The beginning of "cloud computing", the question of its security has never stopped, cloud computing is a fire, but the cloud security problem is also quite a headache. Enterprises concerned about their own data will not be wantonly acquired, tampering, the most concern is that their private information will not be intentional or unintentional leakage.
When the enterprise gives the data to cloud computing service provider, has the data priority access is not the enterprise itself, but the cloud computing service provider. In this way, it is not possible to exclude enterprise data from being compromised. In addition to cloud computing service providers, a large number of hackers who covet cloud data, they are constantly digging the service provider Web application loopholes, in order to open the gap, to obtain valuable data.
Although cloud computing can allow enterprises to use low-cost cost to achieve the previously unimaginable high computing capacity, high availability, on-demand dynamic resource allocation characteristics, faster market response services, even greener, energy saving and other technical value. But in the embrace of cloud computing at the same time the risk of cloud computing can not be ignored, if not a good solution to security problems, will become a wink "cloud"?
Seven major security risks in cloud computing
The three types of services under cloud computing are Iaas,paas and SaaS, provides infrastructure cloud services, platform cloud services, and software cloud services, where applications are designed by users themselves in IaaS cloud environments, and are platform-based in the PAAs cloud, while cloud software is directly available in the SaaS cloud. But either way, cloud service data will be stored in the cloud, according to a study published by Gartner, a global market analyst, that holds seven security risks in the cloud:
1. Data access risk by unknown Superuser
With cloud computing, enterprise data is stored in the cloud and can no longer be controlled by physical control, logical control, and personnel control over access to data as it resides in the enterprise. There is a risk that super users with cloud computing providers can view and modify the enterprise's data;
2. Compliance Inspection Risk
The traditional compliance inspection requires the internal data to provide security, the cloud computing environment in the data stored outside the enterprise, there is no data security compliance checks risk;
3. Unknown risk of data storage location
When you use cloud computing, you will not be able to know exactly where the data is stored, or even what country it is stored in.
4. Risk of data not being truly isolated
While using the services provided by cloud computing, the data can be encrypted by SSL, but since cloud computing serves multiple users at the same time, your data is likely to be stored with data from other cloud customers.
5. Risk of data recovery
While cloud providers promise their data to be safe, reliable, and not lost, the promise is only as real as it takes place, and there is no risk of recovery after data loss.
6. Increased risk of difficulties in judicial investigations
Cloud computing also provides services to multiple enterprises while documenting the use of cloud computing by multiple enterprises, and when a particular enterprise needs to be investigated, the use of cloud-computing logs by multiple companies increases the difficulty of judicial investigations. There may even be a risk that judicial investigations cannot be carried out.
7. Risk of long-term availability assurance
Enterprise users must confirm that data stored in the cloud is available for a long period of time. When a problem arises, how long the user can return the data you care about.
The birth of "full cloud audit"
The goal of the full cloud audit is to audit the cloud itself, namely, to implement audits of Iaas,paas and SaaS at all levels to address the problems that cloud users believe. National Societe Generale Information Audit system Technology (Beijing) Co., Ltd., is the first professional engaged in it audit technology research and product development Enterprises, Societe Generale for the cloud era of it audit business needs and cloud computing industry development, in 2009 put forward the "Enterprise Cloud Audit" solution, The strategy of "cloud audit" was put forward on the basis of enterprise Cloud Audit solution in 2010.
Full cloud auditing can effectively control the risk that data faces in the cloud.
1. Is the risk of data being accessed by unknown superuser?
"Full Cloud Audit" independently records all the behavior of accessing data, automatically generated audit reports can find the data access, use of the situation;
2. Compliance Check risk?
"Full cloud Audit" in a third-party independent form of a comprehensive audit of cloud computing, can reduce the risk of compliance;
3. Unknown risk of data storage location
"Full cloud Audit" not only records the user's use of data, but also records the data storage trajectory, can provide data storage analysis report.
4. The risk of data not being truly isolated?
Full cloud audit monitors data storage status in the cloud, tracks data trends, and discovers potential data conflict risks.
5. Data recovery risk?
Full cloud audit monitors data availability in the cloud in real time and sends security alerts at the first time when availability exceptions are found. At the same time, "full cloud Audit" records the process of important data changes, when the data in the cloud, "full cloud audit" can reduce data loss.
6. Increase the risk of difficulty in judicial investigations?
Full Cloud Audit provides a comprehensive record and audit of data access in the cloud platform and facilitates judicial investigations through the "all cloud audit" platform.
7. Risk of long-term availability assurance?
The full cloud audit records the situation of the cloud provider platform itself and provides a clear understanding of the platform's work to provide long-term data availability, reducing the risk of usability.
The "All cloud audit" strategy requires strong national and government guidance and support, "All-cloud audit" not only for cloud service providers to provide information audit support, but also for users of cloud services to provide third-party audit reports, through this report to understand the user's data security in the cloud. "Full cloud audit" can achieve a comprehensive audit of cloud computing services, reduce the risk of cloud data, so that cloud service providers worry, so that users of cloud services at ease.