Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/4/2015
01:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cloud Security Alliance Announces Release of Security Framework for Governmental Clouds

Report jointly developed by CSA, ENISA and TU Darmstadt Provides Step-by-Step Approach for the Procurement and Secure Use of Cloud Services

Edinburgh, UK – March 2, 2015  The Cloud Security Alliance (CSA), announces the release of a new report aimed at providing guidance to European Member States on how to develop a security framework for managing the risk in Governmental Clouds. The Security Framework for Governmental Clouds, a collaboration by CSA Europe, the European Union Agency for Network and Information Security (ENISA) and TU Darmstadt, provides Member States with a step-by-step guide for the procurement and secure use of cloud services.

“This study is the result of great collaboration between CSA, ENISA and TU Darmstadt,” said Daniele Catteddu, Managing Director, EMEA for the CSA. “We hope that the results of this study will make a tremendous difference for not only government bodies in European countries, but also any country government, that may be struggling in defining its security posture in the cloud. By implementing this framework, government bodies can now more confidently adopt cloud services, while maintaining risks at an acceptable level.”

The Security Framework for Governmental Clouds addresses the need for a common security framework when deploying Government Clouds and builds on the conclusions of two previous ENISA studies.  The framework is structured into four phases, nine security activities and fourteen steps that detail the set of actions Member States should follow to define and implement a secure Government Cloud.  The guidance has also been empirically validated through the analysis of four Government Cloud case studies in Estonia, Greece, Spain and the United Kingdom, serving as examples to Government Cloud implementation.  The framework is recommended to be part of the public administrations’ toolbox when planning migration to the cloud, and when assessing the deployed security controls and procedures.  

“With cloud usage as a key information and communications technology enabler, the guidance to governments on the cloud usage opens significant socio-technical and actual usability benefits to users of the European Union digital market,” said Neeraj Suri, Professor at the TU Darmstadt.

The framework focuses on the following activities: risk profiling, architectural model, security and privacy requirements, security controls, implementation, deployment, accreditation, log/ monitoring, audit, change management and exit management. In essence, the framework serves as a pre-procurement guide and can be used throughout the entire lifecycle of cloud adoption.

ENISA’s Executive Director commented: “The report provides governments with the necessary tools to successfully deploy cloud services. Both citizens and businesses benefit from the EU digital single market accessing services across the EU. Cloud computing is a fundamental pillar and enabler for growth and development across the EU.”

Studies show that the level of adoption of Government Cloud is still low or in a very early stage. Security and privacy issues are the main barriers and, at the same time, have become key factors to take into account when migrating to cloud services. Additionally, there is a clear need for cloud pilots and prototypes to test the utility and effectiveness of the cloud business model for public administration.

For the full report visit: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloud-computing/govenmental-cloud-security/security-framework-for-govenmental-clouds

ENISA Contact: [email protected]

 

About the Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26854
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26855
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26857
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
CVE-2021-26858
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-27065, CVE-2021-27078.
CVE-2021-27065
PUBLISHED: 2021-03-03
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.