The report recognises that public sector organisations are increasingly switching to cloud computing, and government clouds can simplify citizen interactions by reducing information processing time, lowering cost of government services and enhancing citizen data security. However, cloud adoption in the European government sector has been very heterogeneous.
ENISA recommends that member states develop a framework to mitigate loss of data control and a regulatory framework to address concerns regarding the physical location of data in the cloud. Governments should also encourage the development of government cloud solutions that are compliant with EU and country-specific regulations.
Creating a common framework for service level agreements (SLAs) and a pan-European certification framework for all government cloud providers to be accredited against could boost the take-up of government clouds, the report states.
It recommends that EU countries develop a set of security measures for all deployment methods to improve trustworthiness in the cloud supply chain, including the definition of standard procedures for the security certification of services and providers. The report also encourages academic research to be conducted on government cloud security.
Members states should also develop provisions for privacy enhancements, including ensuring compliance of cloud services with EU data protection laws, encryption by cloud provider and authenticated access by users.
ENISA finds that cloud technology offers scalability, elasticity, high performance, resilience and security, together with cost efficiency, to the public sector, and has issued these recommendations as guidelines to successfully roll out government cloud services.
These recommendations were provided based on an analysis of the present state of government cloud deployment in 23 countries across Europe. The full report is available here.