The list has been put together by the European Union Network and Information Security Agency (ENISA) in support of the implementation of the European Cloud Computing Strategy.
Over the coming months the Commission and ENISA will work with the Cloud Select Industry Group (C-SIG) on certification – a group set up to help the Commission implement the Strategy – to further develop the list, for example by adding additional certification schemes.
A more detailed comparison of listed security certification schemes’ features, incorporating common public sector security requirements, is due in the second half of 2014 and will further improve transparency for potential cloud computing customers.
But cloud computing should not be seen primarily as a security risk – it also presents opportunities to reduce these risks. In the past, customers would mostly run their applications on local servers, on their own premises. In such a setting the burden of securing systems, patching, updating, hardening, falls on the user himself, whereas in cloud computing IT is outsourced and consumed online, as a pay-as-you-go service and users can often rely on the service provider's expertise for securing large parts of their systems.
Background information: see full article in net-cloud future magazine
"This list means more transparency and less confusion for the cloud computing market", according to European Commission Vice-President Neelie Kroes.