Cloud Security alliance: An important risk list for cloud computing
Source: Internet
Author: User
KeywordsSuppliers cloud services cloud computing
Some of the most important risk lists for public cloud computing are broad and complex, such as the Cloud Security Alliance's 1.0 edition of the important risks of cloud computing. The following items are included in most risk lists:
1, network security
from the point of view of IT managers, this one is still the first to be ahead. This article also includes some data protection and privacy subcategories, from the physical security and application security of software that is a service provider (SaaS), as well as over advertising leaks.
Steve MacLellan, senior vice president of the Financial Services Enterprise architecture at the Boston Fidelity Technology Group, said, "Trust me, I am saas-y" is not a market. He added that it was important to ask them about security strategies, to inspect their data centers, and to ensure that the data was physically safe.
then, try your best to protect the data. "We make sure that our data is encrypted when we leave, which is done in the data center before the problem occurs," said Petertoth, an IT operations manager at the GfK Customization Institute in Princeton, New Jersey, a Department of Research and Development company GfK Group ”
for others, security is no longer a threat in cloud computing, but a matter for others in their own backyard. "I want to say that the cloud (even the public cloud) is not inherently safer or less secure than your internal environment," said Richmogull, the CEO and analyst at Securosis LLC, a Phoenix consulting firm. It all depends on what kind of control is used and how you implement it. ”
2, Identity management
passwords are a problem, especially since the destructive molecules now have the computational power to sabotage (interestingly, they can use the computational power of the public cloud). The federal government is working on the development of the federal ID ecosystem, which protects against cyber-disruptive elements. Earlier this month, the Obama administration announced it would create a credible online identity program led by the new National Planning Office, headed by the Ministry of Commerce.
3, Compliance
in terms of boundaries, they may actually be virtual, but they may also be physical. The new rules limit where and how long the physical data for financial services, health care and insurance will reside. MacLellan said: "Indeed, we have also heard some (about complying with these new rules), the provision of the environment is somewhat unfriendly", may refute the ' cloud is a free-trade zone ' concept. For example, some information may not cross national boundaries, but it is almost impossible to know where the public cloud data is kept. In addition, Drue Reeves, the vice president of Gartner and a leading analyst, believes that the burden on cloud customers is to ensure that cloud providers comply with rules that affect their company's data.
4, Data integration
the risk of using a public cloud service is the natural consolidation of data in a cloud silo. It is not easy to integrate the data that resides in the cloud service with the enterprise back-end system. Especially if the enterprise has not experienced organization-level information integration challenges. James Staten, vice president and chief analyst at the Forrester Research company in Cambridge, Massachusetts, argues that companies that have set their data to be easy enough to use across multiple platforms are in the best position to play the full advantage of cloud services.
in accordance with the EMC Corporate Information Leadership Board, an IT executive, whose members are primarily discussing the challenges of cloud computing, it is also important to develop the habit of encrypting data, marking stable data and consolidating the storage asset Library. The organization recommends that the number of cloud platforms that must be supported should be minimized by avoiding a large number of integration efforts.
cloud Experts also suggest that the use of ETL (extract, transform, load) tool can simplify the data from one format to another format conversion. The goal is to convert information into a common format-most likely to be translated into Extensible Markup Language (or XML)-so that the data is easier to move and search.
5, Manufacturer lock
This thorny issue boils down to the issue of standard interoperability changes among different cloud service providers. We assume that you don't like your public cloud vendor's policy changes and would like to select another vendor. In this case, the cloud may appear to be known as the Babel problem, although many vendors are providing better interoperability. Microsoft's Azure platform was originally connected to. NET, and now there is an Open-source software development kit that supports developers using the PHP scripting language, while the salesforce.com company's once-dedicated force.com development platform supports Java application development.
Tom Bittman, a renowned analyst at Gartner, claims that there are 10,000 suppliers of such or such services currently involved in cloud service. "We need someone to help us judge it," he said. He predicts that cloud brokers will rise as new system integrators, and they will help businesses do data integration between back-end systems and cloud services. He also predicts that by 2015, 20% of cloud services will be carried out through cloud service proxies, rather than direct interactions, now at 5%.
this "simultaneous" may also be the result of integration between cloud service providers. As competition intensifies, smaller suppliers will not necessarily fail. Choosing the right suppliers according to Bittman is one of the key decisions that it executives will make this year. "We see some suppliers fail and the data is lost," he said. ”
7, Manageability
Cloud services may not provide the same level of management as the company expects. In the opinion of some CIOs, this idea is one-sided, end-to-end view of on-demand customization and cloud applications. These include Gainsco company Ciophilwest, which is headquartered in Dallas Russia, a non-standard automotive insurance provider. Last fall, some vendors, including Vizioncore (now part of the Quest software company), Veeam Software, LogMeIn, precise software solutions, Compuware and Microsoft, released surveillance tools The plan provides end-to-end visibility to the cloud services for the enterprise.
8, availability
Businesses cannot tolerate service outages, for whatever reason, from bandwidth throttling to distributed denial of service (DoS) attacks. "It's all about quality, not about Low-cost services," said Lalitendupanda, a global CIO at D&m Holdings, headquartered in Japan. Interruption of service is a problem; we have several ' situations '. It is unrealistic to hope that you own (infrastructure) and that you can modify it yourself. You have absolutely no control over other applications running in the cloud, which can lead to lower cloud service performance. ”
9, shared resources
because of the nature of public cloud leasing, many companies share a set of infrastructure resources. Drewbartkiewicz, the CEO of Cyberriskpartners Limited (a New York Cloud insurance provider), believes that the reliance on all "households" sharing the same cloud of resources poses a potentially catastrophic risk. "Public cloud providers will only transfer risk through contracts and pray that the disaster does not happen to them," he said. ”
Tanya Forsheit, co-founder of Infolaw Group LLC, believes that, on the other hand, the key to cloud services is that you share space. "If you continue to use the (public) cloud, you have to accept the fact that otherwise you can keep the data in a private cloud," she said. ”
10, legal ambiguity
The fact is that the responsibility in cloud services is not black and white, because the lack of such public cases can be a precedent reference. If a public cloud-computing provider loses data on regulatory issues, the supplier should share responsibility, says Reeves of Gartner. He added: "It organizations should make it clear in their contracts that suppliers understand and assume responsibility for regulatory issues." If he has already told the supplier what services are needed, why should consumers be held responsible? He added that the division of responsibilities in cloud services was still in its current stage of development and that vendors might be exempt from escrow when a service connection was interrupted, but there was no joint compensation for business losses. Before the dust settles, imagine the new ecosystem that cloud insurance agents are creating.
No way back
This is not so much a risk as a consideration of reality. Because people in it trenches are worried about what they will lose once they adopt public cloud computing. Danny Jenkins, a BlackBerry administrator at J.c.penney Company in Plano, Texas, said: "Once you get out of the private space and go into the public cloud service, it's almost impossible for you to go back and think about it." "The risk here is that you" give up your own internal knowledge base. ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.