35 risks identified by ENISA
Companies attracted to the computing-on-tap properties of cloud computing need to ask careful questions about security before they take to the skies, highlighted a report from an independent EU security agency.
The European Network and Information Security Agency (ENISA) identified 35 key security risks of cloud computing, as suppliers rush to grab their slice of an industry predicted by IDC to be worth €6,005m by 2013.
ENISA provided a checklist of questions to ask suppliers to help establish their security credentials. Key issues to look out for included lock-ins, failures in mechanisms to separate customer data and applications and legal problems, such as non-compliance with data protection legislation.
“The business case for cloud computing is obvious – it’s computing on tap, available instantly, commitment-free and on-demand. But the number one issue holding many people back is security,” Giles Hogben, an ENISA expert and editor of the report, said in a statement.
On the plus side, the report underlined how the scale and flexibility of cloud computing could bring security benefits. In particular, the ability to roll out security patches and call upon extra defensive resources, such filtering and re-routing, were far easier with the cloud.
The full report “Cloud Computing: Benefits, risks and recommendations for information security” is available free to download at http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/