The EU Agency for Network and Information Security (ENISA) announced in a press release that it has produced a report titled ‘Good Practice Guide for Securely Deploying Governmental Clouds’, which analyses the current state of play regarding governmental Cloud deployment in 23 countries across Europe, categorised on a scale of “Early adoptors”, “Well-Informed”, “Innovators” or “Hesitants”.

A high-level summary of the results for each category were as follows (country-specific analysis is available in full in the report):

  • Early adoptors: UK, Spain and France
  • These countries have a Cloud strategy in place and have taken place to implement the governmental Cloud
  • Well Informed: The Netherlands, Germany, Republic of Moldova, Norway, Ireland, Finland, Slovak Republic, Belgium, Greece, Sweden and Denmark
  • These countries have strategy but are yet to take steps to implement the governmental Cloud
  • Innovators: Italy, Austria, Slovenia, Portugal and Turkey
  • These countries do not have a Cloud strategy but may have a digital agenda that considers adoption of Cloud computing, but already have some Cloud services running based on bottom-up initiatives. Cloud implementation is forthcoming but will need to be supported by national/ EU level regulation.
  • Hesitants: Malta, Romania, Cyprus and Poland
  • These countries are planning to implement governmental Cloud in the future to boost competitive business, but currently have no strategy or Cloud initiatives in place

The report also sets out 10 recommendations for the secure development of governmental Clouds. These include:

  • Support the development of an EU strategy for governmental Clouds
  • Develop a business model to guarantee sustainability, as well as economies of scale for government Cloud solutions
  • Promote the definition of regulatory framework to address the locality problem
  • Promote the definition of a framework to mitigate the loss-of-control problem
  • Develop a common SLA framework
  • Enhance compliance to EU and country specific regulations for Cloud solutions
  • Develop certification framework
  • Develop a set of security measures for all deployment models
  • Support academic research for Cloud computing
  • Develop provisions for privacy enhancement

The Executive Director of ENISA, Professor Udo Helmbrecht, commented, “This report provides the governments the necessary insights to successfully deploy Cloud services. This is in the interest of both the citizens, and for the economy of Europe, being a business opportunity for EU companies to better manage security, resilience, and to strengthen the national cloud strategy using governmental Clouds.”