Four security issues that cloud computing providers need to address

These issues can be broadly categorized into one of the following categories:


　　


1 Are you sure you can isolate the data from your other customers and mine?


　　


in a cloud-based architecture, where the information hosted is not entirely known. Typically, multiple customers share the same infrastructure. Multi-Lease model is the adoption of price and performance advantages to achieve economic scale. But in such an environment as a customer, you are not always aware of what type of architecture The cloud service provider is using, and their roles and responsibilities to protect your information.


　　

The key to protecting your data is the isolation of the data, which is the policy of the cloud provider and the encryption scheme that is being used to ensure that no one else has the
or unintended access to my data. No isolation, you can also be assured that from some other customers to your data infection or malicious software will not proliferate, so that the data is completely unusable.


　　


2 Can you provide data security standards for my infrastructure?


　　


as more sensitive information migrates to the Internet and cloud, complete security, privacy, and regulatory compliance with such information must be assured. In most cases, the customer (rather than the cloud service provider) is ultimately responsible for the security and integrity of their data. Therefore, the service provider itself needs to receive regular external audit and security certification.


　　


For example, any business process credit card information needs to be subject to regulatory tasks such as DSS (Payment card Industry data security standards). The underlying service provider needs to have compliance to PCI regulatory policies, processes and in place technology. This is why any PCI compliant deployed in the cloud to ensure that service providers they are handling themselves start with PCI compatible.


　　


In addition, you need to get a contractual commitment from a cloud service provider to support the specific forms of government and law enforcement investigations. This is particularly important at a time when the atmosphere is more secure.


　　


3 As a client, do you allow me to manage the safety of my own machine?


　　


What is the purpose of authorizing and accessing personal use of management or resources? And under what circumstances? Another key feature is the need to build a private cloud. While the cloud service provider may provide you with the proper configuration and warranty of the machine, you may want to ask if you can manage the security policy part of the board of directors on their own visit. Ask if your IaaS (infrastructure as a service) provider can provide you with the necessary management infrastructure to choose his own security and access policies. This is particularly important when sensitive data is stored on the cloud.


　　


4 How do you ensure the maximum availability of my machine?


　　


downtime that no enterprise can afford. A cloud-free service provider can guarantee 100% availability and always has a risk of interruption, but this is a very small probability. Even in a system upgrade, you should have full access to your data at any given point in time. It is important to know what program providers are already in place to help customers recover their data back and run if a power outage or upgrade occurs. Your provider should be able to provide at least 99.9% service agreements or higher data availability.


　　


important considerations include the rate of recovery in the event of a power outage, and the degree of redundancy to the vendor's cloud computing infrastructure. Again, it is worth asking your data to replicate-in other words, it may end if the supplier's primary data center suffers a power outage and the system needs to be redirected through other facilities.


　　


Cloud service providers have the responsibility to provide their customers with the latest, best way to choose. Customers must ask and clear the way to make them share the security of providers and their customers ' security responsibilities. The customer must require transparency and avoid the vendor from providing detailed answers to the above questions.