Cloud Security: 10 issues that must be clarified before entering the cloud (1)

Source: Internet
Author: User
Keywords Cloud computing private cloud cloud security cloud security public cloud
The hustle and bustle surrounding cloud computing may make you think that there will be a massive adoption of cloud computing tomorrow. However, many studies have shown that security is the biggest obstacle to large-scale adoption of cloud computing. The reality is that cloud computing is just another step in the way of technology evolution along host, client/server, and Web applications, so it has its own security problems, just like all other phases. Of course, security concerns do not prevent the use of these technologies, nor can they prevent the adoption of cloud applications that address the real business needs. To ensure that the cloud is secure, it needs to be treated as the next step in technology, rather than as a revolution that requires a radical change in the security model. Security policies and procedures need to be tuned for cloud mode to prepare for the adoption of cloud services. As with other technologies, we have seen some early adopters gradually eliminating the mistrust of cloud models by taking the lead in deploying private clouds or experimenting with non-critical applications in a common cloud. Businesses and organizations ask a lot of questions and weigh the pros and cons of using cloud computing solutions. Security, availability, and manageability are all factors to consider. This article is about 10 security-related issues that the Organization should consider, and answering these questions helps businesses and organizations decide whether to deploy the cloud and, if so, what cloud pattern should be used-private cloud, public cloud, or mixed cloud? 1. How will cloud deployment change enterprise risk management? Deploying cloud computing-whether it's a private cloud or a public cloud-means you no longer have full control over the environment, data, or people. Changes in control can lead to changes in risk management--in some cases the risk increases and in other cases the risk may decrease. Some cloud applications will be completely transparent to you, providing advanced reporting capabilities and being able to integrate with the enterprise's existing systems. Such applications can reduce the risk to the enterprise. Other cloud applications may not be able to improve their security configuration to match the existing security measures of the enterprise, thus potentially making security risks larger. In conclusion, the enterprise's data and its sensitive level will ultimately determine what kind of cloud model should be adopted. 2. What needs to be done to ensure that existing security policies are able to accept cloud mode? Migrating to the cloud model is an opportunity to improve the overall security situation and security policies of the enterprise. Early users of cloud applications will have an impact and help drive security patterns implemented by cloud providers. Instead of creating new security policies for the cloud, organizations should extend existing security policies to accommodate the newly added cloud platform. In order to deploy the cloud, the security policy needs to be considered in terms of the same factors as before: where the data is stored, how the data is protected, who can access the data, what regulations to comply with, and the service level agreement, and so on. 3. Does cloud deployment compromise enterprise compliance? Cloud Deployment can change the enterprise's risk profile, which may affect the enterprise's ability to adapt to various regulatory compliance。 This requires a reassessment of compliance needs when compliance needs to be associated with cloud deployment. Some cloud applications have strong reporting capabilities that can be tailored to meet specific compliance needs, and some applications are more generic, unlikely, or not adaptable to detailed compliance needs. For example, if a country's legislation stipulates that the data of an enterprise may not be kept outside the national territory, some cloud providers may not be able to meet the regulations because of the location of their data centers. 4. Is the cloud provider using some kind of security standard (SAML, WS, ISO, or other)? Standards play a very important role in cloud computing because interoperability between cloud services is essential to ensure that clouds do not fall into the safe islands of patents. Many organizations have created and expanded various standard initiatives to support the cloud. cloud-standards.org lists most of the standard organizations associated with cloud computing, including organizations related to cloud security standards. 5. What to do if a data leak occurs? When the enterprise plans cloud security, it must correctly set up the plan to prevent data leakage and data loss. This is a crucial point when companies sign an overall agreement with a cloud service provider. Both the cloud provider and the enterprise should develop a disclosure policy or regulatory rules that must be complied with. Companies must urge cloud providers to support the enterprise's informed needs when needed. 1 2 Next >> view full-text navigation page 1th: Cloud Security issues 1-5 2nd: Cloud Security issues 6-10 Original: Cloud Security: 10 Questions to be clarified before entering the Cloud (1) Return to the Network security home page
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.