Report raises cloud computing doubts
- 23 November 2009
A new report by the European Network and Information Security Agency around cloud computing has highlighted the benefits of the technology but warned against potential security issues.
The report, which partly bases its security assessment of cloud computing on an e-health scenario, maintains that given the reduced cost and flexibility it brings, cloud computing is compelling for many SMEs.
It states that the European market for cloud services will range from €971m in 2008 to €6 billion in 2013.
However, it identifies that the “major concerns in migrating to the cloud are around confidentiality of information and liability for incidents involving the infrastructure.”
The report, titled ‘Cloud Computing: benefits risks and recommendations for information security,’ uses e-health to define what cloud computing means for network and information security, data protection and privacy.
It assesses EuropeanHealth, a large government health service spread across several sites which caters for 60m citizens. The organisation uses an e-health platform that provides care and monitoring of patients with chronic illnesses in their home and uses a monitoring centre to decide when specialized services are needed.
It delivers the service using a cloud infrastructure called Gov-cloud which is provided by national governments solely for government services and is physically independent of the public internet.
The cloud also provides a means of transferring patient data securely using a customised email service for doctors and nurses.
From its analysis of the platform, the report concludes that cloud computing poses risks including a loss of governance over information by giving control to the cloud provider and data protection issues due to the inability to check the data handling practices.
It adds that security can also be compromised by the inability to completely delete data predominately because extra copies may be stored but are not available or because the disk that needs to be destroyed also stores data from other clients.
Whilst raising concerns about security, the document identifies that cloud computing does have several benefits including rapid, smart scaling of resource, standardised interfaces and audit and evidence gathering.
The report concludes: “Governments are interested in the possibility of using cloud computing to reduce IT costs and increase capabilities.
“Governments too have serious hurdles to overcome in term of public perception of the secure processing of citizens information in cloud computing infrastructures.”
Giles Hogben, an ENISA expert and editor of the report, said: “The business case for cloud computing is obvious – it’s computing on tap, available instantly, commitment-free and on-demand.
"But the number one issue holding many people back is security – how can I know if it’s safe to trust the cloud provider with my data and in some cases my entire business infrastructure?”
The report recommends that the European Commission studies or clarifies cloud providers obligations to notify their customers of security breaches, how best to support the minimum data protection standard across all member states and interoperability between cloud providers.
Link: Cloud Computing Risk Assessment