This article originally appeared at The WHIR
Although the idea of government cloud has been supported by the European Union Agency for Network and Information Security (ENISA) since 2010-2011, agencies have been slow to adopt cloud services. Despite the benefits to government cloud such as savings of up to 30 percent and increased productivity, “not many public administrations are actively procuring Cloud services nor are they launching any test bed projects on Cloud computing (e.g. the European project “Cloud for Europe”),” according to report released by the ENISA last week.
The report identifies cloud use as an important economic tool, a fact that should encourage governments to adopt services to facilitate innovation. “Its direct economic value to the European Union is unambiguously substantial. Cloud computing is an accepted enabler for innovation and also widely advocated as such by the European Commission (EC) in their Digital Agenda,” according to the ENISA. “The EC considers that Cloud computing will be a game changer in our economy and the main obstacles impeding Cloud adoption are standards, certification, data protection, interoperability, lock-in, and legal certainty.”
In an effort to help other EU countries benefit from cloud services, the ENISA compiled use cases from early government cloud adopters Estonia, Greece, Spain, and the United Kingdom. Technical and security issues associated with the government cloud use cases were analyzed to produce a framework that other governments can use when implementing cloud.
The report specifically points out that it may be of use to cloud service providers “in order to identify and better understand specific needs and requirements that might be used to better tune their existing cloud service offerings.”
Austria, Denmark, Finland, France, Germany, Ireland, Spain and the UK were examined to determine the level of cloud services already implemented. Most countries are still in the development or planning stage and will still take a few more years to implement. The UK, Spain and Denmark have already adopted cloud services.
Legal issues such as data privacy regulations and data security are a key consideration in cloud adoption. New data regulations for the entire EU due out this year may further clarify issues to address in data migration and storage for government agencies.
Several studies were cited as reference for migration issues, including security and privacy. Egovernment readiness was identified as a major concern and area for future work. A recent study on the private sector regarding cloud use found that although most of organizations have some type of cloud, not all the data is stored there even though most companies would move to the cloud tomorrow if it were possible. One of the barriers to more widespread cloud adoption and use is application readiness. Many companies use programs that are designed to work with legacy infrastructure or haven’t been updated in a long time. Only 39 percent of applications were ready to move to the cloud.
Governments face the same types barriers to cloud adoption as the private sector.
Overall the study found little progress since first advocating the move to government cloud. Security and privacy continue to be key factors to take into account for migration and the main barrier for cloud adoption.
“The main security challenges, requirements and barriers in the cloudification of governmental services are related to: data protection and compliance, interoperability and data portability, identity and access management, auditing, adaptability and availability, as well as risk management and detailed security SLA formalization,” concluded the report. “There are no current studies that comprehensively analyse the security frameworks of currently running or planned governmental Cloud deployments. Hence, there are no guidelines to define a generic security framework that allows to assess and benchmark Gov Cloud security.”
The report attempted to identify guidelines taking into account these challenges, that could facilitate a move to the cloud. “Based on the preliminary analysis of the state of the art and use cases presented in this document, together with the feedback obtained from the individual interviews, the Plan-Do-Check-Act (PDCA)12 was identified as a suitable continuous process to model information security management systems in Gov Clouds.”
These are the general steps a government agency could use to deploy cloud services, covered in great detail in the full report. Service providers who can help agencies implement PDCA and simplify this process for the government customer may find themselves with huge contracts.
This article originally appeared at http://www.thewhir.com/web-hosting-news/enisa-says-government-cloud-essential-economic-success-eu