Download: ENISA releases cloud procurement guide
The European Union Agency for Network and Information Security (ENISA) has released a step-by-step guide for public sector bodies on procuring cloud services.
The new Security Framework for Governmental Clouds serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption.
It outlines four phases, nine security activities and 14 steps that councils and other public bodies should take when procuring cloud services.
Professor Udo Helmbrecht, ENISA’s executive director said: “The report provides governments with the necessary tools to successfully deploy cloud services. Both citizens and businesses benefit from the EU digital single market accessing services across the EU.
“Cloud computing is a fundamental pillar and enabler for growth and development across the EU”.
The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/monitoring, audit, change management and exit management.
According to ENISA, the UK is one of just four EU countries which are currently at an advanced stage of cloud procurement activity, along with Estonia, Greece and Spain.
Elsewhere, adoption is at a low or early stage, with security and privacy issues acting as the main barriers.
External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme
Issue with Home Office database means tens of thousands could have erroneously received payments
The Matrix programme – which includes Treasury, Cabinet Office and DHSC – begins engaging with potential suppliers
Supplier appointed to two-year contract to provide services to government-wide Rosa service