Enisa launches comprehensive cloud security report

Powered by SC Magazine

Checklist for firms looking to vet providers.

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks.

Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.

The report outlines the technical, policy and legal implications of security in the cloud, and makes recommendations for how to maximise the benefits for users, while mitigating the risks as far as possible.

"The picture we got back from the survey was clear. The business case for cloud computing is obvious - it's computing on tap, available instantly, commitment-free and on-demand," said Giles Hogben, editor of the report.

"But the number one issue holding many people back is security. How can I know if it's safe to trust the cloud provider with my data, and in some cases my entire business infrastructure?"

The report highlights 35 separate security risks, including data protection problems, loss of encryption keys and compliance challenges. The security assessment is based on three use-case scenarios: SME migration to cloud computing services; the impact of cloud computing on service resilience; and cloud computing in e-government.

"The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said.

"The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective."

The report then offers a checklist of criteria which organisations can use to identify the extent to which their cloud provider is conscious of the security risks.

The main risks highlighted by the checklist include lock-in, failings in the mechanisms separating data and applications, and legal risks, according to report co-author Daniele Catteddu.

"This is the most important result of our report," she said. "Our checklist isn't just pulled from thin air. We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers."

Copyright ©v3.co.uk

Enisa launches comprehensive cloud security report
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx