Storm clouds

EU's cyber security agency wary of Cloud computing

By: Information Daily Staff Writer
Published: Thursday, February 14, 2013 - 13:13 GMT Jump to Comments

ENISA report looks at Cloud computing from a security perspective and asks what would happen if a cloud service failed or was attacked.

The EU’s cyber security agency ENISA has launched a new report looking at Cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective, and identifying that Cloud computing is critical given the concentration of users and data and its growing use in critical sectors, such as finance, health and insurance.

In a few years, a large majority of organisations will be dependent on Cloud computing. Large Cloud services will have tens of millions of end-users. What happens if one of these cloud services fails, or gets hacked?

“From a security perspective, the concentration of data is a ‘double-edged sword’; large providers can offer state-of-the-art security, and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens at once”, Dr Marnix Dekker says. Last years, there have been many examples of failures affecting very large sites with millions of users (for example, the leap year bug outage). This report looks at the threats from a CIIP perspective, i.e. how to prevent large cyber disruptions and large cyber-attacks. The key messages of the report are:

+Critical infrastructure: Soon, the vast majority of organisations will use cloud computing notably also in critical sectors like finance, energy and transport. Cloud services are themselves becoming a critical information infrastructure.

+Natural disasters and DDoS attacks: A benefit of Cloud computing is resilience in the face of natural disasters and Distributed Denial of Service (DDoS)-attacks, which are difficult to mitigate using traditional approaches (servers on site, or single data centre).

+Cyber attacks: Cyber attacks exploiting software flaws can cause large data breaches, affecting millions of users, because of the large concentration of users and data. Physical redundancy does not safeguard against certain cyber attacks, such as data breaches exploiting software flaws.

The report also provides nine recommendations for bodies responsible for critical information infrastructures. Key points: Include large cloud services in national risk assessments, track cloud dependencies, and work with providers on incident reporting schemes.

The Executive Director of ENISA, Professor Udo Helmbrecht, commented: “Cloud computing is a reality and therefore we must prepare to prevent service failures and cyber attacks on cloud services. The European Cyber Security and Cloud Computing Strategies provide a roadmap for this.”

ENISA will launch a new working group focussing on CIIP and governmental Cloud security.

Share this article

Your comment

As you haven't logged in yet please either supply your name and email or login with your account.

By posting your comment, you agree to the privacy policy and terms of service.

Comments

Women in business

UK cannot afford to cut support for Adult Education says NIACE

Figures show that investing in Adult Education (AE) benefits the economy and reduces the costs of social care, health, and benefits- yet UK AE is losing ground at an alarming rate

Manufacturing survey "points to a wider recovery this summer"

Growth prospects amongst English manufacturing SMEs is at a twelve month high according to the latest Manufacturing Advisory Service (MAS) Barometer

UK energy efficiency could deliver £2.3billion in savings

Department for Energy and Climate Change (DECC) has released its response to the consultation on options to permanently reduce electricity demand.

Town Centre Solutions: Ten Steps to Success

Chris Wade, CEO of Action for Market Towns, sets out the strategic steps that councils, community groups and businesses need to take together to deliver the long-term revitalisation of their town centres.

Gamification - solution to aid learning and development

Can the concept of gamification provide an effective solution to aid learning and development in business, asks Peter Phillips, Chief Executive of Unicorn Training.

Are you technical?

Knowledge experts should stop focussing on how technical they are and instead focus on what they can do and do it well, says Ian Ross, Learning Technologies Manager for the Charity Learning Consortium.

The need for ICT consolidation in Scotland’s public sector

Technologies can help organisations improve productivity through ICT consolidation and should be able to make substantial cost savings, says Mark Weir, Country Manager for Scotland at F5.

Will new banks succeed?

Why would any organisation want to get into banking at the moment? Asks Dr Steve McCabe from Birmingham City University’s Business School.

Drop the 'e' in eLearning or expand it radically!

Either drop the beginning “e” in eLearning or widely expand its definition and scope, says Elliott Masie, Chair of The Learning Consortium at The MASIE Center.

Technology has given us a space to develop our people

Distance learning is not a new phenomenon... but technology is giving us many new possibilities, says David Williams, CEO and Founder of Impact International.

View features archive >

Latest

Keidel on the restorative powers of German-style saving banks

What drives the financial crisis, and what model is necessary to deal with it? Asks Dr Thomas Keidel, Director of Financial Market Relations at German Savings Banks Association (DSGV)

Impact of iodine deficiency on babies is "important health issue"

Iodine deficiency during pregnancy may lower the cognitive ability of some babies, researchers publishing in medical journal The Lancet have found.

Adult social services make strides in the provision of personal budgets

Association of Directors of Adult Social Services (ADASS) President Sandie Keene has praised the sector for widening and improving the spread of personal budgets for elderly and disabled people.

View news archive >

Latest Press Releases

NHS Innovation Challenge Prize for Dementia open for entries

The prize, announced by the Department of Health, will recognise innovative ways of integrating care for people with dementia.

HEFCE grant to encourage more students to study languages

The Higher Education Funding Council for England (HEFCE) has announced an additional £3.1 million programme to encourage more people to study languages at university.

Delivering on-demand cloud computing services to UK public sector

Max3000 to provide the public sector with monitoring & management of cloud services via Giii G-Cloud Framework

View press release archive >