Incident Reporting
The era of the NIS Directive, cloud computing comes to the foreground even more. Cloud services supporting essential services for the society (Finance, Health, Transport sectors) makes cloud provisions critical.
Public and private sector organisations are switching to cloud computing. While some years ago applications would be mainly run on servers on their own premises or dedicated data centres, now applications are outsourced to large cloud service providers and run in a few large data centres. Public data on the uptake of cloud computing shows that in a couple of years around 80% of organisations will be dependent on cloud computing. Large cloud providers will be serving tens of millions of end-users.
From a CIIP perspective this concentration of IT resources is a ‘double edged sword’: On the one hand, large cloud providers can deploy state of the art security and resilience measures and spread the associated costs across the customers. On the other hand, if an outage or a security breach occurs the consequences could be big, affecting a lot of data, many organizations and a large number of citizens, at once. In fact in the last year there were a number of outages affecting several very large sites with millions of users.