Fundamentals and Theoretical Basis

SMEs’ competitiveness may rise as a result of the cloud services’ ability to relieve them and allow them to concentrate on their core competencies. However, not just businesses use it. Both government agencies and private citizens employ cloud-based IT services. Indeed, standardisation could be quite important for quality assurance and improvement, particularly when it comes to such futuristic subjects.

ISO/IEC JTC 1/SC 38 

When we look at the worldwide developments in this field, ISO/IEC JTC 1/SC 38 serves as the focus, proponent, and systems integration entity on Cloud Computing, Distributed Platforms, and the application of these technologies. Formed in October 2009, ISO/IEC JTC 1/SC 38 guides other entities in developing standards in these areas. 

The Subcommittee is addressing the demand pull from users, especially governments, for standards to assist them in specifying, acquiring and applying Cloud Computing and distributing platform technologies and services.

EUROPEAN UNION AGENCY FOR CYBERSECURITY

On the particularly European side, ENISA, the European Union Agency for Cybersecurity, is an agency that works to enhance cybersecurity in Europe. They provide guidance, expertise, and support to both EU member states and businesses to improve their cybersecurity posture. ENISA focuses on various cybersecurity topics, including cloud security and big data.

One of ENISA’s initiatives is the SME Cloud Security Tool, which is designed to assist Small and Medium-sized Enterprises (SMEs) in evaluating and enhancing the security of their cloud services. This tool offers functionalities such as risk and opportunity assessment, generating security questions, calculating and visualizing risks and opportunities, and providing customized sets of security questions based on the results.

The SME Cloud Security Tool allows organizations to rate the risks and opportunities associated with their cloud deployments. It provides a structured approach to understanding the security features of the cloud services being used and helps organizations make informed decisions about their cybersecurity strategies.

In the context of Europe, the SME Cloud Security Tool holds significant importance as it aligns with the broader objectives of enhancing cybersecurity across the region. By offering a practical and comprehensive solution designed for SMEs, it contributes to building a more secure and resilient digital environment for businesses in Europe. This aligns with the EU’s overarching goals of fostering a secure and trustworthy digital space for economic growth and innovation.

Cloud computing provides significant benefits to both public and private sector customers in terms of cost, flexibility, efficiency, security and scalability. However, cloud customers must be able to trust a cloud service provider (CSP), before they will entrust their data and applications to them. A recurring challenge is to ensure that personal data is processed by the CSP following the EU Data Protection Directive, its national transpositions and subsequent EU data protection laws, in particular the General Data Protection Regulation and any further European data protection legislation.

The purpose of the EU Data Protection Code of Conduct for Cloud Service Providers is to make it easier and more transparent for cloud customers to analyse whether cloud services are appropriate for their use case. The transparency created by the Code will contribute to an environment of trust and will create a high default level of data protection in the European cloud computing market, in particular for cloud customers such as Small and Medium enterprises (SMEs) and public administrations. 

Some industries and regions may have specific security standards or certifications that organizations, including SMEs, need to adhere to when using cloud systems. Examples include ISO 27001 for information security management. Certain industries, such as healthcare or finance, may have additional regulations governing the use of cloud systems. SMEs operating in these sectors should be aware of any industry-specific requirements. Regulations related to cross-border data transfer can impact SMEs that operate in multiple countries. Some jurisdictions may have restrictions on the transfer of certain types of data outside their borders.

Substantial efficiency improvements across the whole economy can be expected from cloud adoption by businesses and other organizations, especially SMEs. The cloud could be especially important for small businesses in struggling economies or remote and rural regions to tap into markets in more buoyant regions. Unleashing the Potential of Cloud Computing in Europe document is also one of the considerably “early” documents that draw the line of cloud computing within the European Union.

In a national sense, the necessary regulations on Cloud Computing vary from country to country, and SMEs working on this subject, which are updated according to the current conditions, need to obtain information from public institutions according to the country and taking into account the current updates.