Escolar Documentos
Profissional Documentos
Cultura Documentos
For contacting ENISA or for general enquiries on EFR: Cloud Computing Risk
Assessment, please use the following details:
Daniele Catteddu, Expert in Risk Management
daniele.catteddu@enisa.europa.eu
Giles Hogben, Expert in Security Policy - giles.hogben@enisa.europa.eu
Internet: http://www.enisa.europa.eu/
1. What is the size of the enterprise you represent
What is the size
10-50 Employees
50-250
Employees
Over 250
Employees
Please choose the country your SME is based in Please select your
country Country
3. What are the reasons behind your possible engagement in the Cloud
Computing area?
What are the reasons behind your possible engagement in the Cloud Computing
area? Remove economic/expertise barriers impeding to modernize business
processes by the introduction of Information Technology
Avoiding capital expenditure in hardware, software, IT support, Information Security
by outsourcing infrastructure/platforms/services
Flexibility and scalability of IT resources
Increasing computing capacity and business performance
Diversification of IT systems
4. Which solution do you see as the most suitable for an SME, according
to this possible Cloud Computing taxonomy?
Which solution do you see as the most suitable for an SME, according to this
possible Cloud Computing taxonomy? Public Cloud (owned and managed by an
unrelated business)
Private Cloud (owned and managed internally)
Partner Cloud (owned and managed by a trusted partner)
A federation of clouds provided by various sources (partner, private, etc).
Which of the following disaster recovery options are of interest to you? Fully
outsourced disaster recovery and business continuity
A contingency plan based on internal resources (i.e. leveraging
services/platform/infrastructure already in use before the Cloud)
Other (please specify)
Medium
Importance
Very Important
Showstopper
*What are
Privacy
your main
concerns in your
approach to
Cloud
Computing?
Privacy Not
Important
Availability of
Privacy
Medium
Importance
Availability of
Privacy Very
Important
Availability of
Privacy
Showstopper
Availability of
Availability of
services and/or services and/or
data
data Not
Important
services and/or
data Medium
Importance
services and/or
data Very
Important
services and/or
data
Showstopper
Integrity of
Integrity of
Integrity of
Integrity of
Integrity of
services and/or services and/or
data
data Not
Important
services and/or
data Medium
Importance
services and/or
data Very
Important
services and/or
data
Showstopper
Not Important
Confidentialit
Confidentiality
of corporate
data
y of corporate
data Not
Important
Repudiation
Repudiation
Not Important
Loss of
Loss of control
control of
of services
services and/or
and/or data
data Not
Important
Lack of
Medium
Very Important Showstopper
Importance
Confidentialit
Confidentialit
Confidentialit
y of corporate
data Medium
Importance
Repudiation
Medium
Importance
Loss of
control of
services and/or
data Medium
Importance
Lack of
y of corporate
data Very
Important
Repudiation
Very Important
Loss of
control of
services and/or
data Very
Important
Lack of
y of corporate
data
Showstopper
Repudiation
Showstopper
Loss of
control of
services and/or
data
Showstopper
Lack of
Lack of liability
of providers in
liability of
liability of
liability of
liability of
case of
providers in case providers in case providers in case providers in case
security
of security
of security
of security
of security
incidents
incidents Not incidents Medium incidents Very
incidents
Important
Importance
Important
Showstopper
Inconsistenc
Inconsistenc
Inconsistenc
Inconsistenc
Inconsistency
between trans
y between trans
y between trans
y between trans y between trans
national laws
national laws and
national laws and
national laws and national laws and
and
regulations
regulations Not
regulations Very
regulations
regulations
Medium
Important
Important
Showstopper
Importance
Unclear
Unclear
scheme in the
pay per use
approach
scheme in the
pay per use
approach Not
Important
Unclear
scheme in the
pay per use
approach
Medium
Importance
Unclear
scheme in the
pay per use
approach Very
Important
Unclear
scheme in the
pay per use
approach
Showstopper
Not Important
Uncontrolled
Uncontrolled
variable cost
Medium
Very Important Showstopper
Importance
Uncontrolled
Uncontrolled
Uncontrolled
variable cost
Medium
Importance
variable cost
Very Important
variable cost
Showstopper
Cost and
Cost and
Cost and
Cost and
difficulty of
difficulty of
difficulty of
difficulty of
difficulty of
migration to
migration to the
migration to the
migration to the migration to the
the cloud
cloud (legacy
cloud (legacy
cloud (legacy
cloud (legacy
(legacy
software etc...)
software etc...)
software etc...) software etc...)
software etc...)
Medium
Not Important
Very Important
Showstopper
Importance
Intra-clouds
Intra-clouds
(vendor lockin) migration
(vendor lock-in)
migration Not
Important
Intra-clouds
Intra-clouds
Intra-clouds
(vendor lock-in)
(vendor lock-in) (vendor lock-in)
migration
migration Very
migration
Medium
Important
Showstopper
Importance