EU agency releases cloud security guide

April 4, 2012

Businesses and government organizations around the world continue to adopt cloud services at a rapid pace, leading to decreased IT costs, greater productivity and enhanced innovation. However, despite these and many more benefits, some cloud users still struggle to properly secure critical data and applications in the cloud, leaving them vulnerable to hacking, data breaches and other threats.

In Europe and the United States, cloud computing has quickly become a mainstream IT solution for infrastructure, data storage, application hosting and several other functions. The European Union continues to develop data security and cloud security standards, as it recently launched comprehensive data protection legislation and the European Cloud Partnership. On April 3, the European Network and Information Security Agency (ENISA) released a new guide for monitoring cloud computing contracts.

The new guide builds upon a previous publication in 2009 and focuses on best practices for organizations regarding their acquisition of cloud services and security in the cloud throughout the product's entire lifecycle. This report specifically targets government cloud adoption, which has skyrocketed in recent months in spite of many officials still having concerns about cloud security.

"Europe's citizens trust public and private sector bodies to keep our data secure," said Udo Helmbrecht, executive director of the ENISA. "With ever more organisations moving to cloud computing, ENISA's new guidance is well-timed to help give direction in what is, for many buyers, a completely new area."

Meanwhile, Giles Hogben, editor of the report, said the guide "emphasises the use of continuous security monitoring, in addition to certification and accreditation processes."

The framework provides an in-depth look at eight important security parameters, such as service availability, incident response, technical compliance and vulnerability management, log management and forensics, data isolation and change management. The report will be present at the SecureCloud 2012 conference, an educational and networking event in May focusing on cloud security and hosted by the Cloud Security Alliance (CSA) and ENISA, among others.

The ENISA guide is one of several recent attempts the EU has made to improve security in the cloud and promote greater adoption among enterprises and government organizations. In January, the European Commission launched the European Cloud Partnership, working group of experts, officials, cloud users and service providers. The partnership is designed to support increased cloud adoption through the development of ubiquitous standards and security requirements across the EU.

-McAfee Cloud Security