You are on page 1of 8

An SME perspective on Cloud Computing

Exit this survey

1. An SME perspective on Cloud Computing Questionnaire


ENISA (the European Network and Information Security Agency) is conducting
a security risk assessment of cloud computing technologies aimed at giving
advice to (among others) SME's on the most important risks in adopting cloud
computing technologies, as well as ways to address those risks.
As part of this study, we want to look in detail at the perspective of SME endusers of cloud computing infrastructures and applications (either current users
or those considering adoption). As a first step, we have decided to base our
study on a survey of the actual needs, requirements and expectations for
cloud computing infrastructures.
The timeframe of the scenario based on SME perspective on Cloud
Computing goes from 2010 to 2012.
If you are an SME or if you are an organization representing SMEs please
respond to the following short questionnaire.
NB: A basic knowledge about Cloud Computing is required to respond to the
questionnaire.
About ENISA
The European Network and Information Security Agency (ENISA) is an EU
agency created to advance the functioning of the internal market. ENISA is a
centre of excellence for the European Member States and European
institutions in network and information security, giving advice and
recommendations and acting as a switchboard of information for good
practices. Moreover, the agency facilitates contacts between the European
institutions, the Member States and private business and industry actors.
Contact details:

For contacting ENISA or for general enquiries on EFR: Cloud Computing Risk
Assessment, please use the following details:
Daniele Catteddu, Expert in Risk Management
daniele.catteddu@enisa.europa.eu
Giles Hogben, Expert in Security Policy - giles.hogben@enisa.europa.eu
Internet: http://www.enisa.europa.eu/
1. What is the size of the enterprise you represent
What is the size

10-50 Employees

of the enterprise you


represent 1-9
Employees

50-250
Employees

Over 250
Employees

2. Please choose the country your SME is based in


Country
Please select
your country

Please choose the country your SME is based in Please select your
country Country

Other (please specify)

3. What are the reasons behind your possible engagement in the Cloud
Computing area?
What are the reasons behind your possible engagement in the Cloud Computing
area? Remove economic/expertise barriers impeding to modernize business
processes by the introduction of Information Technology
Avoiding capital expenditure in hardware, software, IT support, Information Security
by outsourcing infrastructure/platforms/services
Flexibility and scalability of IT resources
Increasing computing capacity and business performance
Diversification of IT systems

Local and global optimisation of IT infrastructure through automated management of


virtual machines
Business Continuity and Disaster recovery capabilities
Assessing the feasibility and profitability of new services (i.e. by developing
business cases into the Cloud)
Adding redundancy to increase availability and resilience
Controlling marginal profit and marginal costs
Others (specify)
Other (please specify)

4. Which solution do you see as the most suitable for an SME, according
to this possible Cloud Computing taxonomy?
Which solution do you see as the most suitable for an SME, according to this
possible Cloud Computing taxonomy? Public Cloud (owned and managed by an
unrelated business)
Private Cloud (owned and managed internally)
Partner Cloud (owned and managed by a trusted partner)
A federation of clouds provided by various sources (partner, private, etc).

Other (please specify)

5. Which layer of the Cloud would you be most likely to approach?


Which layer of the Cloud would you be most likely to approach? Individual
software packages (SaaS)
Complete operating system and software package available via cloud services
(PaaS)
Just infrastructure services such as storage, network capacity etc (Iaas)
Security services in the cloud
Other (please specify)

6. Would you be willing to outsource to multiple providers?


Would you be willing to outsource to multiple providers? YES
NO
Other (please specify)

7. Which of the following disaster recovery options are of interest to


you?

Which of the following disaster recovery options are of interest to you? Fully
outsourced disaster recovery and business continuity
A contingency plan based on internal resources (i.e. leveraging
services/platform/infrastructure already in use before the Cloud)
Other (please specify)

8. Which IT services/Applications supporting business processes are


most likely to be outsourced to a Cloud Computing service provider?
Which IT services/Applications supporting business processes are most likely to be
outsourced to a Cloud Computing service provider? Payroll
Human Resources
Procurements
CRM/Sales Management
Accounting and Finance
Project management
Application development on the cloud
Anonymised data analysis

Other (please specify)

9. What are your main concerns in your approach to Cloud Computing?


Not Important

Medium
Importance

Very Important

Showstopper

*What are

Privacy

your main
concerns in your
approach to
Cloud
Computing?
Privacy Not
Important
Availability of

Privacy
Medium
Importance

Availability of

Privacy Very
Important

Availability of

Privacy
Showstopper

Availability of

Availability of
services and/or services and/or
data
data Not
Important

services and/or
data Medium
Importance

services and/or
data Very
Important

services and/or
data
Showstopper

Integrity of

Integrity of

Integrity of

Integrity of

Integrity of
services and/or services and/or
data
data Not
Important

services and/or
data Medium
Importance

services and/or
data Very
Important

services and/or
data
Showstopper

Not Important
Confidentialit
Confidentiality
of corporate
data

y of corporate
data Not
Important
Repudiation

Repudiation
Not Important
Loss of
Loss of control
control of
of services
services and/or
and/or data
data Not
Important
Lack of

Medium
Very Important Showstopper
Importance
Confidentialit
Confidentialit
Confidentialit
y of corporate
data Medium
Importance
Repudiation
Medium
Importance
Loss of
control of
services and/or
data Medium
Importance
Lack of

y of corporate
data Very
Important
Repudiation
Very Important
Loss of
control of
services and/or
data Very
Important
Lack of

y of corporate
data
Showstopper
Repudiation
Showstopper
Loss of
control of
services and/or
data
Showstopper
Lack of

Lack of liability
of providers in
liability of
liability of
liability of
liability of
case of
providers in case providers in case providers in case providers in case
security
of security
of security
of security
of security
incidents
incidents Not incidents Medium incidents Very
incidents
Important
Importance
Important
Showstopper
Inconsistenc

Inconsistenc

Inconsistenc
Inconsistenc
Inconsistency
between trans
y between trans
y between trans
y between trans y between trans
national laws
national laws and
national laws and
national laws and national laws and
and
regulations
regulations Not
regulations Very
regulations
regulations
Medium
Important
Important
Showstopper
Importance
Unclear
Unclear
scheme in the
pay per use
approach

scheme in the
pay per use
approach Not
Important

Unclear
scheme in the
pay per use
approach
Medium
Importance

Unclear
scheme in the
pay per use
approach Very
Important

Unclear
scheme in the
pay per use
approach
Showstopper

Not Important
Uncontrolled
Uncontrolled
variable cost

variable cost Not


Important
Cost and

Medium
Very Important Showstopper
Importance
Uncontrolled
Uncontrolled
Uncontrolled
variable cost
Medium
Importance

variable cost
Very Important

variable cost
Showstopper

Cost and

Cost and
Cost and
Cost and
difficulty of
difficulty of
difficulty of
difficulty of
difficulty of
migration to
migration to the
migration to the
migration to the migration to the
the cloud
cloud (legacy
cloud (legacy
cloud (legacy
cloud (legacy
(legacy
software etc...)
software etc...)
software etc...) software etc...)
software etc...)
Medium
Not Important
Very Important
Showstopper
Importance
Intra-clouds
Intra-clouds
(vendor lockin) migration

(vendor lock-in)
migration Not
Important

Intra-clouds

Intra-clouds

Intra-clouds

(vendor lock-in)
(vendor lock-in) (vendor lock-in)
migration
migration Very
migration
Medium
Important
Showstopper
Importance