ENISA adds Cloud Industry Forum's code of practice to certified cloud scheme list
Published 18 June 2015
ENISA, the EC's European Union Agency for Network and Information Security, has this month officially recognised the Cloud Industry Forum's Code of Practice for Cloud Service Providers by adding the Code to ENISA's Cloud Certification Schemes List (CCSL).
ENISA stated: "Before buying a cloud service, customers want to know if the service is secure and reliable...the idea of a certification scheme is to check one basic set of security requirements, once for all customers. In this way certification can simplify the procurement of cloud services by customers. Note that certification schemes do not replace the need for customers to do due-diligence when procuring, rather certification is a way to simplify this process".
Certified cloud schemes can be used as a measure to ensure that information stored by the cloud provider is being held in accordance with industry approved standards and best practice guidelines. It is worth pointing out however that ENISA advises companies carry out their own due diligence even where the cloud provider is certified as compliant with a code on the CCSL.
To view CIF's press release, please click here.
What action could be taken to manage risks that may arise from this development?
Companies should consider a cloud provider's certification when assessing its security.