Deception. That could be the word that summarize our feelings after having contributed to the Cloud Standards Coordination (CSC) Working Group of ETSI (European Telecommunications Standards Institute) that was launched in December, 2012 in a meeting in Cannes with the objective to help the European Comission to "cut through the jungle of standards" and "to identify a detailed map of the necessary standards".
And why deception?
Basically because of two reasons:
- Firstly, because despite of having the instruction of developing a picture of actual situation, the report that will be published in some days will only include documents issued by Standards Developing Organizations (SDOs), leaving apart organizations like us only because being private organizations. Despite other considerations, private companies have shown being able to develop standards or, haven't you heard about PDF?
How can you make a diagnostic without considering all the existent documents [moreover when you have got it and you have to ignore it]?
- And, secondly, because the lack of vision of CSC. How can be that the Comission has shown more future vision that a group of professionals exclusively focused on security? We mena that Comission recomends develop security labeling systems to the industry, but CSC does not consider it relevant enough to be included in the report.
At the then, as we said, we feel deception. Deception because not having been able to show the virtus of security rating as security labeling system, and deception because, despite pretending to be an open forum, lobbies and the desire to keep the status quo (altough it has show to be ineffective) succeed again.
You can follow us on twitter.com/leet_security