January 18, 2011 – A European Union data security agency is advising governments and health care agencies to adopt new data models and risk assessments with their information, as it expects adoption of cloud computing to take off across the continent.
The European Network and Information Security Agency (ENISA) outlined deployment guidelines, and risks and benefits of the cloud for E.U. member states with regard to public administration, health care and government infrastructure, in its report, “Security and Resilience in Governmental Clouds.” Findings in the agency’s 146-page report stem in part from discussions with data and security experts at European telecommunications agencies, as well as Google, eBay and the Cloud Security Alliance.
Public administrators and organizations with highly sensitive data, such as a hospital, must develop new data models and reviews of risk levels for any degree of cloud deployment, the agency advised. Contracts with providers should include the ability to constantly access and monitor data, and organizations need a legal framework for data storage outside of national boundaries to avoid exposing citizens and economies to “unacceptable risks,” ENISA stated.
Private and community clouds presently satisfy internal infrastructure and cost reduction goals for public administrators, the agency found. However, because of lingering security and legal questions, executive director Udo Helmbrecht, warned against deployment of all government or highly sensitive information.
“Currently [cloud] adoption should be limited to non-sensitive or non critical applications, in the context of a well-defined cloud adaptation strategy with a clear exit strategy,” said Helmbrecht.
As the cloud serves more and more SMEs and European citizens, the security agency said cloud guidelines must trickle up to the national level in order to address subsequent interdependencies, standardization, security risks and systems issues.
To read the full report and recommendations, visit here.
For more on how the EU is dealing with other emerging data concerns, click here.