Cloud computing resilience and security of communication. It has great benefits, but it also poses new security and governance risks. The 2009 risk assessment is still one of the most downloaded papers on the enisa website. Cloud computing benefits, risks and recommendations for. Benefits, risks and recommendations for information security the presentation cloud computing. As cloud computing is becoming the dominant it system, ccsk is applicable to a wide variety of it and information security. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types.
Benefits, risks and recommendations for information securit y. Risks for the eu institutions posed by cloud computing which do not relate to compliance with the proposed regulation, such as any financial risks linked to the procurement of cloud services or those related to classified information. The european network and information security agency enisa is a centre of network and information security expertise for the eu, its member states, the. The report provide also a set of practical recommendations. One of the top benefits cloud computing has for information security teams is. Benefits, risks and recommendations for information security 10 are accessible through the internet and mediate access to larger sets of resources than traditional hosting providers and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities. November 09 benefits, risks and recommendations for information security cloud computing a bout enisa the european network and information security agency enisa is an eu agency created to. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, cloud computing may present different risks. Benefits, risks and recommendations for information security rev. Enisa cloud computing objectives 15 help business and governments to gain the cost benefits of cloud computing.
The focus of this paper is on mitigation for cloud computing security risks as a fundamental step towards ensuring. National security agency cybersecurity information mitigating cloud vulnerabilities while careful cloud adoption can enhance an organizations security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Guidelines on security and privacy in public cloud computing. Information security benefit and top risks will be outlined and most importantly, concrete recommendations for how to address the risks and maximise the benefits. As the workforce continues to shift to a work at home, contractor and byod model, data is harder to control and at greater risk. Benefits, risks and recommendations for cloud security. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from the.
Cloud computing benefits, risks and recommendations for information security from enisa3 as well as private initiatives e. Recommendations for companies planning to use cloud computing services from a legal standpoint, cnil finds that cloud computing raises a number of difficulties with regard to compliance with the legislation on the protection of personal data, in particular in the case of public cloud. November 09 benefits, risks and recommendations for information. B december 2012 x since the publication of the 2009 cloud risk assessment study, the perception of cloud computing has changed, and so has the perception of the associated risks. It is produced in the context of the emerging and future risk framework project. Benefits, risks and recommendations for information security 10 business, serious damage to reputation or legal implications, it is hard or impossible for any other party to compensate for this damage. Benefits, risks and recommendations for information security fullsize image.
The key conclusion of this paper is that the cloud s economies of scale and flexibility are both a friend and a foe from a security. Benefits, risks and recommendations for information security enisa. How to ensure control and security when moving to saas. Cloud computing data centers are environments with a huge concentration of computing power. As with any emerging information technology area, cloud computing. The european union agency for cybersecurity enisa has been working to make. It covers the key technologies in cloud computing and. Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitmentfree and ondemand. The is auditor of company a chose the risk it framework, supplemented with an understanding of the cloud controls matrix, enisas cloud computing risk assessment and the nist guidelines. This is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. This paper focuses primarily on information security requirements for public cloud.
It security risks not specifically raised or magnified by cloud computing. Recommendations for companies planning to use cloud. The permanent and official location for cloud security. Enisa the european network and information security agency released a new report on cloud computing benefits, risks and recommendations for information security. Public cloud computing represents a significant paradigm shift from the conventional norms of an organizational data center to a deperimeterized infrastructure open to use by potential adversaries. November 09 benefits, risks and recommendations for. Cloud computing is a new way of delivering computing resources, not a new. Ultimately, you can outsource responsibility but you cant outsource accountability. Benefits, risks and recommendations for information security 2009 assurance framework 2009 research recommendations 2009 gov cloud security and resilience analysis 2010 common assurance maturity modelcamm consortium 2010 2011 proposed procurement and monitoring guidance for government cloud. That it can keep sensitive corporate ip and data off of vulnerable endpoint devices. Security guidance for critical areas of cloud security. This document reprises the nist established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. Enisa cloud computing security strategy dr giles hogben european network and information security agency enisa. Sp 800146, cloud computing synopsis and recommendations.
Cloud computing benefits, risks and recommendations for information security 3 list of contributors this paper was produced by enisa editors using input and comments from a group selected for their expertise in the subject area, including industry, academic and government experts. Risk it provides a list of 36 generic highlevel risk. Security guidance for critical areas of focus in cloud computing v1. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from. The result is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. Even though cloud computing provides compelling benefits and costeffective options for it hosting and expansion, new risks and opportunities for security exploits are introduced. Benefits, risks and recommendations for information security. The ccsk is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. Security controls in cloud computing are, for the most part, no different than security controls in any it environment. Benefits of cloud computing services the main benefits of cloud computing. The security risk analysis approach for cloud computing aims to control cloud computing from the hidden flaw security issues that cloud computing adoption and concealment through the empirical.
Benefits, risks and recommendations for information security 2009. Benefits, risks and intellectual property issues1 ionela baltatescu ph. An analysis of security issues for cloud computing. Cloud computing is the new style of organizing it information technology. Benefits and risks of moving federal it into the cloud. At the same time, the cloud computing market and its customers have changed over time and this changes our perspective on cloud computing security.
Cloud computing benefits, risks and recommendations for information security 4 executive summary cloud computing is a new way of delivering computing resources, not a new technology. The certificate of cloud security knowledge ccsk addresses these risks. European network and information security agency enisa. Computing services ranging from data storage and processing to software, such as email handling. Enisa cloud computing benefits, risks and recommendations for information security.