Skip to main content

Advances, Systems and Applications

Table 2 Summary of ENISA and NIST security frameworks

From: A quantitative analysis of current security concerns and solutions for cloud computing

Framework Objectives Structure and comments
ENISA Report
  • Study on benefits and risks when adopting cloud solutions for business operations
• Provide information for security assessments and decision making
• Three main categories of cloud specific risks (policy and organizational, technical, legal) plus one extra category for not specific ones
• Offers basic guidelines and best practices for avoiding or mitigating their effects
• Presents recommendations for further studies related to trust building (certifications, metrics and transparency), large scale data protection (privacy, integrity, incident handling and regulations) and technical aspects (isolation, portability and resilience)
• Highlights the duality of scalability (fast, flexible and accessible resources versus concentrations of data attracting attackers and also providing infrastructure for aiding their operations)
• Extensive study on risks considering their impact and probability
NIST Taxonomy
  • Define what cloud services should provide rather than how to design and implement solutions
• Ease the understanding of cloud internal operations and mechanisms
• Taxonomy levels:
   ‐First level: cloud roles (service provider, consumer, cloud broker, cloud carrier and cloud auditor)
   ‐Second level: activities performed by each role (cloud management, service deployment, cloud access and service consumption)
   ‐Third and following levels: elements which compose each activity (deployment models, service types and auditing elements)
• Based on publication SP 500-292, highlighting the importance of security, privacy and levels of confidence and trust to increase technology acceptance
• Concentrates many useful concepts, such as models for deploying or classifying services
  1. Table summarizing information on ENISA and NIST security frameworks.