Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/4/2015
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cloud Security Alliance Announces Release of Security Framework for Governmental Clouds

Report jointly developed by CSA, ENISA and TU Darmstadt Provides Step-by-Step Approach for the Procurement and Secure Use of Cloud Services

Edinburgh, UK – March 2, 2015  The Cloud Security Alliance (CSA), announces the release of a new report aimed at providing guidance to European Member States on how to develop a security framework for managing the risk in Governmental Clouds. The Security Framework for Governmental Clouds, a collaboration by CSA Europe, the European Union Agency for Network and Information Security (ENISA) and TU Darmstadt, provides Member States with a step-by-step guide for the procurement and secure use of cloud services.

“This study is the result of great collaboration between CSA, ENISA and TU Darmstadt,” said Daniele Catteddu, Managing Director, EMEA for the CSA. “We hope that the results of this study will make a tremendous difference for not only government bodies in European countries, but also any country government, that may be struggling in defining its security posture in the cloud. By implementing this framework, government bodies can now more confidently adopt cloud services, while maintaining risks at an acceptable level.”

The Security Framework for Governmental Clouds addresses the need for a common security framework when deploying Government Clouds and builds on the conclusions of two previous ENISA studies.  The framework is structured into four phases, nine security activities and fourteen steps that detail the set of actions Member States should follow to define and implement a secure Government Cloud.  The guidance has also been empirically validated through the analysis of four Government Cloud case studies in Estonia, Greece, Spain and the United Kingdom, serving as examples to Government Cloud implementation.  The framework is recommended to be part of the public administrations’ toolbox when planning migration to the cloud, and when assessing the deployed security controls and procedures.  

“With cloud usage as a key information and communications technology enabler, the guidance to governments on the cloud usage opens significant socio-technical and actual usability benefits to users of the European Union digital market,” said Neeraj Suri, Professor at the TU Darmstadt.

The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/ monitoring, audit, change management and exit management. In essence, the framework serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption.

ENISA’s Executive Director commented: “The report provides governments with the necessary tools to successfully deploy cloud services. Both citizens and businesses benefit from the EU digital single market accessing services across the EU. Cloud computing is a fundamental pillar and enabler for growth and development across the EU.”

Studies show that the level of adoption of Government Cloud is still low or in a very early stage. Security and privacy issues are the main barriers and, at the same time, have become key factors to take into account when migrating to cloud services. Additionally, there is a clear need for cloud pilots and prototypes to test the utility and effectiveness of the cloud business model for public administration.

For the full report visit: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/govenmental-cloud-security/security-framework-for-govenmental-clouds

ENISA Contact: [email protected]

 

About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/13/2020
Where are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11496
PUBLISHED: 2020-10-19
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to ...
CVE-2020-15822
PUBLISHED: 2020-10-19
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
CVE-2020-24375
PUBLISHED: 2020-10-19
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
CVE-2020-7193
PUBLISHED: 2020-10-19
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7194
PUBLISHED: 2020-10-19
A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).