ENISA Cloud Security Guide for SMEs

The European Union Agency for Network and Information Security (ENISA) recently issued a Cloud Security Guide for SMEs.

For many years, ENISA has been active in the field of cloud computing and has supported a number of initiatives within the European Cloud Computing Strategy for "Unleashing the Potential of Cloud Computing in Europe". In particular, ENISA has participated in the development of cloud certification schemes and standards.

As the title of the strategy suggests, cloud computing has great potential and presents many advantages compared to traditional IT (such as an attractive cost structure). However, cloud computing also entails certain security risks.

In its Cloud Security Guide ENISA identifies 11 information security opportunities and 11 information security risks. The Guide builds on previous ENISA publications, the ENISA Cloud Computing Risk Assessment and the ENISA Assurance Framework for Cloud Computing, but is more concise and user-friendly.

Unlike previous publications, the Guide specifically targets SMEs, which do not always have the resources and/or skills necessary to implement top-notch network and information security or the power to negotiate a contract with cloud computing providers. For such companies, the Guide is a useful tool when it comes to assessing the main opportunities and risks of cloud computing.

Even though the Guide is aimed at SMEs it can, in our view, be used as a reference tool by all types of companies. In particular, it may come in handy when analysing whether a cloud computing provider offers sufficient guarantees in respect of security measures, as required by European data protection law.