SlideShare a Scribd company logo

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA

The Research Council of Norway, IKTPLUSS
The Research Council of Norway, IKTPLUSS

VERDIKT conference 2013

TechnologyBusiness
1 of 43
Download to read offline
CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring November 2013, Research Council of Norway Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director Copyright © 2013 CloudSecurity Alliance www.cloudsecurityalliance.org
About the Cloud Security Alliance Global, not-for-profit organisation Over 48,000 individual members, more than 180 corporate members, and 65 chapters Building best practices and a trusted cloud ecosystem Agile philosophy, rapid development of applied research GRC: Balance compliance with risk management Reference models: build using existing standards Identity: a key foundation of a functioning cloud economy Champion interoperability Enable innovation Advocacy of prudent public policy “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Security Benefits Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Economy of Scale Security Benefits Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
RISKS Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
OPENNESS & TRANSPARENCY Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
NEW GOVERNANCE MODELS Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
ACCOUNTABILITY Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Cloud Accountability Project The project focuses on accountability as the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. It aims to assist cloud service providers with: • Techniques to make services more trustworthy • Ways to satisfy business policies and demonstrate compliance • Allowing differentiation This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud Members Industry Community Research This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Drivers for accountability Globalisation and new technologies • Cloud computing presents a paradigm shift in how IT is deployed and consumed Uncertainty and lack of visibility (for consumers, clients and regulators) • Privacy and trust comes from sound stewardship of information by service providers for which we need to hold them accountable Regulatory complexity in global business environments, especially for cloud • Accountability addresses global interoperability • Clear and consistent framework of data protection rules • Allows avoidance of complex matrix of national laws and reduces unnecessary layers of complexity for cloud providers • New technologies like cloud are straining traditional privacy frameworks This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context Principles, Regulations and Societal Norms Trying to get organisations to do the right thing What is the right thing? supports Accountability How to do the right thing Design complements Holding them to account if they don’t Facilitating redress This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Context Principles, Regulations and Societal Norms Trying to get organisations to do the right thing What is the right thing? supports How to do the right thing Control over practical aspects of compliance Obligation to prove that principles put into effect Accountability Design complements Holding them to account if they don’t Facilitating redress This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Cloud ecosystem This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Model of Accountability This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Conceptual model of accountability abstract Accountability conceptual organisational operational Attributes What? Practices How? Mechanisms With what? concrete This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Defining accountability Accountability consists of defining Accountability governance to comply in a responsible manner with internal Attributes and external criteria, ensuring implementation Practices of appropriate actions, explaining and justifying those actions and remedying any Mechanisms failure to act properly. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability attributes • Observabililty Accountability Attributes • Verifiability • Attributability • Transparency Practices Mechanisms • Responsibility • Liability • Remediation This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability practices Accountability Attributes Practices • Define governance • Ensure implementation • Explain & justify actions Mechanisms • Remedy failures This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability mechanisms Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Mechanisms Auditing, Risk assessment, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Mechanisms Contracts, Legal means, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
Accountability Mechanisms Tracking and transparency tools Notification of policy violation, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud project What is needed Trustworthy architecture • User-centric accountability tools • Accountability policy language • Enforcement mechanisms for accountability Transparent security • Reference architecture for accountability • Interoperable mechanisms and tools Privacy assurance Trust assurance Policies • Risk and trust models for accountability • Policy compliance mechanisms and tools Security and trust economics Governance • Accountability metrics • Accountability evidence mechanisms and tools • Auditing mechanisms and tools • Accountability framework This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
A4Cloud & CSA A4Cloud results are relevant to a number of number of CSA research, educational activities, as well as in the context of the Open Certification Framework This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service clients can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
An idea for a consumer/provider protocol Confidentiality level Uptime … consumer provider CTP = Reports + Commitments Copyright © 2011 Cloud Security Alliance 2013 + Alerts www.cloudsecurityalliance.org
Transparency and trust Goal: Transparency and trust OCF level 3: Cloud monitoring based certification OCF level 2: Third-party cloud certification OCF level 1: Cloud self-certification Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
What we have today… 1. API & Data Model What is… A report, a commitment, an alert? A security attribute? A resource, a service? 3. 2. Security attribute catalogue “Availability”, “timely incident reporting”, “confidentiality level”… A prototype REST + XML Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
The API is the easy part... Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
Challenge 1: Standardizing cloud security attributes = 0.06 kWh = 0.06 kWh 0.06 kWh Electricity consumption Cloud availability = 99.95% = 99.95% Copyright © 2013 Cloud Security Alliance 99.95% www.cloudsecurityalliance.org www.cloudsecurityalliance.org
Challenge 2: Finding good security attributes 1 Vulnerability found ? < 5 Vulnerabilities found 100 vulnerabilities published in 2013 (NVD) 9 relevant to our platform 8 tested 1 found exploitable (severity=6.0) Time between discovery and fix = 5 days. Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
Challenge 3: Fitting CTP in OCF level 3 The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers. Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
Challenge 4: Integrating CTP in A4Cloud Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Lessons already learned Good attributes need to be: Well defined - consistently measured Cheap to evaluate – automated Correlated to consumer utility Some interesting but tricky areas: Vulnerability management, data location, staff data access, incident response…. Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Now it’s your turn! Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
The CTP working group CSA launches the CTP working group: Objective 1: Define CTP Vision, goals, design principles. Objective 2: Define CTP data model. Objective 3: Specify the CTP API. Objective 4: Specify CTP core security attributes. Objective 5: Implement a CTP pilot. Objective 6: Support OCF monitoring based certification Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Help Us Secure Cloud Computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org dcatteddu@cloudsecurityalliance.org www.linkedin.com/groups?gid=1864210 www.a4cloud.eu Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org

Recommended

Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2Archiver
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
Enabling Privacy and Security for Data Outsourced to the Cloud
Enabling Privacy and Security for Data Outsourced to the CloudEnabling Privacy and Security for Data Outsourced to the Cloud
Enabling Privacy and Security for Data Outsourced to the CloudEUBrasilCloudFORUM .
 
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...ICARUS2020.aero
 
Accelerate presentation
Accelerate presentationAccelerate presentation
Accelerate presentationAccelerate Project
 
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?FIWARE Global Summit - What Are We Doing in FIWARE Brazil?
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?FIWARE
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-ajOpen & Agile Smart Cities
 
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris.
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris. MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris.
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris. OW2
 

Recommended

Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2Archiver
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fimArchiver
 
Enabling Privacy and Security for Data Outsourced to the Cloud
Enabling Privacy and Security for Data Outsourced to the CloudEnabling Privacy and Security for Data Outsourced to the Cloud
Enabling Privacy and Security for Data Outsourced to the CloudEUBrasilCloudFORUM .
 
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...
ICARUS @PRO-VE 2019 - Collaborative Knowledge Management Session (September 2...ICARUS2020.aero
 
Accelerate presentation
Accelerate presentationAccelerate presentation
Accelerate presentationAccelerate Project
 
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?FIWARE Global Summit - What Are We Doing in FIWARE Brazil?
FIWARE Global Summit - What Are We Doing in FIWARE Brazil?FIWARE
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-ajOpen & Agile Smart Cities
 
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris.
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris. MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris.
MEASURE H2020 project presented at OW2con'19, June 12-13, 2019, Paris. OW2
 
Green ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu ServicesGreen ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu ServicesICT FOOTPRINT .eu
 
ENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid ApplicationsENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid ApplicationsDaniel Iglhaut
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...Invest Northern Ireland
 
Data Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharingData Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharingBig Data Value Association
 
Mission and Work of the OIF
Mission and Work of the OIFMission and Work of the OIF
Mission and Work of the OIFLeah Wilkinson
 
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental LeverageFIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental LeverageFIWARE
 
IECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptxIECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptxrgalavan
 
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014Maurizio Pilu
 
Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs Digital Catapult
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019Privacy Data Protection for Engineering
 
CRISP - Overview and results
CRISP - Overview and results CRISP - Overview and results
CRISP - Overview and results CRISP Project
 
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...FIWARE
 
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...NRB
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeDuncan Purves
 
DASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA PresentationDASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA PresentationDefence and Security Accelerator
 
NSC presentation
NSC presentationNSC presentation
NSC presentationGabriella Molinelli
 
Sara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_parisSara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_parisEuropeana
 
SerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIoT project
 
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's ExistingEOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's ExistingEOSCpilot .eu
 
Accountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & toolsAccountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & toolsIRC
 
The Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & ToolsThe Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & ToolsNavvia
 

More Related Content

What's hot

Green ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu ServicesGreen ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu ServicesICT FOOTPRINT .eu
 
ENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid ApplicationsENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid ApplicationsDaniel Iglhaut
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...Invest Northern Ireland
 
Data Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharingData Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharingBig Data Value Association
 
Mission and Work of the OIF
Mission and Work of the OIFMission and Work of the OIF
Mission and Work of the OIFLeah Wilkinson
 
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental LeverageFIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental LeverageFIWARE
 
IECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptxIECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptxrgalavan
 
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014Maurizio Pilu
 
Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs Digital Catapult
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentationMEDINA
 
CRISP - Overview and results
CRISP - Overview and results CRISP - Overview and results
CRISP - Overview and results CRISP Project
 
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...FIWARE
 
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...NRB
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeDuncan Purves
 
Sara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_parisSara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_parisEuropeana
 
SerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIoT project
 
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's ExistingEOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's ExistingEOSCpilot .eu
 

What's hot (20)

Green ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu ServicesGreen ICT - the ICTFOOTPRINT.eu Services
Green ICT - the ICTFOOTPRINT.eu Services
 
ENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid ApplicationsENERGISE Communication Infrastructure Strategies for Smart Grid Applications
ENERGISE Communication Infrastructure Strategies for Smart Grid Applications
 
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
Emerging & Enabling Technologies event, 19 September 17 - presentation by Jon...
 
Data Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharingData Privacy, Security in personal data sharing
Data Privacy, Security in personal data sharing
 
Mission and Work of the OIF
Mission and Work of the OIFMission and Work of the OIF
Mission and Work of the OIF
 
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental LeverageFIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
FIWARE Global Summit - Pixel: A Port IoT Solution for Environmental Leverage
 
IECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptxIECEU Kick Off Meeting - Robert Galavan.pptx
IECEU Kick Off Meeting - Robert Galavan.pptx
 
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
Digital 2014 - Wales - Maurizio Pilu - CDE Catapult - v1 10 06 2014
 
Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs Future Cloud Action Line - EIT ICT Labs
Future Cloud Action Line - EIT ICT Labs
 
Medina general presentation
Medina general presentationMedina general presentation
Medina general presentation
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019
 
CRISP - Overview and results
CRISP - Overview and results CRISP - Overview and results
CRISP - Overview and results
 
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
FIWARE Global Summit - POC (Proof of Concept) – Using FIWARE Platform for Mon...
 
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
One size doesn't fit all! - The NRB approach to data management (Ph. Rikir &...
 
Cyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator ProgrammeCyber Academic Startup Accelerator Programme
Cyber Academic Startup Accelerator Programme
 
DASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA PresentationDASA Security Showcase - DASA Presentation
DASA Security Showcase - DASA Presentation
 
NSC presentation
NSC presentationNSC presentation
NSC presentation
 
Sara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_parisSara Garavelli europeanatech 2015 13 feb2015_paris
Sara Garavelli europeanatech 2015 13 feb2015_paris
 
SerIot Hypothesis Testing Module
SerIot Hypothesis Testing ModuleSerIot Hypothesis Testing Module
SerIot Hypothesis Testing Module
 
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's ExistingEOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
EOSC Stakeholders Forum: For a FAIR Europe-What's Needed, What's Existing
 

Viewers also liked

Accountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & toolsAccountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & toolsIRC
 
The Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & ToolsThe Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & ToolsNavvia
 
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...Zhulkeflee Ismail
 
Cloud Security: Trust and Transformation
Cloud Security: Trust and TransformationCloud Security: Trust and Transformation
Cloud Security: Trust and TransformationPeter Coffee
 
Accountability in developing assessment tools
Accountability in developing assessment toolsAccountability in developing assessment tools
Accountability in developing assessment toolsCarlo Magno
 
Composing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsComposing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsLeon Smiers
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
 
Voice and accountability tools and examples for education
Voice and accountability tools and examples for educationVoice and accountability tools and examples for education
Voice and accountability tools and examples for educationilmideas
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingJohn Bauer
 

Viewers also liked (12)

Accountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & toolsAccountability : approaches, mechanisms & tools
Accountability : approaches, mechanisms & tools
 
The Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & ToolsThe Leader's Path to Effective Processes & Tools
The Leader's Path to Effective Processes & Tools
 
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...
[Slideshare] fardhu'ain(batch#15-january-2016)lesson-#8-arkanul-iiman-(believ...
 
Cloud Security: Trust and Transformation
Cloud Security: Trust and TransformationCloud Security: Trust and Transformation
Cloud Security: Trust and Transformation
 
Accountability in developing assessment tools
Accountability in developing assessment toolsAccountability in developing assessment tools
Accountability in developing assessment tools
 
Composing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsComposing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise products
 
2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap
 
Social Accountability
Social Accountability Social Accountability
Social Accountability
 
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Voice and accountability tools and examples for education
Voice and accountability tools and examples for educationVoice and accountability tools and examples for education
Voice and accountability tools and examples for education
 
Identity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud ComputingIdentity and Access Management Reference Architecture for Cloud Computing
Identity and Access Management Reference Architecture for Cloud Computing
 

Similar to CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA

Accountability for Data Governance in the Cloud
Accountability for Data Governance in the CloudAccountability for Data Governance in the Cloud
Accountability for Data Governance in the CloudMassimo Felici
 
FASTEN – Flexible and Autonomous Manufacturing
FASTEN – Flexible and Autonomous Manufacturing FASTEN – Flexible and Autonomous Manufacturing
FASTEN – Flexible and Autonomous ManufacturingATMOSPHERE .
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)Juan Miguel Velasco López Urda
 
IP Management in Horizon 2020
IP Management in Horizon 2020IP Management in Horizon 2020
IP Management in Horizon 2020Francois Stepman
 
Acs cloud computing sig 04 june2013
Acs cloud computing sig 04 june2013Acs cloud computing sig 04 june2013
Acs cloud computing sig 04 june2013Roland Padilla
 
Cessda saw task4-6_haguefocusgrppresentation_0616
Cessda saw task4-6_haguefocusgrppresentation_0616Cessda saw task4-6_haguefocusgrppresentation_0616
Cessda saw task4-6_haguefocusgrppresentation_0616Neil Beagrie
 
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...CloudTeams - Boosting Collaboration of Developers and End Users Together for ...
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...CloudTeams
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Project COLA - Project Flyer EN Web
Project COLA - Project Flyer EN WebProject COLA - Project Flyer EN Web
Project COLA - Project Flyer EN WebProject COLA
 
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016CloudTeams Presentation for the SE4SA Cluster in NetFutures2016
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016CloudTeams
 
Strategic Project Presentation
Strategic Project PresentationStrategic Project Presentation
Strategic Project PresentationStrategicProject
 
CloudTeams Methodology: a Roadmap for Customer-Driven Software Development
CloudTeams Methodology: a Roadmap for Customer-Driven Software DevelopmentCloudTeams Methodology: a Roadmap for Customer-Driven Software Development
CloudTeams Methodology: a Roadmap for Customer-Driven Software DevelopmentIosif Alvertis
 
Key Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectKey Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectTrilateral Research
 
TSSG Innovation Breakfast Seminar, Dublin - June 4th
TSSG Innovation Breakfast Seminar, Dublin - June 4thTSSG Innovation Breakfast Seminar, Dublin - June 4th
TSSG Innovation Breakfast Seminar, Dublin - June 4thWalton Institute
 
Patent protection for digital solutions according to DIN77006
Patent protection for digital solutions according to DIN77006Patent protection for digital solutions according to DIN77006
Patent protection for digital solutions according to DIN77006MIPLM
 
Acatech.pptx
Acatech.pptxAcatech.pptx
Acatech.pptxFIWARE
 
150728 NexTrust Intro Pack Master Version
150728 NexTrust Intro Pack Master Version150728 NexTrust Intro Pack Master Version
150728 NexTrust Intro Pack Master VersionSteve Rinsler
 

Similar to CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA (20)

Accountability for Data Governance in the Cloud
Accountability for Data Governance in the CloudAccountability for Data Governance in the Cloud
Accountability for Data Governance in the Cloud
 
FASTEN – Flexible and Autonomous Manufacturing
FASTEN – Flexible and Autonomous Manufacturing FASTEN – Flexible and Autonomous Manufacturing
FASTEN – Flexible and Autonomous Manufacturing
 
1305 eurocloud jfriedrich
1305 eurocloud jfriedrich1305 eurocloud jfriedrich
1305 eurocloud jfriedrich
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
ENISA-EuroCloud-Forum-2015.pptx
ENISA-EuroCloud-Forum-2015.pptxENISA-EuroCloud-Forum-2015.pptx
ENISA-EuroCloud-Forum-2015.pptx
 
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
 
IP Management in Horizon 2020
IP Management in Horizon 2020IP Management in Horizon 2020
IP Management in Horizon 2020
 
Acs cloud computing sig 04 june2013
Acs cloud computing sig 04 june2013Acs cloud computing sig 04 june2013
Acs cloud computing sig 04 june2013
 
Cessda saw task4-6_haguefocusgrppresentation_0616
Cessda saw task4-6_haguefocusgrppresentation_0616Cessda saw task4-6_haguefocusgrppresentation_0616
Cessda saw task4-6_haguefocusgrppresentation_0616
 
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...CloudTeams - Boosting Collaboration of Developers and End Users Together for ...
CloudTeams - Boosting Collaboration of Developers and End Users Together for ...
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
Project COLA - Project Flyer EN Web
Project COLA - Project Flyer EN WebProject COLA - Project Flyer EN Web
Project COLA - Project Flyer EN Web
 
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016CloudTeams Presentation for the SE4SA Cluster in NetFutures2016
CloudTeams Presentation for the SE4SA Cluster in NetFutures2016
 
Strategic Project Presentation
Strategic Project PresentationStrategic Project Presentation
Strategic Project Presentation
 
CloudTeams Methodology: a Roadmap for Customer-Driven Software Development
CloudTeams Methodology: a Roadmap for Customer-Driven Software DevelopmentCloudTeams Methodology: a Roadmap for Customer-Driven Software Development
CloudTeams Methodology: a Roadmap for Customer-Driven Software Development
 
Key Outputs of the E-CRIME project
Key Outputs of the E-CRIME projectKey Outputs of the E-CRIME project
Key Outputs of the E-CRIME project
 
TSSG Innovation Breakfast Seminar, Dublin - June 4th
TSSG Innovation Breakfast Seminar, Dublin - June 4thTSSG Innovation Breakfast Seminar, Dublin - June 4th
TSSG Innovation Breakfast Seminar, Dublin - June 4th
 
Patent protection for digital solutions according to DIN77006
Patent protection for digital solutions according to DIN77006Patent protection for digital solutions according to DIN77006
Patent protection for digital solutions according to DIN77006
 
Acatech.pptx
Acatech.pptxAcatech.pptx
Acatech.pptx
 
150728 NexTrust Intro Pack Master Version
150728 NexTrust Intro Pack Master Version150728 NexTrust Intro Pack Master Version
150728 NexTrust Intro Pack Master Version
 

More from The Research Council of Norway, IKTPLUSS

21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...
21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...
21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...The Research Council of Norway, IKTPLUSS
 

More from The Research Council of Norway, IKTPLUSS (20)

14 arne eriksen emeistring
14 arne eriksen emeistring14 arne eriksen emeistring
14 arne eriksen emeistring
 
12 thomas jakobsen neckgraph mai2015
12 thomas jakobsen neckgraph mai201512 thomas jakobsen neckgraph mai2015
12 thomas jakobsen neckgraph mai2015
 
09 bjørn skjellaug sintef
09 bjørn skjellaug sintef09 bjørn skjellaug sintef
09 bjørn skjellaug sintef
 
10 eric mandeville capgemini
10 eric mandeville capgemini10 eric mandeville capgemini
10 eric mandeville capgemini
 
08 sigve nakken ncgc
08 sigve nakken ncgc08 sigve nakken ncgc
08 sigve nakken ncgc
 
06 per olav vandvik magic
06 per olav vandvik magic06 per olav vandvik magic
06 per olav vandvik magic
 
05 øivind riis sph østfold
05 øivind riis sph østfold05 øivind riis sph østfold
05 øivind riis sph østfold
 
04 jarl reitan sintef
04 jarl reitan sintef04 jarl reitan sintef
04 jarl reitan sintef
 
03 jon tysdahl fürst
03 jon tysdahl fürst03 jon tysdahl fürst
03 jon tysdahl fürst
 
02 dag undlien uio
02 dag undlien uio02 dag undlien uio
02 dag undlien uio
 
01 ellen brox norut
01 ellen brox norut01 ellen brox norut
01 ellen brox norut
 
24 henning odden tieto
24 henning odden tieto24 henning odden tieto
24 henning odden tieto
 
23 peyman hi oa
23 peyman hi oa23 peyman hi oa
23 peyman hi oa
 
21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...
21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...
21 tor dokken pasient tilpassede implantater .... ikt pluss presentasjon 7. m...
 
18 lars reinertsen any14
18 lars reinertsen any1418 lars reinertsen any14
18 lars reinertsen any14
 
19 iffat sms-ikt-fyrtårn-7mai2015
19 iffat sms-ikt-fyrtårn-7mai201519 iffat sms-ikt-fyrtårn-7mai2015
19 iffat sms-ikt-fyrtårn-7mai2015
 
16 erik årsand telemed
16 erik årsand telemed16 erik årsand telemed
16 erik årsand telemed
 
15 nytroe ntnu
15 nytroe ntnu 15 nytroe ntnu
15 nytroe ntnu
 
17 leif nohr oase 2
17 leif nohr oase 217 leif nohr oase 2
17 leif nohr oase 2
 
Blopp!; Ole Andreas Alsos, NTNU og Bekk Consulting
Blopp!; Ole Andreas Alsos, NTNU og Bekk Consulting Blopp!; Ole Andreas Alsos, NTNU og Bekk Consulting
Blopp!; Ole Andreas Alsos, NTNU og Bekk Consulting
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring, Daniele Catteddu, CSA

  • 1. CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through security continuous monitoring November 2013, Research Council of Norway Daniele Catteddu, CSA Managing Director EMEA and OCF Project Director Copyright © 2013 CloudSecurity Alliance www.cloudsecurityalliance.org
  • 2. About the Cloud Security Alliance Global, not-for-profit organisation Over 48,000 individual members, more than 180 corporate members, and 65 chapters Building best practices and a trusted cloud ecosystem Agile philosophy, rapid development of applied research GRC: Balance compliance with risk management Reference models: build using existing standards Identity: a key foundation of a functioning cloud economy Champion interoperability Enable innovation Advocacy of prudent public policy “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 3. Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 4. Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 5. Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 6. Security Benefits Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 7. Economy of Scale Security Benefits Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 8. RISKS Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 9. Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 10. OPENNESS & TRANSPARENCY Copyright © 2011 Cloud Security Alliance www.cloudsecurityalliance.org
  • 11. NEW GOVERNANCE MODELS Copyright © 2011 Cloud Security Alliance Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 12. ACCOUNTABILITY Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 13. Cloud Accountability Project The project focuses on accountability as the most critical prerequisite for effective governance and control of corporate and private data processed by cloud-based IT services. It aims to assist cloud service providers with: • Techniques to make services more trustworthy • Ways to satisfy business policies and demonstrate compliance • Allowing differentiation This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 14. A4Cloud Members Industry Community Research This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 15. Drivers for accountability Globalisation and new technologies • Cloud computing presents a paradigm shift in how IT is deployed and consumed Uncertainty and lack of visibility (for consumers, clients and regulators) • Privacy and trust comes from sound stewardship of information by service providers for which we need to hold them accountable Regulatory complexity in global business environments, especially for cloud • Accountability addresses global interoperability • Clear and consistent framework of data protection rules • Allows avoidance of complex matrix of national laws and reduces unnecessary layers of complexity for cloud providers • New technologies like cloud are straining traditional privacy frameworks This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 16. Context Principles, Regulations and Societal Norms Trying to get organisations to do the right thing What is the right thing? supports Accountability How to do the right thing Design complements Holding them to account if they don’t Facilitating redress This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 17. Context Principles, Regulations and Societal Norms Trying to get organisations to do the right thing What is the right thing? supports How to do the right thing Control over practical aspects of compliance Obligation to prove that principles put into effect Accountability Design complements Holding them to account if they don’t Facilitating redress This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 18. Cloud ecosystem This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 19. Model of Accountability This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 20. Conceptual model of accountability abstract Accountability conceptual organisational operational Attributes What? Practices How? Mechanisms With what? concrete This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 21. Defining accountability Accountability consists of defining Accountability governance to comply in a responsible manner with internal Attributes and external criteria, ensuring implementation Practices of appropriate actions, explaining and justifying those actions and remedying any Mechanisms failure to act properly. This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 22. Accountability attributes • Observabililty Accountability Attributes • Verifiability • Attributability • Transparency Practices Mechanisms • Responsibility • Liability • Remediation This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 23. Accountability practices Accountability Attributes Practices • Define governance • Ensure implementation • Explain & justify actions Mechanisms • Remedy failures This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 24. Accountability mechanisms Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 25. Accountability Mechanisms Auditing, Risk assessment, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 26. Accountability Mechanisms Contracts, Legal means, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 27. Accountability Mechanisms Tracking and transparency tools Notification of policy violation, etc Accountability Attributes Practices • Business processes contain Mechanisms • Non-technical instruments • Technical tools This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 28. A4Cloud project What is needed Trustworthy architecture • User-centric accountability tools • Accountability policy language • Enforcement mechanisms for accountability Transparent security • Reference architecture for accountability • Interoperable mechanisms and tools Privacy assurance Trust assurance Policies • Risk and trust models for accountability • Policy compliance mechanisms and tools Security and trust economics Governance • Accountability metrics • Accountability evidence mechanisms and tools • Auditing mechanisms and tools • Accountability framework This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 29. A4Cloud & CSA A4Cloud results are relevant to a number of number of CSA research, educational activities, as well as in the context of the Open Certification Framework This project is partly funded from the European Commission’s Seventh Framework Programme (FP7/2007-2013) under grant agreement no: 317550 (A4CLOUD).
  • 30. The Cloud Trust Protocol (CTP) is designed to be a mechanism by which cloud service clients can ask for and receive information related to the security of the services they use in the cloud, promoting transparency and trust. Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 31. An idea for a consumer/provider protocol Confidentiality level Uptime … consumer provider CTP = Reports + Commitments Copyright © 2011 Cloud Security Alliance 2013 + Alerts www.cloudsecurityalliance.org
  • 32. Transparency and trust Goal: Transparency and trust OCF level 3: Cloud monitoring based certification OCF level 2: Third-party cloud certification OCF level 1: Cloud self-certification Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 33. What we have today… 1. API & Data Model What is… A report, a commitment, an alert? A security attribute? A resource, a service? 3. 2. Security attribute catalogue “Availability”, “timely incident reporting”, “confidentiality level”… A prototype REST + XML Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
  • 34. The API is the easy part... Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org
  • 35. Challenge 1: Standardizing cloud security attributes = 0.06 kWh = 0.06 kWh 0.06 kWh Electricity consumption Cloud availability = 99.95% = 99.95% Copyright © 2013 Cloud Security Alliance 99.95% www.cloudsecurityalliance.org www.cloudsecurityalliance.org
  • 36. Challenge 2: Finding good security attributes 1 Vulnerability found ? < 5 Vulnerabilities found 100 vulnerabilities published in 2013 (NVD) 9 relevant to our platform 8 tested 1 found exploitable (severity=6.0) Time between discovery and fix = 5 days. Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
  • 37. Challenge 3: Fitting CTP in OCF level 3 The CSA Open Certification Framework is an industry initiative to allow global, accredited, trusted certification of cloud providers. Copyright © 2013 Cloud Security Alliance www.cloudsecurityalliance.org www.cloudsecurityalliance.org
  • 38. Challenge 4: Integrating CTP in A4Cloud Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 39. Lessons already learned Good attributes need to be: Well defined - consistently measured Cheap to evaluate – automated Correlated to consumer utility Some interesting but tricky areas: Vulnerability management, data location, staff data access, incident response…. Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 40. Now it’s your turn! Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 41. The CTP working group CSA launches the CTP working group: Objective 1: Define CTP Vision, goals, design principles. Objective 2: Define CTP data model. Objective 3: Specify the CTP API. Objective 4: Specify CTP core security attributes. Objective 5: Implement a CTP pilot. Objective 6: Support OCF monitoring based certification Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 42. Help Us Secure Cloud Computing www.cloudsecurityalliance.org info@cloudsecurityalliance.org dcatteddu@cloudsecurityalliance.org www.linkedin.com/groups?gid=1864210 www.a4cloud.eu Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org
  • 43. Copyright © 2011 Cloud Security Alliance 2013 www.cloudsecurityalliance.org