Cloud Computing: opportunità,, cautele e aspetti regolamentari

Transcription

1 Cloud Computing: opportunità,, cautele e aspetti regolamentari Fulvio Ananasso Direttore Studi, Ricerche e Formazione

2 Source: World Economic Forum 2009 Cloud Computing Survey Standards for security & privacy Governance and data control Compliance and data sovereignty Service-level agreements (SLAs) & interoperability between clouds Switching costs

3 Relevant cloud issues -- from Regulators standpoint Security & privacy; User protection; Telework policies; Electronic communications (web) applications; Virtualized content ownership / data sovereignty; TelCo s vs-over the top (OTT) offering; Service / network neutrality; Standards & interoperability e.g. SMEs; Clear contractual arrangements / switching costs; Transparency of operating conditions;..

4 ponderare rischi e benefici dei servizi cloud; verificare l affidabilità del fornitore; privilegiare i servizi che favoriscono la portabilità dei dati; assicurarsi la disponibilità dei dati in caso di necessità; mirroring / hot back up dati sparsi su più server (business continuity / disaster recovery); selezionare i dati da inserire in cloud e quelli da tenere in house ; seguire i dati e dove risiedono / risiederanno fisicamente -- virtualized content ownership / data sovereignty; chiare e trasparenti clausole contrattuali QoS, SLA, switching costs, lock-in, standards e interoperabilità, ; tempi di persistenza / cancellazione dei dati nel cloud; tutela confidenzialità / sicurezza dei dati -- protezione dati personali; adeguata formazione del personale;.. Servizi cloud - alcune precauzioni

5 Policy objectives and regulatory principles (Directive 2002/21/EC as amended by Directive 2009/140/EC Article 8) 8 To promote competition in the provision of electronic communications networks, electronic communications services and associated facilities and services by inter alia: ensuring that users derive maximum benefit in terms of choice, price, and quality; ensuring that there is no distortion or restriction of competition in the electronic communications sector, including the transmission of content; encouraging efficient investment in infrastructure, and promoting innovation. To contribute to the development of the internal market by inter alia: encouraging the establishment and development of trans-european networks and the interoperability of pan-european services, and end-to-end connectivity; ensuring that, in similar circumstances, there is no discrimination in the treatment of undertakings providing electronic communications networks and services. To promote the interests of the citizens of the European Union by inter alia: ensuring a high level of protection for consumers in their dealings with suppliers, in particular by ensuring the availability of simple and inexpensive dispute resolution procedures carried out by a body that is independent of the parties involved; contributing to ensuring a high level of protection of personal data and privacy; promoting the provision of clear information, in particular requiring transparency of tariffs and conditions for using publicly available electronic communications services; ensuring that the integrity and security of public communications networks are maintained;.

6 Security and integrity (Directive 2002/21/EC Direzione Studi, Ricerca e Formazione as amended by Directive 2009/140/EC - Article 13) To ensure that undertakings providing public communications networks or publicly available electronic communications services take appropriate technical and organizational measures to appropriately manage the risks posed to security of networks and services. W.r.t. the state of the art, these measures shall ensure a level of security appropriate to the risk presented. In particular, measures shall be taken to prevent and minimize the impact of security accidents on users and interconnected networks. To ensure that undertakings providing public communications networks take all appropriates steps to guarantee the integrity of their networks, and thus ensure the continuity of supply of services provided over those networks. To ensure that undertakings providing public communications networks or publicly available electronic communications services notify the competent national regulatory authority of a breach of security or loss of integrity that has had a significant impact on the operation of networks or services.

7 End Users interests and Rights (Dir. Direzione Studi, Ricerca e Formazione 2002/22/EC as amended by Dir.2009/136/EC) Article 20 (Contracts): To ensure that, when subscribing to services providing connection to a public communications network and/or publicly available electronic communications services, consumers, and other end-users so requesting, have a right to a contract with an undertaking or undertakings providing such connection and/or services... Article 21 (Transparency and publication of information): To oblige undertakings providing public electronic communications networks and/or publicly available electronic communications services to publish transparent, comparable, adequate and up-to-date information on applicable prices and tariffs, on any charges due on termination of a contract and on standard terms and conditions in respect of access to, and use of, services provided by them to end-users and consumers... Such information shall be published in a clear, comprehensive and easily accessible form. National regulatory authorities may specify additional requirements regarding the form in which such information is to be published. Article 22 (Quality of Service): After taking account of the views of interested parties, to require undertakings that provide publicly available electronic communications networks and/or services to publish comparable, adequate and up-to-date information for end-users on the quality of their services... To specify, inter alia, the QoS parameters to be measured and the content, form and manner of the information to be published, including possible quality certification mechanisms, in order to ensure that end-users, including disabled end-users, have access to comprehensive, comparable, reliable and user-friendly information.

8 Program Management (AGCOM) WP 1. The Information Society: users, contents & social networks WP 2. The demand for digital services WP 3. The offering of digital services & Future internet WP 4. The markets of digital services & contents Task 1.1. The Users Task 2.1. Digital divide Task 3.1. Services for users and enterprises Task 4.1. Innovation in digital services markets Task 1.2. Contents Task 1.3. Social networks Task 1.2. e-inclusion AGCOM 2011 Research Program Services & Contents for NGNs (SCREEN) Task 3.2. The application platforms Task 3.3. Future internet: scenarios Task 3.4. Future internet: enabling factors Task 4.2. The competition in new markets Task 4.3. Internet economy & search engines Universities / Research Centers

9 tag cloud Telepresence Cloud Computing Net Neutrality End-User Innovation Telemedecine Internet of things Persuasive Media Netcitizen Telework SCREEN Future Internet Copyright & Copyleft Web 3.0 Blogs Content Unlocking Social Network Prosumer E-learning

10 Approvazione Consiglio: 17 Dicembre 2010 Scadenza Avviso di Selezione: 16 Marzo 2011 Selezione: Settembre 2011 Kick Off: Novembre 2011 Riunioni di avanzamento mensili 1 Workshop di coordinamento / interim presentation: Marzo Workshop di coordinamento: Luglio 2012 Termine Programma di Ricerca: Ottobre 2012 Presentazione Finale al Consiglio AGCOM: Dicembre 2012 Milestones del Programma SCREEN

11 Grazie per l attenzione l!!! f.ananasso@agcom.it