Featured Research: CIRRUS

Stakeholders in cloud computing have varying expectations and requirements related to security in the cloud. Consumers of cloud products are concerned with data portability and cloud interoperability, which ensures privacy and security when migrating data from one cloud to another.

Security concerns can prevent certain users, such as critical infrastructure operators, from moving their data to the cloud. Challenges coming from national legislations and cross-country agreements need to be addressed by data law enforcement agencies, while compliance, auditing and certification are important for information and communications technology (ICT) service providers when dealing with cloud-related business.

Vision

Certification, InteRnationalisation and standaRdization in cloUd Security (CIRRUS) aims to bring together representatives of industry organizations, law enforcement agencies, cloud services providers, standard and certification services organizations, cloud consumers, auditors, data protection authorities, policy makers, the software components industry, and others with diverse interests in security and privacy issues in cloud computing.

The CIRRUS project aims to provide high-level, high-impact support and coordination for European ICT security research projects. Project activities include standardization and certification schemes, integration of research projects with EU policy and strategy, internationalization, and support of the industry’s best practices and public/private cooperation initiatives.

The CIRRUS project supports ongoing research projects and coordinates dialogue, both within the EU and at an international level, focused on cloud security standardization and certification.

CSA’s Role

Among its tasks, CSA is responsible for situation analysis and research reporting, including participation in the production of CIRRUS’s “Green Paper on Cloud Security.” CSA also brings together key stakeholders (i.e., policy makers, research leaders, and CxOs) and provides outreach through related standardization and certification activities. CSA organizes CIRRUS’s industry events and disseminates research and findings from the events through its network of industry professionals and experts.

Consortia

ATOS SPAIN SA, Spain

CLOUD SECURITY ALLIANCE (EUROPE), United Kingdom

AUSTRIAN STANDARDS INSTITUTE, Austria

PORTAKAL TEKNOLOJI EGITIM DANIS- MANLIK YAZILIM TURIZM

TAAHHUT VE TICARET LTD STI, Turkey

INFORMATION TECHNOLOGY PROMOTION AGENCY, Japan

GRANT THORNTON FORENSIC & INVESTIGATION SERVICES BV, Netherlands

Timeline

The project follows a 2-year timeline, having kicked off its first meeting on October 1, 2012. The the expected delivery date for the research is October 1, 2014.

During that period, a series of progress reviews have been defined, and CIRRUS has participated in several global cloud computing workshops and conferences. Most recently, CIRRUS was involved in the SecureCloud 2014 Conference in Amsterdam, held April 4, 2014 and organized by CSA.