Three pillars/key actions :
Unleashing the potential of cloud computing
Cloud computing gained pace in Europe during 2012 and 2013, and many services – such as webbased e-mail and social networks – are in the cloud. But it is still early days, and the impact of the cloud on business is expected to soar in coming years.
Businesses are set to benefit from cloud computing at two levels. It has the potential to reduce information technology costs, and it gives creative companies an opportunity to develop new and sophisticated IT services. Moreover, the Cloud Strategy has the potential to create an additional 2.5 million jobs in Europe, and to boost EU GDP by €160 billion (around 1%) by 20201.
As with the internet, cloud computing has been developing for some time and, from an IT perspective, will evolve further. But unlike the internet, cloud computing is at an early stage of development. This means that the various stakeholders can still influence the legal framework, ensuring that businesses and users are able to benefit from both the demand and supply side of cloud services.
The EU’s policy on cloud computing falls under the Digital Agenda initiative, and is based on the ‘Unleashing the Potential of Cloud Computing in Europe Strategy’2, unveiled in September 2012. The overall goal is to make Europe cloudactive, as well as cloud-friendly, in order to stimulate the uptake of cloud computing to the benefit of customers and suppliers alike. The Strategy draws attention to priority areas such as safe and fair contract terms, standardisation and forging a partnership between industry and the public sector. Work over the last year has already born fruit.
The Strategy took shape after thorough analysis of the overall policy, regulatory and technology landscapes within Europe. It was also the culmination of more than 18 months of broad stakeholder consultations.
Under the Strategy’s first key action, “cutting through the jungle of standards”, the Commission will work with the European Union Network and Information Security Agency (ENISA) and other relevant bodies to assist in the development of EU-wide voluntary certification schemes for cloud computing (including data protection) and establish a list of such schemes by 2014.
Implementation began with the creation of an expert group on certification3 under the Cloud Select Industry Group (C-SIG), bringing together representatives from a number of cloud suppliers and other industry stakeholders. The group has already compiled industry recommendations on how to work with voluntary cloud certification schemes, as well as a list of existing certification schemes with cloud relevance.
Both were presented to the Steering Board of the European Cloud Partnership (ECP) at their second meeting in July 2013. ENISA will now work to streamline and validate this work.
The Commission has also invited ENISA to include certification actions in its work programmes for 2013 and 2014. ENISA has already produced a draft report on cloud certification and auditing from security perspective. It has also contributed to the mapping of cloud computing security standards in collaboration with the European Telecommunication Standards Institute (ETSI).
The Commission has also tasked ETSI with identifying the necessary standards for security, interoperability, data portability and reversibility, among other areas, by 2013. The Cloud Standards Coordination (CSC)4 process started in December 2012 with a view to producing a draft report on existing cloud standards, including their relevance to different stakeholders’ needs (SLAs, interoperability and security and privacy) by summer 2013. The preliminary report, listing more than 100 relevant use cases, was presented at a stocktaking meeting in April 2013. The final one was presented in December 2013.The ETSI CSC process was open to everyone5.
Ensuring contract terms and conditions are consistent will increase consumer trust and thus encourage a wider take-up of cloud computing services. The Strategy calls for action not only at the level of consumers and small firms, who get takeit- or-leave-it contracts, but also at the level of SLAs between professional users.
Getting this off the ground, the Commission has started working with stakeholders to develop model contract terms and conditions that will facilitate cross-border transactions in the single market. A separate expert group, set up by the Commission’s DG Justice, has been asked to identify safe and fair contract terms and conditions for consumers and small firms using the cloud6. The group had its first meeting in November 2013.
In February 2013, a sub-group on service level agreements7 was established within the C-SIG. The group began by drafting a checklist intended to help IT resource directors ask the right questions and get the right answers when procuring cloud services. The initial drafts were presented to the European Cloud Partnership Steering Board in July 2013. Since then, the group has agreed on an initial set with 11 attributes that define standard options for SLAs and contracts. Templates for service level agreements should be ready in the first half of 2014.
The Strategy gives the Commission a mandate to work with industry to agree on a code of conduct for cloud computing providers that will support a uniform application of data protection rules. A sub-group on code of conduct on data protection within the C-SIG involving representatives from cloud suppliers and other industry stakeholders, has drawn up a draft version. Now this version will be revised, sent for approval by the Article 29 Working Party and presented to the Commission by the end of 2014.
The Commission will also review standard contractual clauses applicable to transfer of personal data to third countries and will call upon national data protection authorities to approve the Binding Corporate Rules for cloud providers. The C-SIG will be actively involved in the revision of the standard contractual clauses.
Also given “key action” status within the Strategy is the creation of a European Cloud Partnership (ECP). The initiative brings together industry experts and public sector users to work on common procurement requirements for cloud computing.
A high-level Steering Board representing EU countries and cloud service providers is advising the Commission. It is chaired by the President of Estonia, Toomas Hendrik Ilves, and includes 19 representatives from public and private organisations. The Steering Board provides advice on cloud computing to Commissioner Kroes.
At their 4 July 2013 meeting, the Board discussed the PRISM revelations and their possible fall-out for cloud computing in Europe. A major risk, due to a loss of trust, is fragmentation of the cloud market into separate national market segments. This would be a step backwards for the single market, for the critical mass needed to develop cloud computing fully, and for both European industry and customers.
The Steering Board in which six EU countries are present supported urgent action to shore up cloud computing adoption in a single and competitive market, alongside measures to ensure data security and confidentiality for the benefit of both users and suppliers.
The ECP Steering Board at their meeting on 14 November 2013 in Berlin welcomed an announcement on the precommercial procurement project “Cloud-for-Europe” (C4E). Within the project, funded under the ICT theme of the Seventh Framework Programme (FP7), a consortium of 24 public and private organisations will develop and test cloud computing procurement requirements. The C4E project was launched on 14 November 2013 in Berlin.
(Article from net-cloud future magazine (2013) - for complete magazine click here )