CONNECT – enabling YOUR organisations managed services.

No.1 business priority - lowering CAPEX and OPEX costs with Imtech’s solutions.

Unique network management tools, from end-to-end provisioning through to security.

Real-life lab simulations and ‘hands-on’ demos at Imtech’s V3 training facilities.

ENISA clears the fog on cloud computing security

As cloud computing continues its advance to become a mainstream option in the IT armouries of all types of organisation, concerns remain about the security of the proposition.

It’s a big step for enterprises to trust their most sensitive information to the cloud. ENISA, the European Network and Information Security Agency, is attempting to head off such concerns with the publication of a new report explaining the benefits and risks of the cloud approach and making recommendations for information security in the cloud.

With IDC forecasting a growth of European cloud services from €971 million in 2008 to €6billion in 2013, more and more organisations are set to adopt cloud services and technologies. The report explores how these businesses and governments can tap into the obvious benefits of cloud computing without putting their organisations at risk. It covers the technical, policy and legal implications and most importantly, makes concrete recommendations on how to address the risks and maximise the benefits for users.

ENISA’s report begins with a survey asking businesses their main concerns in moving into the cloud. “The picture we got back from the survey was clear,” says Giles Hogben, an ENISA expert and editor of the report. “The business case for cloud computing is obvious – it’s computing on tap, available instantly, commitment-free and on-demand. Yet the number one issue holding many people back is security – how can I know if it’s safe to trust the cloud provider with my data and in some cases my entire business infrastructure?”

The report answers this question with a detailed check-list of criteria which anyone can use to identify whether a cloud provider is as security-conscious as they could be. “This is the most important result of our report: our check-list isn’t just pulled from thin-air,” explains Daniele Catteddu, the ENISA report co-editor. “We based it on a careful risk analysis of a number of cloud computing scenarios, focusing on the needs of business customers. The most important risks addressed by the check-list include lock-in, failures in mechanisms separating customers’ data and applications, and legal risks such as the failure to comply with data protection legislation.”

Cattedu says the security check-list means that customers now know the right questions to ask and providers can answer those questions just once instead of being overloaded with requests for assurance about their security practices.

However, ENISA isn’t solely focusing on the potential security threats inherent to the cloud. Its executive director, Dr Udo Helmbrecht, points out the cloud can also be a security enabler. “The scale and flexibility of cloud computing gives the providers a security edge. For example, providers can instantly call on extra defensive resources like filtering and re-routing. They can also roll out new security patches more efficiently and keep more comprehensive evidence for diagnostics.”