Standardisation in cloud business and maximum possible security provisions
Europe must be seen as a single area. Every place of residence has equal status – that is true for companies as well as for national states. The Digital Single Market will not achieve this ideal until the final stumbling blocks have been removed. Geo-blocking, for example, must become a thing of the past and the mobility of trade and data within the EU must be literally borderless. Time is pressing: there must be some concrete proposals on the table by the end of this legislative period.
The goal is a unified, Europe-wide regulatory framework for cloud computing, with maximum possible security provisions. This work on cloud security is urgently needed: by 2020 it is anticipated that there will be six billion devices connected to the internet within the EU alone – an enormous target for cybercrime!
The EU Cloud Code of Conduct (CoC) was established as a countermeasure in the field of personal data. It is a voluntary code of practice for the sector that aims to guarantee the maximum possible level of compliance for cloud providers in line with the General Data Protection Regulation (GDPR). This can help to make it easier, particularly for small and medium-sized businesses, to decide which product is ideal for their needs.
To ensure an uninterrupted flow of data with maximum possible cyber-security, the Free Flow of Data Initiative set up by Commissioner Andrus Ansip is currently developing some fundamental principles for the EU Cybersecurity Act. Following an “open call”, these issues are now being addressed by working groups consisting of representatives of the cloud sector, including the Working Group on Cloud Security Certification (CSPCert), and SWIPO.
SWIPO (Self-regulatory Codes of Conduct for Switching Cloud Service Providers) aims to ensure frictionless data transfer between cloud providers. Customers should not need to worry when they change cloud providers that their data may be taken hostage by the previous provider. After all, 72% of European businesses would like to change their cloud services provider, with almost half reporting problems – including many small and medium sized businesses.
Cloud certifications highly relevant for EU citizens
Well-respected certifications should ensure that cloud use in Europe becomes a matter of course. Inspection certificates of this kind verify the quality of security standards and the cyber-security of a cloud service. Incidentally, in Europe the greatest potential for future demand for cloud services lies in the public sector. This makes it vital for us European citizens that not only companies but also public bodies work only with certified cloud providers who have the highest possible security standards – and certification also ensures equal opportunity amongst the providers. But that alone is not enough – I also maintain that the public bodies themselves must make their services certified, to ensure that communications between them and us as citizens enjoy a high level of trust.
Recommendations from the various cloud working groups must be considered and implemented within the current European legislative period, insists Andrus Ansip. The working group CSPCert must deliver its findings by March 2019, for instance.
On December 6 the two working groups, CSPCert and SWIPO, will hold a cloud stakeholder group meeting in Vienna on the Digital Single Market (DSM), to which the public is also invited. The ambitious pace and pleasing results of recent months are encouraging: thanks to the major European reforms in data protection (EU GDPR, NIS) and the current Free Flow of Data Initiative, Europe may well become the model for the global market. Or to put it another way: this unique selling point offers us the chance to become a major player in the digital revolution!
Helmut Fallmann is a member of the Managing Board at Fabasoft AG. Amongst other things he is Co-Chair of the Working Group on a Candidate Cloud Security Certification Scheme, and a member of the Steering Group for the EU Cloud Code of Conduct.