Security: ENISA Cloud Computing Security Risk Assessment

enisa logo

Last week the European Network and Information Security Agency (ENISA) released its security risk assessment on cloud computing infrastructures.

The 123-pages report analyzes the new risks that Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) architectures may imply, evaluating three different scenarios: the SME migration to cloud computing services, the impact of cloud computing on service resilience, and the adoption of cloud computing in e-Government. was directly involved in the project, primarily contributing for the part about IaaS clouds.

The document doesn’t just cover the business and technical risks of adopting cloud computing. It also includes valuable legal recommendations that any company may want to check.

Here’s the list of contributors that worked on this paper:

  • Alessandro Perilli |
  • Andrea Manieri| Ingegneria Informatica
  • Avner Algom| The Israeli Association of GRID Technologies
  • Craig Balding|
  • Dr. Guy Bunker| Bunker Associates
  • John Rhoton (Independent Consultant)
  • Matt Broda | Microsoft
  • Mirco Rohr | Kaspersky
  • Ofer Biran | IBM
  • Pete Lindstrom | Spire Security
  • Dr Peter Dickman, Engineering Manager | Google
  • Philippe Massonet | Reservoir Project, CETIC
  • Raj Samani | Information Systems Security Association, UK
  • Simon Pascoe | British Telecom
  • Srijith K. Nair and Theo Dimitrakos | The BEinGRID Project, British Telecom
  • Dr Simone Balboni | University of Bologna
  • Dr.Paolo Balboni | Baker & McKenzie – Tilburg University
  • Kieran Mccorry | Hewlett Packard
  • W. David Snead, P.C. (Independent Attorney and Counselor)

Additional contribution came from several additional people, coming from the National Health Service (NHS) Technology Office, UK, RSA and Symantec, Symantec Hosted Services.