The European Union Agency for Network and Information Security (ENISA) has released a step-by-step guide for public sector bodies on procuring cloud services.
The new Security Framework for Governmental Clouds serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption.
It outlines four phases, nine security activities and 14 steps that councils and other public bodies should take when procuring cloud services.
Professor Udo Helmbrecht, ENISA’s executive director said: “The report provides governments with the necessary tools to successfully deploy cloud services. Both citizens and businesses benefit from the EU digital single market accessing services across the EU.
“Cloud computing is a fundamental pillar and enabler for growth and development across the EU”.
The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/monitoring, audit, change management and exit management.
According to ENISA, the UK is one of just four EU countries which are currently at an advanced stage of cloud procurement activity, along with Estonia, Greece and Spain.
Elsewhere, adoption is at a low or early stage, with security and privacy issues acting as the main barriers.