ENISA Recommends Private Cloud For Public Sector

The public sector has been warned that private clouds remain the best option because of governance issues

Despite government pressure on the public sector to be more open, a new report from the European security agency ENISA has warned that private clouds remain the best option for organisations worried about governance issues.

ENISA recently warned of the possible security risks posed by the humble smartphone, but in its new report ENISA is hoping to present a balanced view on the cloud for senior management within the public sector.

“The new report presents a decision-making model for senior management to determine the best cloud solution from a security and resilience point of view”, said Daniele Catteddu, author of the report.

The report comes after analyst house Ovum predicted that the government will look to outsourcing and cloud computing in order to cut costs in 2011.

Cloud Warnings

“Public cloud offers a very high level of service availability, and is the most cost effective,” said Executive Director, Prof. Udo Helmbrecht. “Yet, currently its adoption should be limited to non-sensitive or non critical applications, in the context of a well-defined cloud adaptation strategy with a clear exit strategy.”

“Cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency,” says the report. “Understanding and managing risks related to the adoption and integration of cloud computing capabilities into public bodies is a key challenge.”

The report highlights the pros and cons of the security and resilience of community, private and public cloud models and offers up a SWOT analysis. It also aims to advise public bodies on the definition of their requirements for information security and resilience when evaluating cloud service delivery models.

“As a result of our analysis, we have concluded that the cloud computing service delivery model satisfies most of the needs of public administrations, since it offers scalability, elasticity, high performance, resilience and security,” said the report. “However, many public bodies have not yet built a model for assessing their organisational risks related to security and resilience.”

“Managing security and resilience in traditional IT environments is very challenging for public bodies,” it added. “Cloud computing presents some additional challenges. For example, understanding the shift in the balance of responsibility and accountability for key functions such as governance and control over data and IT operations, ensuring compliance with laws and regulations, and, in some instances, the poor quality of internet connectivity in some areas of the European Union.”

Report Recommendations

Among the recommendations made to governments and public bodies are that governments, as well as EU institutions, need to investigate the concept of an EU governmental cloud.

The report also warns that cloud computing will soon serve a significant portion of EU citizens, SMEs and public administrations, so governments need to be prepared for the uptake of cloud.

ENISA also believes that there needs to be a cloud computing strategy and a study of the role that cloud computing will play in the protection of critical information infrastructure. The British government for example has already earmarked £650 million for a national cyber security programme over a four year period.

ENISA remains convinced however that private and community clouds appear to be the solutions that best fit the needs of public administrations if they need to achieve the highest level of data governance.

“If a private or community cloud infrastructure does not reach the necessary critical mass, most of the resilience and security benefits of the cloud model will not be realised,” it said.