ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies. The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing.
Security and privacy certifications and attestations have been identified as one of most effective and efficient means to increase the level of trust in cloud services and stimulate their adoption. Based on this on assumption a number of efforts have begun in Europe at policy level mainly led by the European Commission (EC), in collaboration with ENISA and the Clouds Standards Coordination CSC ETSI effort. These efforts have aroused much interest in European solutions for cloud standards and software industry development beyond the European Union.
The Australian Department of Defence issued the Cloud Computing Security Considerations, which explains several cloud related terms such as delivery models, deployment models and service types and benefits. The document targets users with the aim of increasing their understanding of the fundamentals of the cloud computing paradigm and helps them identify security threats that might have a malicious impact on their applications and data deployed in the cloud. Instead of being a list of security issues that need to be taken into account, they are expressed as a series of questions that need to be answered by the potential user and can help the user understand the risks that he or she might be taking when migrating to the cloud.