ENISA publishes guide for monitoring cloud contracts

To address the challenge of cloud computing service procurement, cyber security agency, ENISA, has launched a practical guide for IT teams focusing on continuous security monitoring throughout the lifecycle of a cloud contract. The new guide focuses on public procurement, which accounts for nearly 20% of the EU's gross domestic product, around 2.2 trillion euro (Eurostat figures from 2009).

The publication builds on groundwork done by ENISA in 2009, when the agency produced an assurance framework and tool for IT teams to assess the security of service providers before making a decision to move to the cloud.

Professor Udo Helmbrecht, executive director of ENISA, comments: “With ever more organisations moving to cloud computing, ENISA’s new guidance is well-timed to help give direction in what is, for many buyers, a completely new area.”

A recent ENISA survey on service level agreements (SLAs) showed that many IT officers in public sector organisations hardly receive any feedback on important security factors, such as service availability, or software vulnerabilities. The Procure Secure guide helps customers to prepare for monitoring security on an ongoing basis. “ENISA’s guide emphasises the use of continuous security monitoring, in addition to certification and accreditation processes,” says Dr Giles Hogben, editor of the report.

The ENISA guide includes a checklist for procurement teams, as well as an in-depth description of each security parameter, what to measure and how. The security parameters covered are: service availability; incident response; service elasticity and load tolerance; data lifecycle management; technical compliance and vulnerability management; change management; data isolation; and log management and forensics.

This guide complements a number of cloud security papers published by ENISA, including its recent report, Cloud Computing: Benefits, Risks and Recommendations for Information Security.

    Share Story:

YOU MIGHT ALSO LIKE


The Future of Risk & Resilience with AI & Data
CLDigital's Co-Founder, Tejas Katwala, joins CIR Magazine to discuss how CLDigital is transforming enterprise risk and resilience. By integrating business processes, AI and data-centric strategies, organisations can move beyond compliance to proactive risk management – simplifying operations, strengthening resilience, and driving business performance. Listen now to explore the future of intelligent risk management.

Investec is disrupting premium finance – Podcast
Investec made waves in entering the premium finance market, where listening and evolving in response to brokers made a real difference.

Advertisement