At the 2011 RSA meeting, team members told the meeting attendees that cloud provider infrastructure and security control visibility and transparency might not be clear, but were critical to resolving the rule-compliance issues of cloud computing.
Dennis Morreau, a senior http://www.aliyun.com/zixun/aggregation/9069.html at the RSA CTO office, "> Strategic analyst, affiliated with the Security Division of EMC Inc., said:" The first thing you need to solve is visibility, which allows you to decide under what circumstances you should avoid or mitigate the problem of cloud computing. ”
Terremark CSM's chief Security architect Christopher Day says that adding visibility to hardware, management programs, and application levels is the most important step that vendors and customers should take, "if you don't see the problem, you can't fix it or destroy it." ”
However, Chris Hoff, director of cloud and virtualization solutions at Cisco's security technology division, said the visibility and transparency of the existing cloud provider environment was not enough, "we were just told not to worry about what was going on." ”
For example, when the problem concerns a multi-tenant (multitenant) environment on the infrastructure that is the service (IaaS) provider Management program, Hoff says: "How do I trust the management program?" We are always told to trust it. ”
Intel Security Solutions Director 820.html ">steve Orrin says the company needs to identify its needs and be prepared to pay cloud providers to enhance security. "As of today, cloud computing still has to be driven by the use of cases," he said. Hoff agrees, saying: "Not all clouds are the same." "It is important to check the controls that suppliers can provide," he added.
Day says the Terremark company has introduced a hybrid cloud model that eliminates the need for users to deploy on a shared multi-tenant architecture. "It is thought that everything it contains should be a cloud," he said. However, the cloud is just another way to deliver IT services. ”
In another public cloud rule Compliance Panel, Rackspace Hosting's chief technology officer, John Engates, said the hybrid cloud model had helped many users allay their concerns about rule compliance. For example, a customer keeps a large database server managing data on a dedicated machine and moves some of the less sensitive applications to the public cloud. He says his company already has a security team that communicates with clients to identify "the tools that are appropriate for this task." ”
Engates added: "Transparency is the key, and we are willing to sit down with you and discuss what we are going to do to address security and compliance." This however still depends on the user's own choice. ”
The dynamic cloud environment raises the challenge of security and rule compliance and requires automation of auditing and security features. Hoff said: "We still have a long way to go ... It's hard to say how we're going to deal with that flexibility. ”
Terremark's Day also points out that threats in a conscious cloud environment are important. "The attackers have studied the complexity of the cloud somewhere in the cloud because the cloud is indeed very complex," he says. ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.