-
Cloud Computing Risk Assessment
-
ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies. The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations.Produced by ENISA with contributions from a group of subject matter expert comprising representatives from Industry, Academia and Governmental Organizations, a risk assessment of cloud computing business model and technologies. This is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations. It is produced in the context of the Emerging and Future Risk Framework project.
Located in
Publications
-
Survey and analysis of security parameters in cloud SLAs across the European public sector
-
In the past, organizations would buy IT equipment (hardware or software) and manage it themselves. Today many organizations prefer to use cloud computing and outsourced IT services. The work of an organisation's IT officer has changed as a consequence: Instead of setting up hardware or installing software, IT officers now have to manage IT service contracts with vendors (cloud, datacentre, infrastructure, etc..). This survey gives a snapshot of how the IT officers in the European public sector are currently managing the security aspects of these service contracts. The survey produced full responses from 117 IT officers, from 15 different EU countries and all layers of government, who are either involved in procuring cloud or IT services or responsible for managing the SLAs.
Located in
Publications
-
Procure Secure: A guide to monitoring of security service levels in cloud contracts
-
A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery.
One-off or periodic provider assessments are a vital component of effective security management. However, they are insufficient without additional feedback in the intervals between assessments: they do not provide real-time information, regular checkpoints or threshold based alerting, as covered in this report.
Located in
Publications
-
Critical Cloud Computing-A CIIP perspective on cloud computing services
-
In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services.
Located in
Publications
-
Incident Reporting for Cloud Computing
-
The proposed NIS Directive mentions cloud computing explicitly. This is not surprising. Cloud infrastructures play an increasingly important role in the digital society. A large part of the EU’s Digital Agenda is the European cloud strategy which aims to speed up adoption of cloud computing for financial and economic benefits. ENISA has often underlined the security opportunities of cloud computing. In this report we analyse how cloud providers, customers in critical sectors, and government authorities can set up cloud security incident reporting schemes.
Located in
Publications
-
Security Framework for Governmental Clouds
-
ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy. It offers example approaches, based on four already deployed governmental cloud models in a national level namely: Estonia, Greece, Spain and United Kingdom. As this report is not only a guide but also a tool, in the Annex the reader will find the actual questionnaire template to use.
Located in
Publications
-
Good Practice Guide for securely deploying Governmental Clouds
-
In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe. Moreover through this document, ENISA aims to assist Member States in elaborating a national Cloud strategy implementation, to understand current barriers and suggest solutions to overcome those barriers, and to share the best practices paving the way for a common set of requirements for all Member States (MS).
Located in
Publications
-
Cloud Security Guide for SMEs
-
This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security. The risks and opportunities are linked to the security questions so the end result is customised according to the user's needs and requirements. This information is supported by two example use cases and an annex that gives an overview of the data protection legislation applicable and the authorities involved in each country.
Located in
Publications
-
Secure Use of Cloud Computing in the Finance Sector
-
In creating this report we analysed input from a number of different sources to better understand the usage of cloud services in the finance sector. Based on the analysis we provide recommendations to financial institutions, regulators and cloud service providers about what we believe should be done to support secure adoption of cloud services in the finance sector.
Located in
Publications
-
Big Data Security
-
The study aims at identifying the key security challenges that the companies are facing when implementing Big Data solutions, from infrastructures to analytics applications, and how those are mitigated. The analysis focuses on the use of Big Data by private organisations in given sectors (e.g. Finance, Energy, Telecom). However, more institutions (e.g. research centres, public organisations, and government agencies) has been considered as well.
Located in
Publications