Is There Safety in the Cloud
The European Network & Information Security Agency (ENISA) released a report two weeks ago covering Cloud Computing Risk and Security. The report highlights 35 risks to consider when making sourcing decisions that include private or public Cloud services.
Several of the risks identified are not necessary new or unique to Cloud computing but nonetheless are important to consider as part of an IT risk management program. Risk topics include: Vendor lock-in, Loss of governance, Loss of business reputation due to co-tenant activities, Supply chain failure, Resource exhaustion (under- or over-provisioning), Cloud provider malicious insider - abuse of high privilege roles, Intercepting data in transit, Data leakage on up/download, intra-cloud, Privilege escalation