Report warns against ‘public’ cloud amid complex data regulations….
The European Union has warned that data handling regulations could be holding up government adoption of cloud computing.
A report published by the EU’s European Network and Information Security Agency (ENISA) this week warns that, at present, government agencies in the EU bloc should only deploy ‘public’ cloud services for applications that do not process sensitive data.
Data handling legislation in some EU states prevent certain data types from being taken out of their respective national borders. This would cause problems in the case of public clouds, ENISA says, as providers’ data centres may be elsewhere, such as in the US.
The ENISA document highlights further hurdles to adoption: “Cloud computing presents some additional challenges,” it continues. “For example, ensuring compliance with laws and regulations.”
ENISA says that so-called private clouds are currently the most viable option for public sector bodies “since they offer the highest level of governance, control and visibility”. Private clouds deliver services and infrastructure in highly virtualised form from an organisation’s own data centre. This approach is exemplified by the UK government’s proposed G-Cloud project, although the future of that initiative is uncertain following the departure of government CIO John Suffolk last month.
The European Union is currently reviewing its Data Protection Directive, which forms the basis of data protection law in member states, including the UK’s Data Protection Act. In November 2010, it published a document of proposed amendments, and these included reviewing the way data exchange between countries is governed.
This week, the UK’s former information commissioner Richard Thomas welcomed the EU’s decision to review the directive, but remarked that “there is still a long way to go to draft balanced laws which will work in practice when so much personal information can flow so easily around cyber-space with no regard to national boundaries”.
Read the full report here: Security and Resilience in Government Clouds – ENISA Report