EU Report on Cloud Security
A report from the European Network and Information Security Agency (ENISA) – responsible for improving network and information security and organising defence against cyberattacks in the EU – has described cloud computing as a “double edged sword”.
ENISA note that the more services and resources stored in data centres mean that an attack can theoretically affect more people, as the effect will be multiplied. As short periods of downtime from large IaaS and PaaS services showed, attacks against large cloud vendors which provide service s to other vendors, such as Amazon EC2 and Windows Azure, could cause widespread disruption to service.
However, few, if any downtime to IaaS providers have come from malicious attacks, and in fact, the other side of the coin is in fact the protection that cloud computing has both on virtual attacks like DDoS attempts – as elasticity can distribute load through a large datacentre. The other aspect, the physical security of cloud services in datacentres, which are being constructed to withstand natural disasters and with high levels of physical security to prevent unauthorised access, also means that typically datacentres are more secure than on-premise server stacks.
The report recognises that cloud computing is here to stay, and will increase in importance as more businesses and public sector organisations begin to move data, services and platforms into the cloud. Harmonised standards and protocols will benefit all services and users, as security improves for everyone.