How to maintain data security under cloud computing

Developers like cloud computing because it can be deployed soon after deployment; companies like cloud computing because infrastructure costs are reduced and users like cloud computing because they can get new features faster.　　But a few happy few worry, IT professionals in charge of enterprise information security are racking their brains to find ways to transfer applications and data securely to cloud services.　　One of the key goals of the IT organization has long been to strengthen the identity management technology and associated processes, and the security risks posed by cloud computing are no doubt a fallback. Companies can extend directory service validation outside the enterprise environment to handle applications or systems in cloud services, but if a third-party system is compromised, the authentication system may also be compromised.　　Companies can also adopt new solutions: Setting up a barrier between cloud services and existing infrastructures, a disadvantage of which is that businesses will have to consolidate multiple identity management and access management systems, so this cumbersome alternative is unattractive. Fortunately, some cloud vendors are beginning to address this problem. Google's new capabilities can integrate Google Apps into existing single sign-on tools, improving security and simplifying management processes. An enterprise we interviewed deployed advanced authentication servers so that cloud systems can be validated through Lightweight Directory Access Protocol (LDAP).　　Another enterprise extends its web-based authentication protocol to enable it to work with external sources and to authenticate cloud services using an internal managed system via a network service. Where are the data loss and backup data stored? Who has access to data security? These are big problems because, in addition to the Software as a service (software as a Service,saas) vendor, cloud service providers have little experience in dealing with sensitive data over the long term. In general, data is shared and stored in cloud services and therefore potentially dangerous. In fact, it's risky to keep data inside the company, not to mention cloud services. We often evaluate the risks/benefits of data access within an enterprise, which can also be applied to cloud services, determining how those data can be transferred to cloud services, and how data is protected.　　This requires us to understand and verify the suppliers ' standards and make sure that they can be modified. When using cloud services, such as the flexible computing cloud of Amazon, an enterprise can encrypt data for operating systems, applications, or database management systems running in virtual instances.　　When using other services, such as application hosting, it organizations need to be more wary of developing programs to ensure that security is built into the program (for example, data encryption). Businesses should carefully consider the risk of data loss, regardless of where the data is stored. Amazon understands that computers fail from time to time, so it advises customers to deal with computer failures through redundancy and backup plans. Some cloud vendors provide backup services or data export capabilities so that enterprises can create data backups on their own, while othersAsk customers to use the enterprise development or third-party development of the backup program. Note the following key questions: How do I make a backup? Some cloud vendors perform data backups, but in most cases you have to make backups yourself.　　Many Amazon EC2 customers use the company's simple storage service (easy Storage service) or resilient block storage services (elastic blocks Storage) to store backup files.　　Can you test backups? If the cloud service fails to be used, does the enterprise have access to the backup files? Where are the backup files located? It can be stored either in a vendor-hosted cloud storage System or in a corporate infrastructure.　　In any case, you have to make sure that backup data is tightly protected during storage and transfer. Managing and monitoring an enterprise's information security team spends a significant amount of time monitoring the vulnerabilities mailing list, patching the system, and sometimes rewriting code-patching vulnerabilities. When using cloud services, they believe that cloud providers will do their best to do so responsibly. Few vendors offer customers ways to validate their security.　　When using cloud systems, such as Joyent or Amazon's EC2, organizations can apply security measures at the operating system, database, and application tiers, but ultimately they rely on vendors to secure network, storage, and virtual infrastructure. Although cloud service customers cannot patch or monitor vulnerabilities themselves, they are still trying to manage risk themselves. Companies must assess which assets need to be protected and find ways to protect them, such as setting up layered security measures around the cloud infrastructure. Even so, rules such as the payment card industry (Payment cards INDUSTRY,PCI) data security standards can still be unexpected: The PCI board did not specify which category the cloud vendor should be included in,　　So different auditors may have a different approach to the same problem. Customers must require cloud service providers to provide monitoring capabilities so they can monitor the people who access the data.　　If the enterprise requires detailed audit trail information, they need to encrypt the data or simply set up applications that do not touch sensitive data in the cloud service. There may be significant progress in this area soon. At the end of 2008, Google announced that its apps had passed the security process review for SAS Type II.　　We would like to see more vendors selling security standards as a security issue because it is the enterprise that hesitates to move applications to cloud services. However, the enterprise's internal information security team should not wait for suppliers to improve security. From desktop applications to server hosting, cloud computing is increasingly appealing in almost every area. Applications that require a higher level of security (such as the health Insurance Flow and Accountability Act (HIPAA) or PCI-related applications) may be difficult to use in cloud suits, so these programs are best placed on an enterprise internal server. Community applications and content sites are more applicable to cloud services. What kind of program can be safely placed in the cloud services, which the enterprise's IT department must be in mind. However, the cloud will eventually become part of the infrastructure, so IT departments must find ways to securely connect enterprise systems and cloud infrastructures.