ENISA underlines the importance of incident reporting in cloud computing, particularly in critical sectors, as a way to better understand security and foster trust. ENISA presents a practical approach which results in a ‘win-win’ scheme for customers and providers.
Cloud security incidents often catch the media’s attention as they affect large number of users; for example, recently a large storage service provider suffered an outage lasting two days. However, due to the lack of consistent reporting schemes regarding cloud security incidents, it is hard to understand the causes and impact of these incidents. To comprehend the resilience and security of cloud computing services better, it is important to discuss the topic with the industry and government and find common ground as regards pragmatic incident reporting schemes, which would provide useful information to customers and government authorities.
The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “Incident reporting is crucial to enable better understanding of the security and resilience of Europe’s critical information infrastructures. Cloud computing is now becoming the backbone of our digital society, so it is important that cloud providers improve transparency and trust by adopting efficient incident reporting schemes. ”
The report looks at four different cloud computing scenarios and investigates how incident reporting schemes could be set up, involving cloud providers, cloud customers, operators of critical infrastructure and government authorities:
Using surveys and interviews with experts, we identified a number of key issues:
The report contains several recommendations, based on feedback from cloud experts in industry and government:
For full report
For all media inquiries please contact email@example.com
The following files are available for download: