EU Compliancy Cloud Framework-ish Smackdown
Rich Mogull
fwd:cloudsec Europe 2025 · Day 2 · Main Room
Rich Mogull — a 25-year security veteran and newly appointed chief analyst at the **Cloud Security Alliance (CSA)** — delivered a practitioner-oriented guide to navigating the chaotic landscape of EU cloud compliance regulations. With multiple overlapping regulations (**DORA**, **NIS 2**, **GDPR**) hitting simultaneously, member states missing their own enforcement deadlines, and existing frameworks like **ISO 27001** woefully outdated for cloud, Mogull presented a pragmatic system for organizing security programs that satisfies compliance requirements without drowning in checkbox exercises. His core thesis: do good security, then document it in a way auditors can understand.
AI review
A competent overview of EU compliance chaos for cloud practitioners, but this is pure governance and framework strategy with zero technical depth, no vulnerability research, no tooling, and no measurable security outcomes. Useful for CISOs filling out spreadsheets; irrelevant for anyone trying to actually prevent breaches.