Brussels, 05/04/2012 (Agence Europe) - The purchase of “cloud computing” services, which allows for data to be distance stored, are increasingly being made by governments and companies in the European Union. There are significant concerns about data security and to resolve this problem, the European Network and Information Security Agency (ENISA) has published a practical, “Procure Secure”: a new guide for monitoring cloud computing contracts.
The publication is based on thorough work carried out by ENISA that began in 2009 when the agency produced a guarantee structure and toolbox to enable computer teams to reliably assess service providers before deciding whether to use their cloud computing services or not. ENISA has now entered a new phase with the monitoring guide, which explains how cloud security services should be inspected throughout the contract period. The new guide focuses on public contracts, which represent almost 20% of European GDP and around €2.2 billion (Eurostat's 2009 figures). In a press release, Udo Helmbrecht, executive director of ENISA declared that, “Europe's citizens trust public and private sector bodies to keep our data secure. With ever more organizations moving to cloud computing, ENISA's new guidance is well-timed to help give direction in what is, for many buyers, a completely new area.” A recent ENISA report on service provider agreements showed that many people responsible for computer and network services in public organisations rarely receive directives on the most important security issues, such as the availability of services or software vulnerability. The guide helps future purchases prepare for continuous monitoring of data security, in addition to certification and accreditation processes, explained the author of the report, Giles Hogben. The ENISA guide includes a list of monitoring controls for purchasing teams and a detailed description of every security parameter, as well as what needs to be assessed and how evaluations can be made. The report will be presented in detail to the European 'SecureCloud 2012' conference on cloud computing. (IL/trans.fl)