Security problems in cloud computing and the corresponding seven counts

The Cloud Security alliance, together with Hewlett-Packard, listed seven of the sins of the cloud, mainly based on findings from 29 companies, technology suppliers and consultancy firms.

1 data loss/leakage: cloud Computing in the security control of data is not very ideal, API access control and key generation, storage and management deficiencies can cause data leakage, and may also lack the necessary data destruction policy.

2 Sharing technology vulnerabilities: In cloud computing, simple bug configurations can have a serious impact because many virtual servers in the cloud computing environment share the same configuration, so you must perform service level agreements (SLAs) for network and server configurations to ensure that hotfixes are installed and best practices are implemented in a timely manner.

3 supplier reliability is not easy to assess: cloud computing service providers of staff background investigation may be different from the enterprise data access control, many vendors do well in this area, but not enough, the enterprise needs to evaluate the supplier and propose how to filter the staff's plan.

4 identity authentication mechanism is weak: a lot of data, applications and resources are concentrated in the cloud computing, and cloud computing if the authentication mechanism is weak, people can easily access user accounts and login to the client's virtual machine.

5 Insecure application interfaces: in developing applications, businesses must view cloud computing as a new platform, rather than outsourcing. During the lifecycle of an application, a rigorous audit process must be deployed, and developers can use certain guidelines to handle authentication, access control, and encryption.

6 does not use cloud computing correctly: in the use of technology, hackers may progress faster than technicians, hackers are often able to quickly deploy new attack technology in the cloud of freedom to travel.

7 Unknown Risk: Transparency issues have been plagued by cloud service providers, account users use only the front-end interface, they do not know what their suppliers are using the platform or repair level, mainly management issues.

Seven cases show that the cloud security situation changes very quickly, more serious than the previous information system problem, how the information security level protection adapts to the stone computation, needs the deep human research. The existing protective measures should be changed accordingly.

In addition, cloud computing and the previous calculation model security risk is different, cloud computing environment, the information security problem is more serious, more prominent, the core problem lies in two aspects, first of all, the previous information systems are built by themselves, or managed, in the security resources and basic equipment has controllability. In the cloud computing environment, IT resources and infrastructure can not be managed and controlled by an uncontrollable and untrustworthy operator. The second problem is that larger heterogeneous sharing and virtual dynamic operating environment is difficult to control, cloud computing is a dynamic computing environment, the operating environment in a sense is disorderly.

This article comes from the Http://www.mkddos.com/wendang/2012/1029/19.html DDoS Group specializes in providing DDoS attackers, DDoS attack software, DDoS attack tools and tutorials, as well as traffic attackers, web site attackers to download