02.03.2015

ENISA: Report on Security Framework for Governmental Clouds

ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy. It offers example approaches, based on four already deployed governmental cloud models in a national level namely: Estonia, Greece, Spain and United Kingdom. As this report is not only a guide but also a tool, in the Annex the reader will find the actual questionnaire template to use.
Taken from the report: [...] The main security challenges, requirements and barriers in the cloudification of governmental services are related to: data protection and compliance, interoperability and data portability,
identity and access management, auditing, adaptability and availability, as well as risk management and detailed security SLA formalization. [...]