Unified Email Management

Mimecast Journal

Subscribe to Mimecast Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Mimecast Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Mimecast Journal Authors: Stratogen Hosting, RealWire News Distribution

Related Topics: Cloud Computing


EU Report Favors Private and Community Cloud Computing

Public Approach Still Has Security and Performance Issues, According to ENISA

A new EU report on the topic of Cloud Computing security may hold insights for vendors and customers throughout the world. Entitled, "Security and Resistance in Governmental Cloud," the report was published by the European Network and Information Security Agency (ENISA) with the participation of contributors from within the EU, Japan, and the US.

Long story short, the report endorses the use of private and community clouds, but still has doubts about public cloud. The reservations with public cloud include not only security (as expected), but also a potential regulatory problems and performance issues.

The report seeks to "indirectly support European Union Member States in the definition of their national cloud strategy with regards to security and resilience," according to its editor, ENISA's Daniele Cattedu. It states that "cloud computing offers a host of potential benefits to public bodies, including scalability, elasticity, high performance, resilience and security together with cost efficiency."

The report recommends a "staged" approach to cloud computing, due to its complexity and to allow administrators to become acquainted with what it can do and how it does it.

Private, Community, and Public
With the private-cloud approach it found no major issues in key areas that it identifies, including risk assessment, control, patching, access control, logging in and out, auditing, business continuity, and compliance. It does mention that this approach likely will not achieve the higher economies of scale found with public clouds.

With respect to community clouds, the report suggests that a community of governmental partners would have great leverage with vendors, but also would present a bigger target for potential attackers.

Even though a public-cloud approach can be the most economically efficient, there are concerns have to with a lack of leverage, plus the pesky problem of governments that may want data to stay in-country. A lack of control over how cloud-driven sites may perform also leads to worries about performance, particularly in the more remote areas of the UE (ie, Crete, Greece, where ENISA is located).

Malicious attacks are a prime topic in the report. It recommends a number of steps in looking at vendors to estimate and obviate the chances of such attacks succeeding: availability, MTBF, encryption keys (and much other geeky stuff), and the general case of "tolerance to malicious attacks."

The report notes the possibility of disruption from flash crowds and DDOS attacks as well. Leaks are also mentioned, specifically, the "sensitivity of reputation: the reputation of governments and public bodies may be extremely sensitive to the leakage of information and any other security incidents..."

To what possible precedent could this be referring?

More Stories By Roger Strukhoff

Roger Strukhoff (@IoT2040) is Executive Director of the Tau Institute for Global ICT Research, with offices in Illinois and Manila. He is Conference Chair of @CloudExpo & @ThingsExpo, and Editor of SYS-CON Media's CloudComputing BigData & IoT Journals. He holds a BA from Knox College & conducted MBA studies at CSU-East Bay.