Single Blog

The benefits of Cloud Computing are now well known, having your information at your fingertips wherever you are is certainly the main advantage. At the same time, the cloud model also introduces security and privacy risks, not only for individuals, but also and above all for companies. Security and privacy in the cloud are the result of an integration of technologies, controls, processes and policies.

The security and traceability of data in virtual clouds is governed by compliance requirements, which ensure compliance with the laws and regulations that apply to the use of cloud computing.

Compliance allows you to assess the provider’s ability to meet compliance requirements with laws, regulations, and customer/business standards. It typically includes compliance with privacy regulations (e.g., GDPR), the geographic location of data centers and consequently of the data, any insurance coverage in the event of a data breach, and the willingness to provide evidence of compliance with standards and regulations.

The GDPR is the General Data Protection Regulation 2016/679 (GDPR) is the main European legislation on the protection of personal data.

“With the European regulation, we move from a proprietary view of the data, according to which it cannot be processed without consent, to a vision of control of the data, which favors the free movement of the same while strengthening the rights of the data subject, who must be able to know if his data are used and how they are used to protect him and the entire community from the risks inherent in the processing of data.”

Amazon Web Services, in addition to ensuring its own compliance, offers global compliance proposals to its partners and is committed to ensuring services and resources that enable customers to comply with the requirements of the GDPR applicable to their businesses.

Compared to our reference area , here are some of the compliances made available by AWS:

• CISPE (Cloud Infrastructure Services Providers in Europe) is a union of cloud computing leaders serving millions of customers in Europe. The CISPE Code of Conduct allows customers to be confident that their cloud infrastructure provider is using appropriate data protection standards to comply with the current GDPR.
• Cyber Essentials defines the necessary technical controls. The audit framework shows how the independent audit process for Cyber Essentials Plus certification works through an annual external assessment by an accredited entity. Due to the regional nature of the certification, the scope of certification is limited to the Europe (Ireland) and Europe (London) regions.
• ISO 9001 outlines an approach based on the processes of documenting and controlling the structure, responsibilities and procedures necessary to achieve a satisfactory level of quality management within an organization.
• ISO/IEC 27001 is a standard that specifies best practices for security management and comprehensive security controls based on the best practice guidance of the ISO/IEC 27002 standard. The foundation of this certification is the development and implementation of a rigorous security program, which is an information security management system that defines how AWS continuously manages security holistically and comprehensively.
• PCI DSS applies to entities that store, process, or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, data processors, acquirers, issuers, and service providers. PCI DSS is mandated by credit card issuers and is managed by the Payment Card Industry Security Standards Council.
• System and Organization Controls (SOC) reports are independent third-party analytical reports that document how AWS has achieved optimal compliance goals and controls. The purpose of these reports is to help customers and their controllers gather information about the controls created by AWS to support operations and compliance.

At the Digital Summit 2019, the European Gaia-x project was presented by the German government. Gaia-x aims to set common goals for a Europe-wide data infrastructure. More than 100 European companies and 17 research countries are already part of the initiative, and other European and international players will be invited to take part in the project.

“An open digital ecosystem is needed to enable European companies and business models to compete globally. This ecosystem should enable both the digital sovereignty of cloud service users and the scalability of European cloud providers.”

Among the international players that will be able to contribute to the development of Gaia-x there is also the collaboration of Amazon Web Services (as well as other players such as Microsoft, Google, Aruba). Certainly, taking part in this project represents a turning point for AWS, especially for the management and control of data that will no longer have to be moved overseas, but can be managed within the European Union.
All this makes it much easier for public bodies to use the virtual cloud.

In November 2011 a select group of European companies, including the EuroCloud EU association, drafted a report on the European Cloud Computing Strategy. 10 recommendations and actions to be taken delivered to the European Commission’s Vice President for the Digital Agenda Neelie Kroes. In January 2012 at the World Economic Forum in Davos, Vice President Neelie Kroes Kroes founded the European Cloud Partnership.
The European Cloud Partnership was led by representatives from the IT and telecommunications industry, as well as policymakers from the European government (the name of Amazon’s current CTO Werner Vogels is also among the many members).
In February 2014, it completed a report entitled “Trusted Cloud Europe”, which outlined a process for effective participation of the public and private sectors in the development of cloud computing in Europe.
Unfortunately, traces of the ECP were lost in 2014, when the European Commission invited external parties to participate in a discussion forum and complete an online survey in response to the report.

Will it be possible to have a European plan this time or will Gaia-x also fall into oblivion?