In January, the European Union proposed new comprehensive data protection legislation designed to force businesses to improve their data security practices and better protect private customer information. A few months later, the EU is now setting its sights on another IT security issue.
Enterprises and government agencies across EU member states continue to adopt cloud services at a rapid pace, a trend experts believe is only beginning. However, with companies racing to gain the cloud's cost-saving, productivity and scalability benefits, many have failed to sufficiently secure critical applications and data in the cloud. The European Network and Information Security Agency (ENISA) recently attempted to tackle these concerns with the release of its new guide for monitoring cloud computing contracts and protecting company data in the cloud once the service is in use.
"Europe's citizens trust public and private sector bodies to keep our data secure. With ever more organizations moving to cloud computing, ENISA's new guidance is well-timed to help give direction in what is, for many buyers, a completely new area," said Udo Helmbrecht, executive director of ENISA, an EU agency that helps businesses and government organizations address, respond to and prevent network and data security problems.
According to the guide, the public and private sectors must improve security by better evaluating prospective cloud providers before entering a service-level agreement. The framework includes a checklist of several security parameters: service availability, incident response, data lifecycle management, data isolation, log management and forensics, technical compliance and vulnerability and change management. The agency said companies must also consider security after implementing cloud services, as it's imperative to ensure each cloud provider is meeting security requirements during the entirety of the contract. Failing to properly secure cloud environments can result in costly data breaches and hefty fines, especially under the new EU data protection laws.
"You need to be sure that the solution you are buying fits your security requirements," Marnix Dekker, co-author of the report, told Computerworld. "When users are more mature and ask the right questions the best cloud providers will be able to answer them, and security will improve."
Many cloud adopters are boosting security through using encryption and data protection technology from third-party providers. These advanced security solutions protect and monitor sensitive company data in private and public clouds and control access via key management and other encryption techniques.