Enisa launches comprehensive cloud security report

Powered by SC Magazine
 

Checklist for firms looking to vet providers.

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks.

Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.

The report outlines the technical, policy and legal implications of security in the cloud, and makes recommendations for how to maximise the benefits for users, while mitigating the risks as far as possible.

"The picture we got back from the survey was clear. The business case for cloud computing is obvious - it's computing on tap, available instantly, commitment-free and on-demand," said Giles Hogben, editor of the report.

"But the number one issue holding many people back is security. How can I know if it's safe to trust the cloud provider with my data, and in some cases my entire business infrastructure?"

The report highlights 35 separate security risks, including data protection problems, loss of encryption keys and compliance challenges. The security assessment is based on three use-case scenarios: SME migration to cloud computing services; the impact of cloud computing on service resilience; and cloud computing in e-government.

"The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said.

"The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective."

The report then offers a checklist of criteria which organisations can use to identify the extent to which their cloud provider is conscious of the security risks.

The main risks highlighted by the checklist include lock-in, failings in the mechanisms separating data and applications, and legal risks, according to report co-author Daniele Catteddu.

"This is the most important result of our report," she said. "Our checklist isn't just pulled from thin air. We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers."

Copyright ©v3.co.uk


Enisa launches comprehensive cloud security report
 
 
 
Top Stories
Abbott brings back Science minister in cabinet reshuffle
Science tacked onto to Industry title.
 
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1903

Vote
Do you support the abolition of the Office of the Information Commissioner?