German-French Digital Summit: Cooperation for Secure Cloud
The cybersecurity authorities of France and Germany want to jointly further develop security standards for cloud environments – not for the first time.
(Image: Andy.LIU/Shutterstock.com)
The Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) and the German Federal Office for Information Security (BSI) have agreed on close cooperation regarding cloud security criteria. The cooperation between two important European players is intended to be a signal of progress, one day before the German-French Digital Summit: In cases of increased security requirements, cross-border thinking will be applied in the future.
"We must ensure uninterrupted operation and effective control over our sensitive data in the clouds," says BSI President Claudia Plattner. France and Germany are concerned with "addressing the risks arising from extraterritorial law or dependencies hand in hand," adds ANSSI Director General Vincent Strubel.
Inconsistent Security Requirements
European cloud providers have so far faced the problem that each of the 27 EU member states has its own specifications for "secure clouds" for remote applications and storage, often requiring separate certifications and security checks.
This is fundamentally set to change with the "Cloud Sovereignty Framework" announced by the EU Commission. The two cybersecurity authorities in Bonn and Paris now want to build on this. The goal is to develop compatible criteria and methods for their compliance.
ANSSI has been driving the SecNumCloud Framework, which is based on the ISO 270001 standard, since 2016. The BSI also works on cloud minimum standards, currently the so-called C5 criteria catalogs are the specifications of the Bonn IT security specialists.
Given the sharply increasing demand from entities requiring state secrecy, Plattner recently published fundamental considerations on how data with a lower level of protection could also be stored in the US cloud. For this, the BSI President had to face some criticism from parts of the European open-source community. The joint declaration by BSI and ANSSI now contains a clear commitment to European stakeholders and open-source technologies.
Videos by heise
Simplifying Operations Abroad
However, if the two heavyweights among the EU cybersecurity authorities were to pull together permanently, they could address two problems at once: firstly, that the costs for providers – and consequently, the prices for users – are high due to the multitude of national regulations. Secondly, this also simplifies the operation of data centers according to national regulations abroad within the EU.
However, the idea of jointly working on criteria for secure cloud environments is not entirely new: Nine years ago, the then BSI President Arne Schönbohm and his French counterpart Guillaume Poupard already wanted to develop a label for a "European Secure Cloud" as a sign of good German-French digital cooperation. And this time too, the joint declaration by the two sides states in a relevant passage: The joint approach should take place "where possible".
(wpl)
