A European Take on Cloud Security

I have practiced information security on both sides of the Atlantic Ocean and I have always been fascinated by the differences between the European and the North American approaches to security.

Europeans tend to take a comprehensive, long term, risk-based approach whereas Americans often favor effective protections with rapid return on investment. The greater adoption of smart cards and digital certificates in Europe than in the U.S. is certainly one of the many symptoms of this difference in approaches.

Not surprisingly, early work on cloud security seems to be taking the same path.

Earlier this year, the Cloud Security Alliance, a global organization with strong North American influence released an excellent “Security Guidance for Critical Areas of Focus in Cloud Computing”. The document is focusing on practical steps that organizations considering cloud computing strategies can take.

On November 20th, ENISA, the European Network and Information Security Agency, published a report entitled “Cloud Computing: Benefits, risks and recommendations for information security”. The report reviews the privacy and security risks of moving into the cloud. Beyond the immediate risks it also expands on how cloud computing can become a security enabler, a topic dear to my heart.

RSA is directly involved in both initiatives and we are supportive of any initiative that helps customers understand (a) the risks of cloud computing, (b) the practical steps to take to securely move to the cloud and (c) how the cloud can help surpass current levels of security.

Enjoy the reading!

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize