ENISA Clears the Fog on Cloud Computing Security
By Enisa - European Network And Information Security Agency, PRNEThursday, November 19, 2009
BRUSSELS and HERAKLION, Greece, November 20 - How can businesses and governments get the obvious benefits of cloud
computing without putting their organisation at risk? The EU's 'cyber
security' agency, ENISA (the European Network and Information Security
Agency) answers this question in a comprehensive, new report on "Cloud
Computing: Benefits, risks and recommendations for information security". It
covers the technical, policy and legal implications and most importantly,
makes concrete recommendations for how to address the risks and maximise the
benefits for users.
ENISA's new report is the first to take an independent, in-depth look at
all the security and privacy issues of moving into the cloud, outlining some
of the information security benefits of cloud computing, as well as 35 key
security risks. ENISA and their expert group started with a survey asking
businesses their main concerns in moving into the cloud. "The picture we got
back from the survey was clear:" says Giles Hogben, an ENISA expert and
editor of the report - "the business case for cloud computing is obvious -
it's computing on tap, available instantly, commitment-free and on-demand.
But the number one issue holding many people back is security - how can I
know if it's safe to trust the cloud provider with my data and in some cases
my entire business infrastructure?"
The report answers this question with a detailed check-list of criteria
which anyone can use to identify whether a cloud provider is as
security-conscious as they could be. "This is the most important result of
our report: our check-list isn't just pulled from thin-air," says Daniele
Catteddu, the ENISA report co-editor - "we based it on a careful risk
analysis of a number of cloud computing scenarios, focussing on the needs of
business customers. The most important risks addressed by the check-list
include lock-in, failures in mechanisms separating customers' data and
applications, and legal risks such as the failure to comply with data
protection legislation." With the security check-list, customers now know the
right questions to ask and providers can answer those questions just once
instead of being overloaded with requests for assurance about their security
practices.
Cloud computing also entails great economic interests, e.g. the IDC
forecasts a growth of European cloud services from EUR971m in 2008 to
EUR6,005m in 2013.
But as the report points out, cloud computing is also a security enabler.
The Executive Director of ENISA, Dr Udo Helmbrecht, underlines: "The scale
and flexibility of cloud computing gives the providers a security edge. For
example, providers can instantly call on extra defensive resources like
filtering and re-routing. They can also roll out new security patches more
efficiently and keep more comprehensive evidence for diagnostics."
Download the full report.
www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-
assessment/
(Due to the length of this URL, it may be necessary to copy and paste
this hyperlink into your Internet browser's URL address field. Remove the
space if one exists.)
For interview arrangements: Ulf Bergstrom, Press & Communications Officer, ENISA, press at enisa.europa.eu, Mobile: +30-6948-460143
Tags: belgium, Brussels And Heraklion, ENISA - European Network and Information Security Agency, greece