Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitmentfree and ondemand. November 09 benefits, risks and recommendations for information security cloud computing a bout enisa the european network and information security agency enisa is an eu agency created to. B december 2012 x since the publication of the 2009 cloud risk assessment study, the perception of cloud computing has changed, and so has the perception of the associated risks. That it can keep sensitive corporate ip and data off of vulnerable endpoint devices. It is produced in the context of the emerging and future risk framework project. Benefits, risks and recommendations for information security 2009. Ultimately, you can outsource responsibility but you cant outsource accountability. The european union agency for cybersecurity enisa has been working to make. National security agency cybersecurity information mitigating cloud vulnerabilities while careful cloud adoption can enhance an organizations security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Recommendations for companies planning to use cloud. It security risks not specifically raised or magnified by cloud computing. European network and information security agency enisa. Cloud computing resilience and security of communication. The european network and information security agency enisa is a centre of network and information security expertise for the eu, its member states, the.
However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, cloud computing may present different risks. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types. Enisa the european network and information security agency released a new report on cloud computing benefits, risks and recommendations for information security. The is auditor of company a chose the risk it framework, supplemented with an understanding of the cloud controls matrix, enisas cloud computing risk assessment and the nist guidelines. Sp 800146, cloud computing synopsis and recommendations.
Security guidance for critical areas of cloud security. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from the. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from. Benefits, risks and recommendations for information security rev. As with any emerging information technology area, cloud computing. The ccsk is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. Cloud computing benefits, risks and recommendations for information security 4 executive summary cloud computing is a new way of delivering computing resources, not a new technology. As cloud computing is becoming the dominant it system, ccsk is applicable to a wide variety of it and information security. Benefits, risks and recommendations for information security enisa. Recommendations for companies planning to use cloud computing services from a legal standpoint, cnil finds that cloud computing raises a number of difficulties with regard to compliance with the legislation on the protection of personal data, in particular in the case of public cloud. The key conclusion of this paper is that the cloud s economies of scale and flexibility are both a friend and a foe from a security. Security guidance for critical areas of focus in cloud computing v1. Benefits, risks and recommendations for information securit y.
The security risk analysis approach for cloud computing aims to control cloud computing from the hidden flaw security issues that cloud computing adoption and concealment through the empirical. Benefits, risks and recommendations for information security fullsize image. This document reprises the nist established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. This is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. As the workforce continues to shift to a work at home, contractor and byod model, data is harder to control and at greater risk. How to ensure control and security when moving to saas. Computing services ranging from data storage and processing to software, such as email handling. Benefits, risks and recommendations for cloud security.
This paper focuses primarily on information security requirements for public cloud. Enisa cloud computing objectives 15 help business and governments to gain the cost benefits of cloud computing. Cloud computing is the new style of organizing it information technology. It covers the key technologies in cloud computing and. One of the top benefits cloud computing has for information security teams is. November 09 benefits, risks and recommendations for information. Enisa cloud computing security strategy dr giles hogben european network and information security agency enisa. Benefits, risks and recommendations for information security 10 business, serious damage to reputation or legal implications, it is hard or impossible for any other party to compensate for this damage. Risk it provides a list of 36 generic highlevel risk. Risks for the eu institutions posed by cloud computing which do not relate to compliance with the proposed regulation, such as any financial risks linked to the procurement of cloud services or those related to classified information.
The 2009 risk assessment is still one of the most downloaded papers on the enisa website. Benefits, risks and recommendations for information security 2009 assurance framework 2009 research recommendations 2009 gov cloud security and resilience analysis 2010 common assurance maturity modelcamm consortium 2010 2011 proposed procurement and monitoring guidance for government cloud. Information security benefit and top risks will be outlined and most importantly, concrete recommendations for how to address the risks and maximise the benefits. Cloud computing is a new way of delivering computing resources, not a new. Public cloud computing represents a significant paradigm shift from the conventional norms of an organizational data center to a deperimeterized infrastructure open to use by potential adversaries. Guidelines on security and privacy in public cloud computing. The permanent and official location for cloud security. November 09 benefits, risks and recommendations for. Benefits, risks and intellectual property issues1 ionela baltatescu ph. Benefits, risks and recommendations for information security the presentation cloud computing.
Cloud computing benefits, risks and recommendations for information security 3 list of contributors this paper was produced by enisa editors using input and comments from a group selected for their expertise in the subject area, including industry, academic and government experts. Security controls in cloud computing are, for the most part, no different than security controls in any it environment. Even though cloud computing provides compelling benefits and costeffective options for it hosting and expansion, new risks and opportunities for security exploits are introduced. Benefits, risks and recommendations for information security. Benefits and risks of moving federal it into the cloud. An analysis of security issues for cloud computing. Cloud computing data centers are environments with a huge concentration of computing power. At the same time, the cloud computing market and its customers have changed over time and this changes our perspective on cloud computing security. It has great benefits, but it also poses new security and governance risks. The result is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing.
Enisa cloud computing benefits, risks and recommendations for information security. The focus of this paper is on mitigation for cloud computing security risks as a fundamental step towards ensuring. Benefits, risks and recommendations for information security 10 are accessible through the internet and mediate access to larger sets of resources than traditional hosting providers and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities. Benefits of cloud computing services the main benefits of cloud computing. The certificate of cloud security knowledge ccsk addresses these risks. The report provide also a set of practical recommendations. Cloud computing benefits, risks and recommendations for.