Enisa launches comprehensive cloud security report

Powered by SC Magazine
 

Checklist for firms looking to vet providers.

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks.

Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.

The report outlines the technical, policy and legal implications of security in the cloud, and makes recommendations for how to maximise the benefits for users, while mitigating the risks as far as possible.

"The picture we got back from the survey was clear. The business case for cloud computing is obvious - it's computing on tap, available instantly, commitment-free and on-demand," said Giles Hogben, editor of the report.

"But the number one issue holding many people back is security. How can I know if it's safe to trust the cloud provider with my data, and in some cases my entire business infrastructure?"

The report highlights 35 separate security risks, including data protection problems, loss of encryption keys and compliance challenges. The security assessment is based on three use-case scenarios: SME migration to cloud computing services; the impact of cloud computing on service resilience; and cloud computing in e-government.

"The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said.

"The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective."

The report then offers a checklist of criteria which organisations can use to identify the extent to which their cloud provider is conscious of the security risks.

The main risks highlighted by the checklist include lock-in, failings in the mechanisms separating data and applications, and legal risks, according to report co-author Daniele Catteddu.

"This is the most important result of our report," she said. "Our checklist isn't just pulled from thin air. We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers."

Copyright ©v3.co.uk


Enisa launches comprehensive cloud security report
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 762

Vote