During the Digital Netherlands Conference, the Online Trust Coalition published its white paper Trust in the Cloud. The paper outlines the steps that need to be taken to more easily and efficiently prove the reliability of cloud services and to offer assurance about that reliability. Currently, this isn’t transparent or straightforward enough for providers and users of cloud services. These are crucial issues, since the competitiveness and innovation capacity of the Netherlands is strongly dependent on reliable cloud services.
The coalition asserts that the solution — improving the ease and efficiency with which the reliability and security of cloud services can be demonstrated — is a shared responsibility. Fittingly, the white paper was drafted by a collaboration of providers and users of cloud services, relevant governmental authorities and experts in the field of cybersecurity, compliance, conformity and assurance.
Reliability difficult to prove
Due to the constant growth and specialisation, cloud services are almost always part of a chain; this chain consists of other cloud services supplied by multiple providers, including hosting and platform services. With this, the users of cloud services are increasingly dependent, via their direct provider, on various other providers. In addition, cloud service providers essentially supply their functionalities, risks and associated governance in generic form, without differentiation for specific users.
This makes it difficult for cloud service users to determine whether a service is suitable for the purpose for which they want to use it, and to find out whether the services are reliable and secure. Where is the data stored? Who can access it? What about security and privacy? And most importantly: how can you find the answer to these questions?
To break this impasse, the OTC is calling for more efficient and easy-to-access methods through which cloud service providers can prove the reliability and security of their services. Users should more easily be able to obtain assurance about the reliability of the services.
The actions the OTC plans to take in this regard are: to compare the different certifications and standards framework, to develop selection guidance for users, to draw up rules for the interaction between providers and users of cloud services, to continually monitor the reliability of cloud services and to standardise the accountability information. Finally, the OTC has joined Gaia-X, the European alliance focussed on cloud services.
“The white paper is a call to action to ourselves, the OTC participants, but especially to parties who haven’t yet joined”, says Michiel Steltman. Michiel is part of the OTC core team, where he contributes his expertise in the field of cloud and assurance. “It’s important that we as a market take forward the actions outlined in this paper. The Netherlands is a frontrunner when it comes to digital service provision. The OTC is committed to embedding the provision and assurance of reliability and security within the future European standards. But in the meantime, as frontrunners in this field, we’ll continue to move forward to help shape these standards.”