Enisa launches comprehensive cloud security report

Powered by SC Magazine

Checklist for firms looking to vet providers.

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks.

Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.

The report outlines the technical, policy and legal implications of security in the cloud, and makes recommendations for how to maximise the benefits for users, while mitigating the risks as far as possible.

"The picture we got back from the survey was clear. The business case for cloud computing is obvious - it's computing on tap, available instantly, commitment-free and on-demand," said Giles Hogben, editor of the report.

"But the number one issue holding many people back is security. How can I know if it's safe to trust the cloud provider with my data, and in some cases my entire business infrastructure?"

The report highlights 35 separate security risks, including data protection problems, loss of encryption keys and compliance challenges. The security assessment is based on three use-case scenarios: SME migration to cloud computing services; the impact of cloud computing on service resilience; and cloud computing in e-government.

"The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said.

"The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective."

The report then offers a checklist of criteria which organisations can use to identify the extent to which their cloud provider is conscious of the security risks.

The main risks highlighted by the checklist include lock-in, failings in the mechanisms separating data and applications, and legal risks, according to report co-author Daniele Catteddu.

"This is the most important result of our report," she said. "Our checklist isn't just pulled from thin air. We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers."

Copyright ©v3.co.uk

Enisa launches comprehensive cloud security report
Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.