ENISA recommends service protection criteria
By Manon Malhère | Tuesday 03 April 2012
Given that the aim of cloud computing is to facilitate the accessibility of data across borders, guaranteeing the security of these data is critical. Therefore, o2 April, the Network and Information Security Agency (ENISA) published a guide defining parameters to control the security of these services
(1) mainly aimed at those who are in charge of IT purchases in the public sector. Cloud computing services allow the storage and treatment of data on external servers; therefore one can access these data in real time from anywhere in the world. Individuals, enterprises and public administrations no longer need installations and IT infrastructures. The publication of this guide follows by a few months Digital Agenda Commissioner Neelie Kroes’ announcement of the launch of a European cloud partnership to harmonise the purchase of these services by public authorities (see
Europolitics 4352). Indeed, the Commission is convinced that the public sector can play a major role in the development of these cloud services.This partnership will be part of the EU strategy on cloud computing, which will most likely be published in July and will likely examine the current situation and the actions that need to be undertaken in order to promote this new technology (4391). In particular, discussions will focus on issues concerning interoperability and the standardisation of cloud systems (applications, infrastructures), but above all on the protection and security of data.
Professor Udo Helmbrecht, executive director of ENISA, comments: “Europe’s citizens trust public and private sector bodies to keep our data secure. With ever more organisations moving to cloud computing, ENISA’s new guidance is well-timed to help give direction in what is, for many buyers, a completely new area”.
The ENISA guide includes a checklist covering parameters to monitor the security of the following cloud services: data lifecycle management; service availability; incident response; service elasticity and load tolerance; technical compliance and vulnerability management; change management; data isolation; and log management and forensics.
This is not the first document on the matter that the agency has published. In November 2009, ENISA published a report entitled ‘Cloud computing: Benefits, risks and recommendations for information security’, listing detailed criteria to determine how reliable a provider is.
(1) The document is available at
www.europolitics.info > Search = 312180