Attack threats drive cloud security standards

Jim Revis, managing director of the Cloud Security Alliance (CSA), said that as more companies began to choose to use outsourcing to manage data and applications, this approach could get the attention of hackers, starting to attack the cloud's backend infrastructure and platform-service (PaaS) systems. "I think people are going to see a very serious accident and things are going to be very interesting because they could lead to a discussion of who is in need of liability for breach of contract," the executive said. Revis is in Singapore to attend a meeting of the International Organization for Standardization on cloud safety standards, while establishing the CSA Singapore office. He noted that it was important to discuss "how to build a vendor-and-customer-controlled architecture" at a cloud security standards conference that included government officials and private sector representatives. Revis believes that the establishment of security standards has become a number one problem, as companies migrate to the cloud faster and faster. He further noted that, in particular, virtualization and cloud computing had brought more and more data and assets to a separate infrastructure, and that the problem of risk concentration needed to be recognized. "Take virtualization as an example," he explains. We know that attacks against virtual machine managers can lead to a virtual machine movement, which means that many customers may be affected. "Revis stressed the importance of maintaining communication with Governments and national regulators, as well as responding to the consequences of natural disasters, and as stakeholders, they could learn to use their systems or suppliers to mitigate the damage caused by cyber attacks." The solution to the data privacy problem in addition to the development of security standards, Revis is also very concerned about the current use of data location privacy legislation to deepen. This, he explains, is due to the lack of "appropriate and effective data privacy laws and regulations". Revis points out that different regions currently have different views on how to protect the security of sensitive information. For example, companies in the European Union cannot store data in data centers outside of the zone. Of course, Revis admits that the problem can be bypassed by adopting a model of "safe zones". One possible approach, he explains, is "format encryption, so that the encrypted information in the software can be placed in any location without compromising data integrity, in accordance with the Software as a service (SaaS) model." However, he further added that the effects of these methods were "very limited". On a personal level, Revis that discussions on more permanent solutions should "speed up" to allow the law to confirm this as soon as possible, while CSA is committed to accelerating communication with national regulators. "Help the law makers and government officials understand how cloud models work, and explain that the law is still being adhered to in the application of technology," Davis said in detail, noting that if the practice succeeds, not only for companies in highly regulated industries to benefit, cloud service providers will alsoBenefit from the expansion of the potential customer base. "From an economic point of view, cloud service providers can serve customers beyond the country," Revis said. If you want to become a regional or global supplier, the jurisdictional constraints will have an impact on the probability of success. The CSA executive predicts that the next 18 months will be critical for the cloud industry as a large number of companies will see the results of the cloud project. In fact, he has found that in the past three months, the "migration rate of large projects has become very rapid". Revis pointed out: "The company has believed that the cloud belongs to the future development direction, the question now is how to carry on the concrete deployment"; For businesses, while there is a lot of discussion about what percentage of data should be allocated to private and public clouds, at least they are starting to focus on mixing. As a CSA executive, Ray Davis is encouraged by current trends and is confident that the next 1.5-cloud standard is set to make the industry "more coordinated". "Editorial Recommendation" attack threat prompted cloud security standards to quickly establish the traditional anti-virus concept of the end of the domestic pseudo-cloud security majority of the Network Qin grabbed a "cloud security" market rising won the "Best Technology Innovation Award" "Cloud Security" to guide the future direction of the next generation of firewall Pike overall layout "cloud security" Jia Jia TEL: (010) 68476606 "Original: Attack threat prompted the development of cloud security standards return to the Network security home page