ENISA’s security guide and online tool for SMEs when going Cloud
April 2015 by ENISA
The security guide on SMEs
The guide highlights the most important eleven (11) security risks and eleven (11) security opportunities for SMEs to take into account when procuring a cloud service. A selection of twelve (12) targeted security questions linked to the security risks and opportunities are presented as a ‘procurement cheat sheet’ to provide SMEs with a clear view of the cloud service they procure. These features are enhanced by two exemplary cases of the use of cloud services by SMEs: as a customer and as a vendor offering services. The report indicates the challenges and opportunities in each case, and the security questions the SMEs should address to the provider in order to have a clear understanding of the current security state.
The SME security tool
The SME security tool is an implementation support for the security guide: using the tool, SMEs can rate the risks and opportunities according to their requirements and generate a customised list of security questions which can be used during procurement to collect information on the security measures adopted. The tool helps calculate and visualize risks and opportunities. The results of the tool are personalized to each SME according to its characteristics and the options selected in the tool. This tool is powered by ENISA to support the SMEs taking an informative decision in procuring cloud services.
The Executive Director of ENISA, Udo Helmbrecht commented on the report: “Cloud computing has now become the backbone of the EU’s digital economy. With this tool ENISA aims to help SMEs benefit, as customers, from the adoption of cloud services in a cost-effective way while at the same time make use of increased security features, minimising exposure to threats.”
The Security Guide for SMEs has been created in close collaboration with the ENISA Cloud Security and Resilience expert group and follows the ENISA Cloud Computing Risk Assessment for SMEs and the ENISA Assurance Framework. The risks and opportunities have been extensively cross checked and reviewed by subject matter experts.