Digital Transformation

ENISA launches cloud computing report

ENISA is launching a new report on the future of the cloud from a CIIP point of view.

The European Network and Information Security Agency (ENISA) has responded to the cloud computing boom and is launching a new investigation to assess its strengths and weaknesses from a Critical Information Infrastructure Protection (CIIP) perspective.

Indeed, the authority has recognised that not only is the cloud here to stay, it has already become an integral part of modern-day life, with an extremely high concentration of users in the vital finances, insurance and health sectors.

This will not always be the case and already the range of cloud users is expanding with businesses of all shapes, sizes and sectors looking to seek the advantages of paperless storage, disaster recovery and the power to analyse big data.

ENISA believes it will only be a matter of years before the majority of organisations will depend on cloud computing, with the service having tens of millions of users.

So, in order to pre-empt any questions and reassure businesses, it is looking at the potential of security breaches and outcomes of what would happen if one of these services gets hacked or pushed into difficulties by cyber criminals.

"From a security perspective, the concentration of data is a double-edged sword; large providers can offer state-of-the-art security and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens at once," ENISA’s Dr Marnix Dekker said.

ENISA executive director professor Udo Helmbrecht, commented that the cloud is now a tangible reality therefore the authority must prepare to prevent service failures and mitigate cyber attacks on cloud services.

The CIIP perspective has allowed the report authors to focus primarily on how to prevent these large-scale disruptions from even occurring.

As well as cyber attacks the report assess the potential difficulties that could occur in the event of a natural disaster and provides nine recommendations for the bodies that will be providing critical information infrastructure.