Recommendations for companies planning to use cloud. This is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. Benefits, risks and recommendations for information securit y. Cloud computing benefits, risks and recommendations for. This paper focuses primarily on information security requirements for public cloud. Cloud computing benefits, risks and recommendations for information security 4 executive summary cloud computing is a new way of delivering computing resources, not a new technology. Benefits and risks of moving federal it into the cloud. Sp 800146, cloud computing synopsis and recommendations.
Recommendations for companies planning to use cloud computing services from a legal standpoint, cnil finds that cloud computing raises a number of difficulties with regard to compliance with the legislation on the protection of personal data, in particular in the case of public cloud. This paper introduces a detailed analysis of the cloud computing security issues and challenges focusing on the cloud computing types and the service delivery types. The focus of this paper is on mitigation for cloud computing security risks as a fundamental step towards ensuring. Information security benefit and top risks will be outlined and most importantly, concrete recommendations for how to address the risks and maximise the benefits. However, because of the cloud service models employed, the operational models, and the technologies used to enable cloud services, cloud computing may present different risks. How to ensure control and security when moving to saas. The certificate of cloud security knowledge ccsk addresses these risks. It is produced in the context of the emerging and future risk framework project. Benefits, risks and intellectual property issues1 ionela baltatescu ph. Security guidance for critical areas of focus in cloud computing v1.
Benefits, risks and recommendations for information security the presentation cloud computing. The is auditor of company a chose the risk it framework, supplemented with an understanding of the cloud controls matrix, enisas cloud computing risk assessment and the nist guidelines. Enisa cloud computing benefits, risks and recommendations for information security. Enisa the european network and information security agency released a new report on cloud computing benefits, risks and recommendations for information security. Computing services ranging from data storage and processing to software, such as email handling, are now available instantly, commitmentfree and ondemand.
One of the top benefits cloud computing has for information security teams is. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from the. The key conclusion of this paper is that the cloud s economies of scale and flexibility are both a friend and a foe from a security. Benefits, risks and recommendations for information security will cover some the most relevant information security implications of cloud computing from. Ultimately, you can outsource responsibility but you cant outsource accountability. The european network and information security agency enisa is a centre of network and information security expertise for the eu, its member states, the. Benefits, risks and recommendations for information security rev. Public cloud computing represents a significant paradigm shift from the conventional norms of an organizational data center to a deperimeterized infrastructure open to use by potential adversaries. Risk it provides a list of 36 generic highlevel risk. Cloud computing data centers are environments with a huge concentration of computing power. As the workforce continues to shift to a work at home, contractor and byod model, data is harder to control and at greater risk. B december 2012 x since the publication of the 2009 cloud risk assessment study, the perception of cloud computing has changed, and so has the perception of the associated risks. The security risk analysis approach for cloud computing aims to control cloud computing from the hidden flaw security issues that cloud computing adoption and concealment through the empirical. Benefits, risks and recommendations for cloud security.
Benefits, risks and recommendations for information security 10 business, serious damage to reputation or legal implications, it is hard or impossible for any other party to compensate for this damage. November 09 benefits, risks and recommendations for information. Benefits, risks and recommendations for information security 10 are accessible through the internet and mediate access to larger sets of resources than traditional hosting providers and therefore pose an increased risk, especially when combined with remote access and web browser vulnerabilities. Benefits, risks and recommendations for information security enisa. Benefits, risks and recommendations for information security 2009 assurance framework 2009 research recommendations 2009 gov cloud security and resilience analysis 2010 common assurance maturity modelcamm consortium 2010 2011 proposed procurement and monitoring guidance for government cloud. The permanent and official location for cloud security. As cloud computing is becoming the dominant it system, ccsk is applicable to a wide variety of it and information security. The 2009 risk assessment is still one of the most downloaded papers on the enisa website. Cloud computing is the new style of organizing it information technology. Benefits, risks and recommendations for information security fullsize image. The result is an indepth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing.
The european union agency for cybersecurity enisa has been working to make. Benefits, risks and recommendations for information security 2009. Even though cloud computing provides compelling benefits and costeffective options for it hosting and expansion, new risks and opportunities for security exploits are introduced. National security agency cybersecurity information mitigating cloud vulnerabilities while careful cloud adoption can enhance an organizations security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud. Cloud computing is a new way of delivering computing resources, not a new. Guidelines on security and privacy in public cloud computing. November 09 benefits, risks and recommendations for. Security guidance for critical areas of cloud security. The report provide also a set of practical recommendations. That it can keep sensitive corporate ip and data off of vulnerable endpoint devices. Enisa cloud computing objectives 15 help business and governments to gain the cost benefits of cloud computing.
This document reprises the nist established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. Cloud computing benefits, risks and recommendations for information security 3 list of contributors this paper was produced by enisa editors using input and comments from a group selected for their expertise in the subject area, including industry, academic and government experts. An analysis of security issues for cloud computing. It has great benefits, but it also poses new security and governance risks.
European network and information security agency enisa. Cloud computing benefits, risks and recommendations for information security from enisa3 as well as private initiatives e. Computing services ranging from data storage and processing to software, such as email handling. Risks for the eu institutions posed by cloud computing which do not relate to compliance with the proposed regulation, such as any financial risks linked to the procurement of cloud services or those related to classified information. Security controls in cloud computing are, for the most part, no different than security controls in any it environment. Enisa cloud computing security strategy dr giles hogben european network and information security agency enisa. At the same time, the cloud computing market and its customers have changed over time and this changes our perspective on cloud computing security. Cloud computing resilience and security of communication. The ccsk is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. November 09 benefits, risks and recommendations for information security cloud computing a bout enisa the european network and information security agency enisa is an eu agency created to. As with any emerging information technology area, cloud computing. Benefits, risks and recommendations for information security. It security risks not specifically raised or magnified by cloud computing. Benefits of cloud computing services the main benefits of cloud computing.
490 861 993 133 851 338 745 656 1415 942 244 979 66 1540 190 581 138 1091 460 1431 367 449 198 730 1053 1271 1027 819 732 103 161 181