industrialized, shared services, large volumes, large investments, short contracts
The same cloud service can provide: • different use case • different requirements
for the SLA
Complexity of law: • Licenses • Identity management • Obtaining SLA's
Traditional: A fully responsible provider with known subcontractors Cloud: Provider chain, cross-border, network, bandwidth as an additional risk
ECSA introduc@on Important aspects on the way from Outsourcing to Cloud Sourcing 19
ECSA Ecosystem What needs to be addressed 20
§ Cloud Specific Assessment § Security Assessment § Legal Compliance Assessment § Data Privacy Assessment § Common Scope -‐ no nego0a0ons § Complete Cloud Supply Chain covered § publicly available Controls
EuroCloud Europe What is the Business Case 21
Business Cases For
Certification
EuroCloud Europe What is the Business Case 22
Compare and Differen@ate transparent Compare
Build up trust trustworthy atmosphere Nego@ate
Procurement Process cost efficient BUY
Sales Process faster with
less lead effort SELL
EuroCloud Europe What is ECSA 23
What is
ECSA
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 24
The EuroCloud Star Audit (ECSA) is a sophis0cated cer0fica0on scheme, especially designed to asses cloud service with degree of maturity ra0ng. 1
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 25
Established in spring 2011 EuroCloud evaluates a cloud service against the requirements of the ECSA audit scheme and covers all participants of the specific supply chain of a cloud service.
2
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 26
The ECSA audit has a non-negotiable mandatory bandwidth of all important areas of a cloud service: 3
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 27
§ provider's profile § contract and compliance
including data privacy protection against local law
§ Security § Operations § Environment and technical
infrastructure § Processes § Relevant parts of the application and
implementation § Interoperability and data portability
4
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 28
ECSA has a modular structure and offers three maturity level (indicted by awarded stars). It is not only suitable for large enterprises, but can also be achieved by a SME-type of cloud provider. 5
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 29
If a cloud services matches the ECSA audit criteria the ECSA certificate is granted. 6
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 30
As far as there are no changes made within the cloud service profile and assessment areas, the certificate is valid for two years. 7
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 31
The ECSA certificate is a meaningful selection tool for customers who want to use trustworthy cloud services and it reduces the necessity to perform costly individual audits. 8
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 32
The EuroCloud Star Audit is a joined activity performed by the ECSA partners within an eco-system of various roles. 9
ECSA Ecosystem What is the EuroCloud Staraudit (ECSA) 33
With the ECSA EuroCloud Europe delivers a valuable instrument with a high level of transparency and guidance for customers and providers alike.
10
EuroCloud Europe What is ECSA 34
ECSA
Scope
CSP Profile Contract and
Compliance
Security and Data Privacy
Opera@on DC Infra-‐structure
Opera@onal Process Applica@on
• Transparency about the full Cloud Service Supply Chain
• Data Center Location • Subcontractors • Existing certifications
• Security Management • Security Technology • Data Privacy • Data Protection
• Service Management • Support services
• Fair andsSave contract terms
• Respect to local law and regulations
• Special Data Privacy requirements according to local law
• Technical Data Center infrastructure
• Reslience • Perimeter Security • Emergency Plans
• Open interfaces • Data Migration • Standards • Vendor LockIn • Portability
ECSA Introduc@on ECSA Scope 35
EuroCloud Europe ECSA Tools that can be used 36
ECSA Tools
EuroCloud Europe ECSA Tools that can be used 37
The ECSA Assessment is an online service offered by EuroCloud that is used by CSPs, CSCs and ECSA auditors, trainers and consultants to perform several ECSA related tasks such as Self-‐Assessment, Compliance-‐Check, Vendor-‐Comparison, Checklist-‐development as well as Audi0ng related work.
EuroCloud Europe ECSA Tools that can be used 38
ECSA Partner Model
&
Eco-System
ECSA Ecosystem Type of Partnership within ECSA
INDIVIDUAL ORGANISATION
Type of Partnership
39
40
Več informacij o partnerstvih:
• https://eurocloud-staraudit.eu/news/news-detail/news/cloud28-and-ecsa-a-strong-partnership.html
• Cloud 28_ EU initiative
• 2014 letter of interest HP-EUROCLOUD
• 2014 01 31 HP Cloud28_- Country v2_1
• http://www.cloud28plus.eu/content/Cloud28–and-ECSA–a-strong-partnership?extId=&caid=
• http://www.computerweekly.com/news/4500254544/HP-Cloud-28-enters-beta-and-introduces-self-certification-scheme-for-providers
Vabljeni na izbobraževanje na Palsit v februarju/marcu 2016: Vaš interes posredujte na: [email protected] [email protected] Contacts: [email protected] [email protected] [email protected]