Information Age: News, analysis & insight for IT & business leaders

Don't use cloud for sensitive data, EU warns members

18 January 2011  Daniel Shane

ENISA report warns that complex data regulations mean that cloud computing services are unsuitable for government use

The European Union has warned that data handling regulations could be holding up governments' adoption of cloud computing.

A report published by the EU's European Network and Information Security Agency (ENISA) this week warns that, at present, government agencies in the EU bloc should only deploy cloud services for applications that do not process sensitive data.

Data handling legislation in some EU states prevent certain data types from being taken out of their respective national borders. This would cause problems in the case of public clouds, ENISA says, as providers' data centres may be elsewhere, such as in the US.

The ENISA document highlights further hurdles to adoption: "Cloud computing presents some additional challenges," it continues. "For example, understanding the shift in the balance of responsibility and accountability for key functions such as governance and control over data and IT operations, ensuring compliance with laws and regulations, and, in some instances, the poor quality of Internet connectivity in some areas of the EU."

The report suggests that state governments explore "whether current legal frameworks can be changed to facilitate the communication, treatment and storage of data outside national territory".

ENISA says that so-called private clouds are currently the most viable option for public sector bodies "since they offer the highest level of governance, control and visibility". Private clouds deliver services and infrastructure in highly virtualised form from an organisation's own data centre. This approach is exemplified by the UK government's proposed G-Cloud project, although the future of that initiative is uncertain following the departure of government CIO John Suffolk last month.

The European Union is currently reviewing its Data Protection Directive, which forms the basis of data protection law in member states, including the UK's Data Protection Act. In November 2010, it published a document of proposed amendments, and these included reviewing the way data exchange between countries is governed.

This week, the UK's former information commissioner Richard Thomas welcomed the EU's decision to review the directive, but remarked that "there is still a long way to go to draft balanced laws which will work in practice when so much personal information can flow so easily around cyber-space with no regard to national boundaries".

Comments  [1]

Bjarne Rasmussen
Tuesday 1st February 2011

The value of implementing Cloud means more agility, flexibility and reduced cost of running IT solutions.

With such a strong emphasis on the Public Sector reducing spending or, at best, with budgets staying flat, the Public Sector is still expected to do more for less in the services they provide to the public. With this in mind the adoption of Cloud services would be of good value. Cloud providers are already running IT with extremely high standards, and if they wish to provide excellent service in the Cloud for their customers, will have strong security implementation both through the IT infrastructure and IT systems. Holding back from using Cloud solutions because of law constrains around movement of data, or perceived weak security of Cloud providers will not help the public sector to achieve their objectives.

The EU should accelerate their efforts in harmonising the laws around privacy and sharing of data across borders and in that way help the public organisation to utilise the same services the private industry will be using.

More info here: http://community.ca.com/blogs/ittransformation/default.aspx

Report this comment »

People who read this also read...

 

White Papers

Read article

'Think Lean' When Developing Management System Documentation

Learn how to efficiently and effectively implement a document management system for your organization.

Read article

11 Hiring Trends for 2011

In this document, you'll get the insider info you need to give potential employers what they want and beat your competition in 2011. You'll learn about the most valuable certifications and the game-changing skills that can lead to more job security and stability.

Read article

12 Hiring Manager Secrets to Getting the IT Job You Want

Learn how you can make yourself a more attractive candidate now with PrepLogic's free 12 Hiring Manager Secrets to Getting the Job You Want.

More

More News

Dell's transformation yet to stem sales nosedive

PC maker and aspiring IT solutions provider sees revenue drop 4%, as even business spending on PCs plummets

Oracle releases HP documents discussing Itanium

Court documents from ongoing lawsuit suggest HP knew of Intel's plan to discontinue chips used in its mission-critical systems

Comms provider reopens "bomb-proof" data centre

Daisy Group has revamped a data centre based in a bank vault in Manchester. Meanwhile, engineering firm Arup outsources its data centre

IT glitch hits Clydesdale and Yorkshire Banks

Debit cards not working for the fifth time in two months

More News »

Related articles

Hadoop and MapReduce "taking the world by storm"

Popular 'big data' technologies represented just 0.25% of the business analytics market last year, but IDC predicts 60% annual growth until 2016

Govt departmental data sharing back on the cards

Francis Maude plans to increase the ability for departments to share data, Guardian reports, despite privacy backlash that followed Blair proposals

All customer data should be searchable – ICO

The UK's information watchdog spells out organisations' obligation to make personal data accessible to subjects

UK leads world in volume of open data

Cabinet Office minister Francis Maude emphasises number of datasets released by government under transparency initiative since May 2010

Advertisement
div class="banner">