TRENDING:

Cloud Computing Security Addressed in EU Paper

Many Recommendations Applicable to U.S. Governments, Hospitals GovInfoSecurity.comJanuary 17, 2011    
Cloud Computing Security Addressed in EU Paper
A paper on how governments and healthcare organizations should approach deploying secure cloud computing was issued Monday by the European Network and Information Security Agency, advice that could be applicable to governments and hospitals in the United States.

The 146-page report from the European Union agency, Security and Resilience in Government Clouds: Making an Informed Decision, identifies a decision-making model that can be used by senior management to determine how operational, legal and information security requirements, can drive the identification of the architectural solution that best suits the needs of their organization.

"Effectively managing the security and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate, and some cases to rethink, their processes for assessing risk and making informed decisions related to this new service delivering model," the paper says.

The main objectives of the report are to highlight the pros and cons, with regard to information security and resilience, of community, private and public cloud computing delivery models and guide public bodies in the definition of their requirements for information security and resilience when evaluating cloud computing service delivery models.

Among the paper's recommendations:

  • Assess their risks and define their requirements (possibly using as a support those suggested in this report) in order to identify which cloud solution matches their needs. Administrators also should consider human factors and legal frameworks.

  • Review existing information security management policies and processes and assess how these would be addressed or supported in various cloud models.

  • Define acceptable levels of service - a benchmark to evaluate parameters such as availability and response time, for instance - for their requirements. Benchmarks will be used to measure the performance of services.

  • Identify the set of controls and their degree of specificity needed to reach a minimum acceptable level of data assurance and services resilience.

  • Guarantee that all the essential security, resilience and legal requirements are detailed in their service level requirements and specified in their service level agreements.

  • Provide tools, methodologies and governance structures to assure due diligence.

  • Ensure that satisfactory telecommunication connections, critical dependencies such as electricity, processing power and storage capacity are guaranteed and maintained.

  • Check the priority for the resumption of third-party communications and cloud services in the event of a disruption.

  • Test the business continuity plan along the whole services supply chain.
Previous
The Social Media Challenge
Next
NFC to Gain Ground in 2011

About the Author



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.