Even better this publication is targeted directly at SMEs, (Small and Medium sized enterprises).
Published in mid April by the European Union Agency for Network and Information Security, www.enisa.europa.eu, it has a pretty good pedigree and outlines in a fairly concise manner information that is consequential to any decision to entertain cloud computing. It is 51 pages long so not everyone is going to read the whole thing but a quick summary can help get a good handle on how to approach a cloud computing decision.
One of the key parts of the document is the articulation of twelve questions or topics that you should consider when reviewing this field. Here is a quick summary of the topics covered.
- Organizational security, governance and risk management
- Responsibilities and liabilities
- Contingencies and backups
- Legal and administrative issues
- Human resources security
- Access Control
- Software security
- User, management and application programming interfaces
- Monitoring and logging
- Interoperability and portability
- Scaling, sizing and costs
- Compliance with national/international legislation
While these concerns could be used as a basis for asking a prospective cloud supplier questions about how they manage their service, they also can be used as an internal checklist to see how you might ensure you have considered all of the issues associated with a particular cloud decision. Making sure that you have reviewed each of these topic areas as part of your cloud plan could help you avoid serious errors or ommisions.
The detailed article provides a really useful analysis of the benefits which can be found in cloud operations in the first section, a compendium of the potential risks in the second section and finally the summary of questions or topic areas in final phase of the publication. These topics are then cross referenced to the first two sections showing you how a topic area may offer benefits but also outlining the risks that should be addressed to ensure that deployment addresses those concerns. It is a useful way to help those who are not fully versed in this area of computing design to quickly get a comprehensive overview.
If you are new to cloud computing or are contemplating a new cloud deployment, this reference document can be a good guide to things for you to consider. The fact that it was developed by the European Union is a help as it addresses multi jurisdictional situations which at times North American (ie. US) publications do not always do. This adds to the utility of the tool. Take a look and see what you might learn.
Photo Credit: Cloud computing security risks and opportunities for SMEs April 2015, European Union Agency for Network and Information Security