Cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency. Understanding and managing risks related to the adoption and integration of cloud computing capabilities into public bodies is a key challenge. Effectively managing the security and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate, and some cases to rethink, their processes for assessing risk and making informed decisions related to this new service delivering model.
This report identifies a decision-making model that can be used by senior management to determine how operational, legal and information security requirements, as well as budget and time constraints, can drive the identification of the architectural solution that best suits the needs of their organisation. The main objectives of the report are:
• to highlight the pros and cons, with regard to information security and resilience, of community, private and public cloud computing delivery models;
• to guide public bodies in the definition of their requirements for information security and resilience when evaluating cloud computing service delivery models;
Moreover this report wants to indirectly to support European Union Member States in the definition of their national cloud strategy with regards to security and resilience.