Enisa launches comprehensive cloud security report

By on
Enisa launches comprehensive cloud security report

Checklist for firms looking to vet providers.

The European Union's security agency has released a comprehensive report designed to teach public and private secret organisations and policy makers how to tap the benefits of cloud computing without falling foul of the security risks.

Cloud Computing: Benefits, Risks and Recommendations for Information Security is the first of its kind from the European Network and Information Security Agency.

The report outlines the technical, policy and legal implications of security in the cloud, and makes recommendations for how to maximise the benefits for users, while mitigating the risks as far as possible.

"The picture we got back from the survey was clear. The business case for cloud computing is obvious - it's computing on tap, available instantly, commitment-free and on-demand," said Giles Hogben, editor of the report.

"But the number one issue holding many people back is security. How can I know if it's safe to trust the cloud provider with my data, and in some cases my entire business infrastructure?"

The report highlights 35 separate security risks, including data protection problems, loss of encryption keys and compliance challenges. The security assessment is based on three use-case scenarios: SME migration to cloud computing services; the impact of cloud computing on service resilience; and cloud computing in e-government.

"The key conclusion of this paper is that the cloud's economies of scale and flexibility are both a friend and a foe from a security point of view," the report said.

"The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective."

The report then offers a checklist of criteria which organisations can use to identify the extent to which their cloud provider is conscious of the security risks.

The main risks highlighted by the checklist include lock-in, failings in the mechanisms separating data and applications, and legal risks, according to report co-author Daniele Catteddu.

"This is the most important result of our report," she said. "Our checklist isn't just pulled from thin air. We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers."

Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?