Download: ENISA releases cloud procurement guide
The European Union Agency for Network and Information Security (ENISA) has released a step-by-step guide for public sector bodies on procuring cloud services.
The new Security Framework for Governmental Clouds serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption.
It outlines four phases, nine security activities and 14 steps that councils and other public bodies should take when procuring cloud services.
Professor Udo Helmbrecht, ENISA’s executive director said: “The report provides governments with the necessary tools to successfully deploy cloud services. Both citizens and businesses benefit from the EU digital single market accessing services across the EU.
“Cloud computing is a fundamental pillar and enabler for growth and development across the EU”.
The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/monitoring, audit, change management and exit management.
According to ENISA, the UK is one of just four EU countries which are currently at an advanced stage of cloud procurement activity, along with Estonia, Greece and Spain.
Elsewhere, adoption is at a low or early stage, with security and privacy issues acting as the main barriers.
Share this page
Tags
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Related Articles
In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...
Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils
Public Accounts Committee warns that lack of support could imperil delivery
Attackers had unauthorised access for nine days, outsourcing firm announces
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...