Press release from NET this morning:
SAN FRANCISCO & BRUSSELS–(BUSINESS WIRE)-- Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced it has joined the EU Cloud Code of Conduct (EU Cloud CoC) General Assembly, to help increase the impact of the trusted ecosystem and encourage more organizations to adopt GDPR-compliant cloud services. Cloudflare also announces that it has achieved two new cloud security certifications: ISO/IEC 27018:2019 and C5 – Cloud Computing Compliance Criteria Catalog – introduced by the Federal Office for Information Security in Germany.
The EU Cloud Code of Conduct brings trust and transparency to the European cloud computing market, helping organizations to source cloud services from GDPR-compliant providers. Importantly, following a positive opinion by the European Data Protection Board, the EU Cloud Code of Conduct was fully approved by the Belgium Data Protection Authority and is therefore a legally operational Code of Conduct pursuant to Article 40 of the EU’s General Data Protection Regulation (GDPR). The Code covers all cloud service layers and its compliance is overseen by accredited monitoring body SCOPE Europe. Cloudflare’s global network and strong commitment to upholding the very highest data protection standards will speed up adoption of cloud services across the continent by allaying users’ data protection concerns.
Commenting on the membership, Cloudflare’s Chief Privacy Officer, Emily Hancock said, “As many businesses are realizing the full flexibility of cloud services, building trust is paramount to addressing any data privacy and security concerns they may have. The EU Cloud CoC is leading the charge so that European companies can grow and innovate with compliance built in. We look forward to enabling more companies to benefit from the power of the cloud with confidence.”
Cloudflare has also obtained two new security and privacy compliance certifications, further reinforcing its commitment to security and data protection in Europe. ISO/IEC 27018:2019 is a global ISO privacy certification, implementing measures to protect the processing of personally identifiable information (PII) in public clouds acting as PII processors. Cloudflare is also certified as a PII Controller and PII Processor to ISO/IEC 27701:2019, which is aligned to various data protection regulations including the GDPR, and ISO 27001:2013. Meanwhile, the C5 attestation is an important validation against a defined baseline security level for cloud computing. Cloudflare received a C5 report in May 2022.
My thesis for being long NET is its ambition to become the fourth public cloud. Getting certifications from regulators and governmental bodies across the world is key to achieving that goal. I can’t imagine what a royal pain it must be to deal with all that, but kudos to them for doing it.
This isn’t my area of expertise, but my impression is that EU regulations are more stringent than in other places, which will hopefully make passing muster and gaining trust in other regions easier.
I also don’t know if these certifications represent full trust or if, like with the US government, they have more layers to go. Good news, in any case.