Today, 4th July, the steering board of the European Cloud Partnership will be meeting in Talinn. The European Cloud Partnership (ECP) is one of the key actions under the EU cloud strategy (launched by the European Commission in 2012) – subtitled ”Unleashing the Potential of Cloud Computing in Europe”.
The partnership brings together experts from industry and public sector and aims to improve public procurement of cloud services in Europe, by establishing common definitions of requirements, possibly going as far as joint procurement across borders. This should make the public sector more effective, i.e. save money and do more with less, while it would also stimulate a European cloud industry.
ENISA's role
ENISA, the EU Network and Information Security Agency, is working closely with the European Commission and the members of the European Cloud Partnership (ECP), providing technical advice about cloud computing security and resilience. Network and information security plays an important role in the adoption of cloud computing. One the one hand, some of the key benefits of cloud computing are security-benefits (safer software, higher availability, etc). On the other hand, numerous surveys and polls show that security concerns (governance, security measures, data protection requirements) are the key issues for customers – sometimes acting as a barrier to adoption.
Cloud partnership
At the meeting in Talinn, members of the cloud partnership will present a number of flagship projects. One of the ECP flagship projects initiated by F-Secure is to develop a procurement guide for SMEs – focussing on security and resilience issues. F-Secure has asked ENISA to leverage its expertise and experience to develop a brief and practical guide. As a first milestone of this flagship project today ENISA will launch the review of the first half of the guide, which focusses on security opportunities and risks. Experts from the ECP and experts from ENISA’s cloud security and resilience working group will be invited to provide feedback and input about what are the security opportunities and what are the main security risks for SMEs.
ENISA's Dr Marnix Dekker commented; "We would like to thank F-Secure, for initiating this flagship project, for involving us and we look forward to delivering quickly a high-quality result. We see this as a first step towards a long-term working relation between ENISA and the ECP, allowing us to provide expert advise on security and resilience topics, to the partnership."
Background:
Already back in 2009 ENISA started to develop guidance and recommendations on cloud computing security. The ENISA papers on cloud computing are widely quoted and used. They are perhaps best-known for the positive message underlining the security opportunities in cloud computing. We see cloud computing as a way to improve the level of security and resilience of IT, across the EU – also from a Critical Information Infrastructure Protection -CIIP- perspective for example.
ENISA now works with a select group of security experts from providers, academia, public sector and industry, to understand issues and validate analyses and recommendations. The group meets several times per year (over the phone and face-to-face) to discuss cloud security topics. To give an example of the topics under discussion, ENISA is trying to understand how (in practical terms) incident reporting to authorities could be implemented, what would be an efficient framework and how to provide added-value to the industry. The expert group acts as the backbone for the work of ENISA in this area.
Stay in contact!
If you are interested in the security guide for SMEs, or our other work on cloud computing security and resilience (securing governmental clouds, incident reporting in cloud computing, cloud computing and CIIP), contact us at cloud.security@enisa.europa.eu .
Useful Links:
ENISA Cloud computing Security and Resilience Expert group