27 November 2009

Cloud Computing Risks

What are the business risks of using cloud services? Well, the European Network and Information Security Agency (ENISA) has published a thorough review of cloud computing benefits, risks and recommendations.

Partial image of a page from ENISA's document 'Cloud Computing Risk Assessment' showing part of the risk heat map for the SME example

I have mentioned web application security in the cloud on two occasions previously, but what are the wider issues? Risk assessment explanations can sometimes be rather dry and lacking in practical examples. The majority of ENISA's document is a walkthrough of a risk assessment for a real SME use case. Wow, not a bank!

In this particular use case, and it would of course be different for each organisation, the greatest risks were found to be loss of governance, compliance challenges and risk from changes of jurisdiction.

Whilst the analysis does not represent a real company nor any particular cloud services, the approach can be used by anyone wanting to undertake an analysis of the cloud computing risks in its own context. The document examines the risks for:

  • software (application) as a service (SaaS)
  • platform as a service (PaaS)
  • infrastructure as a service (IaaS)

and details:

  • technical risks
  • legal risks
  • risks not specific to the cloud.

A non-exhaustive list of vulnerability categories and asset types is included together with recommendations for an information assurance framework, legal recommendations and a thorough checklist of information assurance requirements. Overall, extremely useful.

If you have already assessed the risks and want more detail about information security, the guidance document from the Cloud Security Alliance is worth reading. Dennis Hurst (HP) spoke about the forthcoming update to this document at OWASP AppSec Washington DC 2009.

Posted on: 27 November 2009 at 16:10 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter


Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Cloud Computing Risks
ISO/IEC 18004:2006 QR code for https://clerkendweller.uk

Page https://www.clerkendweller.uk/2009/11/27/Cloud-Computing-Risks
Requested by on Wednesday, 25 November 2015 at 10:10 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use https://www.clerkendweller.uk/page/terms
Privacy statement https://www.clerkendweller.uk/page/privacy
© 2009-2015 clerkendweller.uk