Cloud Security and Resilience

ENISA has written a number of papers on cloud computing - with a range of different experts. ENISA wants to consolidate these experts in a single group and use this experts group to initiate discussions and studies, and to validate analyses and recommendation related to cloud security and resilience.

This is the workspace for the ENISA Cloud Security and Resilience Expert Group. This experts group has been launched on April 2013.

Read the Terms of Reference and  the Privacy Statement.
Apply for the group today: Application form

For more information on the activities of the group please contact us at



1st expert group face-to-face meeting

2nd expert group face-to-face meeting

3rd expert group face-to-face meeting

4th expert group face-to-face meeting



Cloud Computing Team Deliverables


  • Good practice guide for securely deploying governmental clouds: In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe. Moreover through this document, ENISA aims to assist Member States in elaborating a national Cloud strategy implementation, to understand current barriers and suggest solutions to overcome those barriers, and to share the best practices paving the way for a common set of requirements for all Member States (MS). Please use the issue tracker to provide us comments or start discussions.

 cloud cincident

  • Incident reporting for Cloud Computing:  ENISA has often underlined the security opportunities of cloud computing. In this report we analyse how cloud providers, customers in critical sectors, and government authorities can set up cloud security incident reporting schemes.


  • Critical Cloud Computing: In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of cloud computing and large cyber attacks and disruptions of cloud computing services. The full analysis can be found here. Please use the issue tracker to provide us comments or start discussions.




  • Cloud Standards, a preliminary report:In this report we provide an overview of standards relevant for cloud computing security. It is the ENISA contribution to the ETSI work on Cloud Standards under the EC Cloud Strategy. The full document can be accessed here.

    cloud standards




  • Cloud Computing Risks: The 2009 risk assessment is still one of the most downloaded papers on the ENISA website. At the same time, the cloud computing market and its customers have changed over time and this changes our perspective on cloud computing security. ENISA in 2012 completed a first round of review. The updated risk analysis can be found here. Please use the issue tracker to provide us comments or start discussions.