Assessing the risk of cloud computing

The European Network and Information Security Agency (ENISA) has a new report out:  “Cloud Computing: Benefits, risks, and recommendations for information security”. This report does  a good job of laying out definitions of “the cloud”, including breaking it down into more meaningful services (SaaS, PaaS, and IaaS), and walking through how to think about the risks rather than just whipping up a bunch of horror stories.  Some of the nice attributes of the study include:

  • identification of the top risks of cloud computing in general
  • clear, detailed walk through of the risk assessment process that an organization should follow to assess its own risks, with several examples
  • balances consideration of the risk of not using the cloud

The study is also notable as a good example of how to perform and present an ISO 27005 risk assessment.

A few other good resources for thinking about the risk of cloud computing:

Explore posts in the same categories: Cloud Computing, Information Risk Governance, Risk Management, Third-party risk

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: