'Security, privacy' main barrier to 'government cloud' rollout in EU

We don't think that's why Gov.uk is not cloudified...

6 Reg comments Got Tips?

Security and privacy issues are holding back "the cloudification of governmental services" in the EU, according to a new report.

The European Union Agency for Network and Information Security (ENISA) said concerns about how sensitive data is protected in a cloud computing environment have not been resolved. It said data security and privacy issues were the main reasons that "deployment of governmental cloud computing is in general at a very early stage (click through for 40-page/3.03MB PDF)" in the EU.

"Security and privacy issues are considered as key factors to take into account for migration, and at the same time are the main barriers for adoption," ENISA said. "Protection of sensitive data is still an issue seeking solution, spanning from the SLA provisions to the actual technological mechanisms i.e encryption etc. Even though most countries recognise the benefits from adopting a business model like cloud (scalability, resilience, portability), they are reluctant to take the next step and migrate services to the cloud."

"The main security challenges, requirements and barriers in the cloudification of governmental services are related to: data protection and compliance, interoperability and data portability, identity and access management, auditing, adaptability and availability, as well as risk management and detailed security SLA formalisation," it said.

ENISA has proposed a 14-step security framework for governmental clouds to help boost take up of cloud computing by governments in the EU.

The steps range from taking initial measures to classify services that can be moved to the cloud, conducting a risk analysis and setting security requirements, to selecting security controls and verifying assurances about security offered by cloud providers. They also account for security controls testing and implementation of any "remedies", as well as the termination of cloud contracts and the deletion of data, among other things.

Copyright © 2015, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.


Biting the hand that feeds IT © 1998–2020