New Report on Cloud Security Available
A new report released on November 20th by the European Network and Information Security Agency (ENISA) outlines the benefits and potential pitfalls of cloud computing. The 123-page report, “Cloud Computing: Benefits, Risks and Recommendations for Information Security,” offers recommendations to businesses on how to minimize the security risks of trusing their data to a cloud provider.
This report seems right on time, as more companies turn to the cloud to do business, drawn by lower maintenance and costs. Analysts IDC expects worldwide spending on cloud services to hit $17.4 billion, climbing to $44.2 billion by 2013.
The ENISA report spells out the risks of, well, risk, on cloud computing. While cloud-service providers offer 24/7 availability, data centers can go down. And customers relinquish security – which they previously handled on their own – to providers.
It also discusses the dangers of customers becoming dependent on a single provider, facing challenges if they want to move data and apps to a different provider. Further, companies could face risks from regulatory audits on the data they keep on the cloud, the report said. And, because we all know that tasks lists tend to be bigger than what we actually get done, some cloud providers may not fully or properly delete data when a customer requests it.
In its report, ENISA outlines measures that companies can take to safeguard their security when dealing with cloud-service providers.
It recommends that firms perform risk assessments, essentially comparing the potential risks of storing data in the cloud against keeping files in an internal data center. It’s a good idea to also compare different cloud providers to narrow the list and then obtain service-level assurances from selected providers. It says, too, that customers should clearly specify which services and tasks are to be handled by internal IT and which by its cloud provider.
I recommend, too, that companies making the leap to the cloud employ 24/7
website and server monitoring services that can warn customers if cyber crooks are attempting unauthorized access to data or trying to breach firewalls.
ENISA even provides a checklist and detailed questions that customers can use when shopping for a cloud provider.
This is a great read; I encourage you to take a look at the full report on cloud security.