Security & Resilience in Governmental Clouds
This paper has been produced by ENISA and is targeted to public bodies that are planning to migrate their infrastructures and data in the cloud.
Despite it is aimed to the procurement and governance of cloud services in a public sector perspective, much of the study is also applicable to private sector procurement.
Cloud computing service delivery model seems to satisfy most of the needs of public administrations since it offers scalability, elasticity, high performance, resilience and security. However, many public bodies have not yet built a model for assessing their organizational risks related to security and resilience.
This paper explains how to effectively manage the security and resilience issues related to cloud computing capabilities and how to innovate the processes for assessing risk and making informed decisions. The report identifies a decision-making model that can be used by senior management to determine how operational, legal and information security requirements, can drive the identification of the architectural solution that best suits the needs of their organisation. In particular, the analysis is based on three possible cloud usage scenarios: healthcare, local public administration and publicly-owned cloud infrastructure as a business incubator.
For the legal analysis and recommendations, see pp. 99 – 122
Download the paper here.