Cloud Governance, Risk, Compliance
- TYPE: Combined Session DATE: Thursday, 05/16/2013 TIME: 14:00-15:00 LOCATION: AUDITORIUM
On February 7, 2013, the European Commission launched its cybersecurity strategy for the European Union (“Strategy”). As part of this Strategy, the European Commission also proposed a draft directive on measures to ensure a common level of network and information security (“NIS”) across the EU. The proposed Directive is a key component of this Strategy. It introduces a number of measures to enhance cybersecurity, including:
- The requirement for EU Member States to adopt a NIS strategy and to designate national NIS authorities to prevent, handle and respond to NIS risks and incidents;
- The creation of a cooperation network to enable the national NIS authorities, the European Commission and, in certain cases, the European Network and Information Security Agency (“ENISA”) and the Europol Cybercrime Center, to share early warnings on risks and incidents and cooperate on further steps;
- The obligation for (1) operators of “critical” infrastructures in certain sectors (financial services, transport, energy and health), (2) providers of information society services and (3) public administrations to implement appropriate security measures and to report incidents having a “significant” impact on the services they provide (e.g., the unavailability of a cloud computing service as a result of which users cannot access their data). Such incidents would have to be reported to the national NIS authorities, who may then decide to inform the public or require companies and public administrations to do so.
The FAQs that accompany the proposed NIS Directive include examples of companies that would be obliged to report cyber incidents, such as cloud computing service providers, search engines; e-Commerce platform providers, Internet payment service providers,
providers of VoIP and other communications services, social network providers, platforms enabling the provision and sharing of videos, platforms enabling the provision and sharing of music, major online computer games, and application stores.
How can hybrid clouds join together so that a user company operating the respective compliance requirements in the necessary deployment option (leave) and still be able to ensure a consistent and legally compliant process execution? Hybrid cloud connectivity capabilities are a key enabler of the near and long term usage of cloud services. During this session we will show what kind of different hybrid scenarios we see as applicable today at our members, what are the detailed challenges and key obstacles from their point of view and how different approaches were seen by them.