ENISA - Cloud Security Guide for SMEs

Cloud computing security risks and opportunities for SMEs

Small and medium size enterprises (SMEs) are an important driver for innovation and growth in the EU. SMEs also stand to gain the most from cloud computing, because it is complicated and costly for them to set-up and run ICT in the traditional way. SMEs do not always understand all the information security risks and opportunities of cloud computing. This document aims to provide guidance for small and medium size enterprises (SMEs) about the network information security of cloud computing. It is important that SMEs do not only look at the network and information security risks of cloud computing but also at the opportunities to improve their network and information security.

This document from ENISA contains 3 main parts:

  • First, we highlight 11 security opportunities, explaining why certain features of cloud computing could present an opportunity for SMEs. We make a brief comparison also with traditional IT deployments.
  • Secondly, we list 11 security risks SMEs should take into account when adopting cloud computing. We compare also the risks with typical traditional IT deployments.
  • Thirdly, we provide a list of the 12 most important security questions SMEs could use to understand better what are the security aspects of a cloud service when procuring a cloud service or when assessing different options in the market. The security questions address both the risks and the opportunities.
Category: