CloudWATCH - A European cloud observatory supporting cloud policies, standard profiles and services
Small- and medium-sized enterprises (SMEs) are the backbone of the European economy. But when it comes to adopting new services or implementing information security systems, SMEs face significant challenges. They typically have restricted budgets, limited resources and limited expertise in information security. They are increasingly less likely to adopt cloud because of security concerns, complex terminology, fear of vendor lock in and lack of transparency.
There is also a growing demand from customers for freedom of choice and increased control. Security and privacy certifications and attestations have been identified as one of most effective and efficient means to increase the level of trust in cloud services and stimulate their adoption.
So how can we best facilitate SMEs in migrating to the cloud and help them innovate in the global marketplace where new business value creation is becoming increasingly important? How do we bring together small firms and cloud service providers in a way that facilities information in a neutral and objective way?
More knowledge for making the right strategic decisions
CloudWATCH is creating new services and tools to help navigate SMEs to the cloud confident that they have at their fingertips all the practical, security and legal information they need to make the right decisions .
Online tools for SMEs: CloudWATCH has already led the way with the launch of the European Cloud Scout, a novel interactive tool for SME managers in Europe with low-threshold information on legal, organisational and technical requirements for the successful use of cloud services . Several country and language specific versions already available online and more will follow.
CloudWATCH is now poised to launch a highly practical and insightful web application for SMEs. Through a portfolio of cloud service providers and their services which will enable SMEs to get a much clearer picture of cloud services, and match current offers on the market with their specific business needs and processes. The tool will also provide information, tips and check-lists on key pain points for SMEs: legal issues, contracts and SLAs; certification and compliance; interoperability and performance.
Currently, albeit its already massive scale, Cloud adoption can still be seen as first mover market from a risk management and service procurement point of view. To become a true market at scale, Cloud services need to turn into commodity (for large scale B2B economics) as well as a utility (for B2C and end-user consummation) just as electricity is. This is achievable only through agreed information models and access interfaces commonly agreed across market participants and would be entirely impossible without agreed standards in the market . Standards provide a level playing field for market participants to compete on service delivery, service management, customer satisfaction and service pricing for the benefit of the customer. CloudWatch aims at driving the Cloud market towards Cloud services being evolved into and treated as commodities and utilities through promoting uptake of publicly defined open standards on technology, legal and governance processes.
More choice for customers: CloudWATCH is developing a set of common standards profiles based analysis of clustering of 55 cloud projects and scored on the NIST criteria for cloud computing. A profile on a standard clarifies in an unambiguous way how a standard has to be interpreted, explaining how to implement it based on a specific use case. Based on a portfolio of European and international use cases covering technical, policy and legal requirements, such as service level agreement management CloudWATCH will develop and test a set of common standards profiles around the federation of cloud services which can be picked up and used easily and thus driving the Cloud market into a state of commodity and utility.
More trust for customers: CloudWATCH has analysed all currently available cloud security certification schemes and through a set of recommendations is providing guidance for cloud service customers, especially public administrations and small and medium companies, cloud service providers and policy makers in their evaluation of possible options for “certifying” the level of security and privacy of cloud services.