Kroes calls for better EU cloud security

The digital agenda commissioner has said cloud-computing companies must better build security into their data protection facilities to help move Europe towards a single digital market

Cloud-computing providers must build data security into their products to speed Europe's shift to a single digital market, EU digital agenda commissioner Neelie Kroes has urged.

"A cloud without robust data protection is not the sort of cloud we need. So these features should be well-integrated in the design of cloud-computing products and services, from the very beginning of the business processes," Kroes said on Thursday in a speech at the Les Assises du Numerique conference in Paris.

Neelie Kroes image

Digital agenda commissioner Neelie Kroes, pictured at an EU conference in May, also wants changes to the data protection legislation.

Data protection standards must also be transnational, she added, noting that "the free movement of personal data within the EU is another way to complete the digital single market in Europe".

The UK's communications minister Ed Vaizey stressed on Monday that access to cloud-computing services could ease companies' entrance into new business markets.

Kroes believes every consumer of cloud services in Europe should have two guarantees regarding their data: that their cloud supplier protects their personal data efficiently and in line with EU personal data protection standards, and that the governments of countries where host servers for cloud services are located must have legal frameworks in place that guarantee data protection and privacy.

The UK High Court ruled on Friday that the jurisdiction for digital data is that where the data's host server is based.

Kroes also said that changes must be made to the framework for European data protection legislation. She said transparency in the processing of personal data was key to the data protection framework, as were assurances that the minimum amount of data is being collected, the incorporation of a 'right to be forgotten' provision, the efficiency of data protection and the interoperability and portability of data.

One scheme working on building enhanced data security into the cloud is the part-EU-funded trustworthy clouds (TClouds) project. IBM announced Monday that it will be the principle technical lead for this project.

TClouds will be testbeds for new security mechanisms that remotely verify the security and resiliency of their cloud infrastructure. TClouds will also involve a form of cloud-to-cloud backup, with TClouds existing in a framework where each project's data is backed up across multiple places.

The stated goal of the TClouds project is to "develop an advanced cloud infrastructure that can deliver computing and storage that achieves a new level of security, privacy and resilience yet is cost-efficient, simple and scalable," according to the scheme's website. The project is being coordinated by Austrian technology consultancy company Technikon Research and Planning, and IBM is the technical lead on the project. Other partners include Philips and the University of Oxford.

The TClouds project is co-funded by the European Commission under the Seventh Framework Programme. The total project cost is €10.5m (£8.9m), with €7.5m put forward by the EC and the remainder put forward by the partners in the project, according to IBM. In July IBM launched a dedicated cloud-services centre in Ehningen, Germany.