ENISA clears the fog on cloud computing
security
Nov-20-09
How can businesses and governments get the obvious benefits of cloud computing without
putting their organisation at risk? The EU‟s „cyber security‟ agency, ENISA (the European
Network and Information Security Agency) answers this question in a comprehensive, new
report on “Cloud Computing: Benefits, risks and recommendations for information security”. It
covers the technical, policy and legal implications and most importantly, makes concrete
recommendations for how to address the risks and maximise the benefits for users.
ENISA‟s new report is the first to take an independent, in-depth look at all the security and
privacy issues of moving into the cloud, outlining some of the information security benefits of
cloud computing, as well as 35 key security risks. ENISA and their expert group started with a
survey asking businesses their main concerns in moving into the cloud. “The picture we got
back from the survey was clear:” says Giles Hogben, an ENISA expert and editor of the report -
“the business case for cloud computing is obvious – it‟s computing on tap, available instantly,
commitment-free and on-demand. But the number one issue holding many people back is
security – how can I know if it‟s safe to trust the cloud provider with my data and in some cases
my entire business infrastructure?”
The report answers this question with a detailed check-list of criteria which anyone can use to
identify whether a cloud provider is as security-conscious as they could be. “This is the most
important result of our report: our check-list isn‟t just pulled from thin-air,” says Daniele
Catteddu, the ENISA report co-editor – “we based it on a careful risk analysis of a number of
cloud computing scenarios, focussing on the needs of business customers. The most important
risks addressed by the check-list include lock-in, failures in mechanisms separating customers‟
data and applications, and legal risks such as the failure to comply with data prote