How can businesses and governments get the obvious benefits of cloud computing without putting their organisation at risk? The EU's 'cyber security' agency, ENISA (the European Network and Information Security Agency) answers this question in a comprehensive, new report on "Cloud Computing: Benefits, risks and recommendations for information security". It covers the technical, policy and legal implications and most importantly, makes concrete recommendations for how to address the risks and maximise the benefits for users.
ENISA's new report is the first to take an independent, indepth look at all the security and privacy issues of moving into the cloud, outlining some of the information security benefits of cloud computing, as well as 35 key security risks. ENISA and their expert group started with a survey asking businesses their main concerns in moving into the cloud. "The picture we got back from the survey was clear:" says Giles Hogben, an ENISA expert and editor of the report - "the business case for cloud computing is obvious - it's computing on tap, available instantly, commitmentfree and ondemand. But the number one issue holding many people back is security - how can I know if it's safe to trust the cloud provider with my data and in some cases my entire business infrastructure?"
The report answers this question with a detailed checklist of criteria which anyone can use to identify whether a cloud provider is as securityconscious as they could be. "This is the most important result of our report: our checklist isn't just pulled from thinair," says Daniele Catteddu, the ENISA report coeditor - "we based it on a careful risk analysis of a number of cloud computing scenarios, focussing on the needs of business customers. The most important risks addressed by the checklist include lockin, failures in mechanisms separating customers' data and applications, and legal risks such as the failure to comply with data protection legislation." With the security checklist, customers now know the right questions to ask and providers can answer those questions just once instead of being overloaded with requests for assurance about their security practices.
Cloud computing also entails great economic interests, e.g. the IDC forecasts a growth of European cloud services from €971m in 2008 to €6,005m in 2013.
But as the report points out, cloud computing is also a security enabler. The Executive Director of ENISA, Dr Udo Helmbrecht, underlines: "The scale and flexibility of cloud computing gives the providers a security edge. For example, providers can instantly call on extra defensive resources like filtering and rerouting. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics."
ENISA's new report is the first to take an independent, indepth look at all the security and privacy issues of moving into the cloud, outlining some of the information security benefits of cloud computing, as well as 35 key security risks. ENISA and their expert group started with a survey asking businesses their main concerns in moving into the cloud. "The picture we got back from the survey was clear:" says Giles Hogben, an ENISA expert and editor of the report - "the business case for cloud computing is obvious - it's computing on tap, available instantly, commitmentfree and ondemand. But the number one issue holding many people back is security - how can I know if it's safe to trust the cloud provider with my data and in some cases my entire business infrastructure?"
The report answers this question with a detailed checklist of criteria which anyone can use to identify whether a cloud provider is as securityconscious as they could be. "This is the most important result of our report: our checklist isn't just pulled from thinair," says Daniele Catteddu, the ENISA report coeditor - "we based it on a careful risk analysis of a number of cloud computing scenarios, focussing on the needs of business customers. The most important risks addressed by the checklist include lockin, failures in mechanisms separating customers' data and applications, and legal risks such as the failure to comply with data protection legislation." With the security checklist, customers now know the right questions to ask and providers can answer those questions just once instead of being overloaded with requests for assurance about their security practices.
Cloud computing also entails great economic interests, e.g. the IDC forecasts a growth of European cloud services from €971m in 2008 to €6,005m in 2013.
But as the report points out, cloud computing is also a security enabler. The Executive Director of ENISA, Dr Udo Helmbrecht, underlines: "The scale and flexibility of cloud computing gives the providers a security edge. For example, providers can instantly call on extra defensive resources like filtering and rerouting. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics."
