Subscribe To Our E-Newsletter
Follow Us On Twitter
Privacy And Cookies
Established 1996
Thursday 18 January 2018

BREAKING NEWS

ENISA publishes guide for monitoring cloud contracts

Written by staff reporter
2012-04-03

To address the challenge of cloud computing service procurement, cyber security agency, ENISA, has launched a practical guide for IT teams focusing on continuous security monitoring throughout the lifecycle of a cloud contract. The new guide focuses on public procurement, which accounts for nearly 20% of the EU's gross domestic product, around 2.2 trillion euro (Eurostat figures from 2009).

The publication builds on groundwork done by ENISA in 2009, when the agency produced an assurance framework and tool for IT teams to assess the security of service providers before making a decision to move to the cloud.

Professor Udo Helmbrecht, executive director of ENISA, comments: “With ever more organisations moving to cloud computing, ENISA’s new guidance is well-timed to help give direction in what is, for many buyers, a completely new area.”

A recent ENISA survey on service level agreements (SLAs) showed that many IT officers in public sector organisations hardly receive any feedback on important security factors, such as service availability, or software vulnerabilities. The Procure Secure guide helps customers to prepare for monitoring security on an ongoing basis. “ENISA’s guide emphasises the use of continuous security monitoring, in addition to certification and accreditation processes,” says Dr Giles Hogben, editor of the report.

The ENISA guide includes a checklist for procurement teams, as well as an in-depth description of each security parameter, what to measure and how. The security parameters covered are: service availability; incident response; service elasticity and load tolerance; data lifecycle management; technical compliance and vulnerability management; change management; data isolation; and log management and forensics.

This guide complements a number of cloud security papers published by ENISA, including its recent report, Cloud Computing: Benefits, Risks and Recommendations for Information Security.


Related Articles

Power transmission and distribution risk
Description
Mark Evans talks to Barry Menzies, head of MIDEL ester-based dielectric fluids, at specialist manufacturer M&I Materials, to discover how ester fluids can help reduce the risks associated with transformer applications.
Latest News Headlines
Industry News
Deborah Ritchie provides a summary of some of the latest stories in business risk, insurance and resilience
Most read stories...
World Markets (15 minute+ time delay)
FTSE
7,700.96
-24.47
S&P 500
2,798.03
-4.53
Nikkei 225
23,763.37
-104.97



Download the latest
digital edition of
CIR Magazine


AdvertisementAdvertisement