European governments haven’t got a clue how to implement cloud services. So say the EU's own cybersecurity experts.
ENISA (the European Network and Information Security Agency) has released a report on the adoption of something it calls “Gov Cloud”, defined as “a deployment model to build and deliver services to state agencies (internal), to citizens and to enterprises”.
However, according to ENISA, although most countries recognise the benefits from adopting a business model like cloud and its benefits of scalability, resilience and portability, they are reluctant to take the next step and migrate services to the cloud.
Oddly enough, security and privacy issues are the biggest obstacles.
“Despite considerable efforts from the European Commission, ENISA and other international organisations, the level of adoption of Gov Clouds is still low. Some EU member states have already defined a cloud strategy, some others show a tactical or opportunistic adoption of cloud services, but very few (actually only UK and Spain) have defined and implemented a nationwide cloud strategy,” the report said.
ENISA therefore looked more closely at Estonia, Greece, Spain and the UK, which all have some sort of governmental cloud service, and have come up with a how-to guide for governments flinging their services at the sky.
The “handy step-by-step guide” contains four phases, nine security activities and 14 steps focussing on risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/monitoring, audit, change management and exit management.
The organisation said its guidelines are just a first step to establishing robust governmental cloud services and that there is a need for more cloud pilots.
Strangely, ENISA didn't highlight how centralised cloud services have actually worked in practice in Blighty – nor how the national exchequer benefited when HM Revenue and Customs swerved the GOV.UK cloud fiasco. ®