Private and community clouds best fit the IT needs of public administrations, says the EU's cyber security agency.
But, if a private or community cloud infrastructure does not reach critical mass, much of the resilience and security benefits of the cloud model will not be realised, according to a report on Governmental Cloud Computing by the European Network and Information Security Agency (Enisa).
The aim of the report is to support governmental bodies in taking informed, risk-based decisions regarding data security, service resilience and legal compliance on their way to the cloud, Enisa said.
The report highlights the security and resilience pros and cons of community, private and public cloud computing services for public bodies.
Udo Helmbrecht, executive director at Enisa, said public cloud offers a very high level of service availability and is the most cost-effective.
"Yet, currently its adoption should be limited to non-sensitive or non-critical applications, in the context of a well-defined cloud adaptation strategy with a clear exit strategy," he said.
The report makes several recommendations to governments and public bodies, including:
- National governments and institutions should investigate the concept of an EU governmental cloud.
- National governments should prepare a cloud computing strategy and study the role that cloud computing will play for critical information infrastructure protection.
- A national cloud computing strategy should address the effects of national/supra-national interoperability, interdependencies and cascading failures.