Government clouds offer "scalability, elasticity, high performance, resilience and security, together with cost efficiency." At the same time, says ENISA, they can "enable and simplify citizen interaction with government by reducing information processing time, lowering the cost of government services and enhancing citizen data security." There is little doubt that they can improve services and reduce costs for government departments.
But despite these obvious advantages, the state of cloud deployment in the government sector differs widely between the separate countries: it "is very heterogeneous in Europe," says the report. To help facilitate its purpose of “enabling and facilitating faster adoption of Cloud computing” throughout Europe, ENISA has analyzed the different levels of European cloud deployment. The purpose is ultimately to help develop standard best practices and a common set of requirements for all member states to speed the evolution of government cloud services.
ENISA recognizes four current categories among European countries: early adopters (countries with an overall cloud strategy and some progress on implementing it); well-informed (countries with a high-level strategy but no actual deployment), innovators (countries with no high-level strategy, but some existing cloud services); and hesitants (countries with no strategy and no services in place).
Its analysis forms the basis of ten specific recommendations on how secure governmental clouds can be developed and deployed. One of the key findings of the analysis is that individual governmental clouds are more advanced where the country concerned has a specific and clearly designed cloud strategy at the national level. For this reason its recommendations are aimed as much at the EC (for a European level of cloud deployment) as they are at member state governments (for national governmental cloud deployments). The very first recommendation is for the EC and national governments to work together to "support the development of an EU strategy to foster the adoption of gov-Cloud."
Other recommendations include a framework to mitigate the 'loss of control' issue and to address the 'locality problem'; a business model that guarantees sustainability and economies of scale and supports the development of an SLA framework; the support for privacy enhancement in the cloud, research into cloud security and the adoption of baseline security measures in both public and private cloud deployments together with a certification framework; and for both academia and cloud providers to foster research into government cloud security.
The report, says ENISA executive director Udo Helmbrecht, "provides the governments the necessary insights to successfully deploy Cloud services. This is in the interest both of the citizens, and for the economy of Europe, being a business opportunity for EU companies; to better manage security, resilience and to strengthen the national cloud strategy using governmental Clouds.“