The European Network and Information Security Agency (ENISA) is in the process of releasing a report which looks at the cloud computing in relation to Critical Information Infrastructure Protection (CIIP), especially considering the fact that cloud computing is being used in evermore critical areas such as the finance, government, health and insurance sectors.
Very shortly, the vast majority of companies and organisations will be dependent on the cloud, with millions making use of it. What should happen therefore, if it fails? ENISA’s Dr. Marnix Dekker said that “from a security perspective, the concentration of data is a ‘double-edged sword’; large providers can offer state-of-the-art security, and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens at once.” We are not short of examples of such problems, with several large sites experiencing downtime in the last few years such as the “leap year bug” outage.
ENISA’s report looks at cloud threats from the perspective of CIIP. For instance, this deals with the possibility of cyber-attacks and disruptions, and how to prevent them. The following points are made:
1. Emphasized in the report is the fact that the cloud is becoming a critical infrastructure, given that so many more prominent organisations are using it.
2. Cloud computing can mitigate certain threats such as natural disasters (server colocation and managed hosting can avoid in-situ servers being destroyed such as during Hurricane Sandy) as well as Distributed Denial of Service attacks (DDoS)which are difficult to defend against when using onsite servers.
3. Cyber-attacks are dangerous and hackers will try and find faults in software, thus causing large scale data breaches, potentially affecting millions. The cloud cannot defend against certain cyber-attacks such as these.
4. There are also nine recommendations for any organisations with who are responsible for critical infrastructures. One of these is that large cloud providers and cloud infrastructures should be considered in the national risk assessment criteria of the country concerned. Another is that the degree to which organisations depend upon the cloud must be monitored closely – obviously the more dependent, the greater the risk from certain threats. The third is that incidents should be reported to a regulator of some sort.
ENISA’s Executive Director, Prof. Udo Helmbrecht said that : “Cloud computing is a reality and therefore we must prepare to prevent service failures and cyber-attacks on cloud services. The European Cyber Security and Cloud Computing Strategies provide a roadmap for this.”
This article was brought to you by VI.net, for dedicated server hosting, cloud servers and 24/7 support visit our site here www.vi.net