Who should be responsible for the security of cloud providers?

Foreign media reported on July 15, May 13, US east time. A new study found that once you hand over data to the cloud for storage, it means you will find many basic data-related things. For example, where the data is actually stored, and how data is copied.

According to Chenxi Wang, an analyst at Forrester Research in the United States, the most recent name is "How secure is your cloud game?". The report, we found, clearly, is not a sensational thing, the scope of the impact will be very large.

The delivery of data to cloud providers means that it is stored in an environment that can be shared by other users at any time. However, this does not mean that the security and privacy of such data will be protected, users must also work hard. If security is not properly implemented, potential business and legal liability will come to your door.

Wang recommends that you encrypt the data, whether it is to transmit the data from the cloud to the customer or when the data is quietly stored in the database. Cloud providers can use this method, but it depends on the user's evaluation of its effectiveness.

Wang also lists the places where many other users also need to verify that they are already in the region. For example, how auditors rate data security in the cloud and what authentication methods are used in the cloud, and how to differentiate data from other customers?

The concerns listed by Wang are correct. This list tells us that there should be an indispensable debate between service providers and users. Users must perform their due diligence in cloud security evaluation, and suppliers need to provide corresponding data at any time when users need it. Negotiation on such issues is expensive and time-consuming for both parties.

Whether the authentication procedures of Third-Party organizations can effectively use time and energy to evaluate the services of suppliers. Third parties will evaluate suppliers, and users prefer to rely on certification certificates compared to time-consuming and laborious research on their own. It is not as simple as a data violation incident in an enterprise that has passed the latest PCI certification, but it is the most feasible solution to solve some complicated problems.

If you think the evaluation is necessary, you should not take into account the cost of the evaluation.

1. Not trapped in the security quarary: cloud computing is silly and naive to talk about security.
2. Cloud computing makes second-hand servers of IT service providers useless