Attack threats prompt cloud security standards to be established

As more companies begin to choose to migrate their data and applications from their internal IT systems to the cloud services provided by third parties, a security expert predicts that attacks on the vendor infrastructure will become "increasingly serious". Experts believe that these threats will lead to discussions about the need to establish cloud standards. Jim Revis, managing director of the Cloud Security Alliance (CSA), said that as more companies began to choose to use outsourcing to manage data and applications, this approach could get the attention of hackers, starting to attack the cloud's backend infrastructure and platform-service (PaaS) systems. "I think people are going to see a very serious accident and things are going to be very interesting because they could lead to a discussion of who is in need of liability for breach of contract," the executive said. Revis is in Singapore to attend a meeting of the International Organization for Standardization on cloud safety standards, while establishing the CSA Singapore office. He noted that it was important to discuss "how to build a vendor-and-customer-controlled architecture" at a cloud security standards conference that included government officials and private sector representatives. Revis believes that the establishment of security standards has become a number one problem, as companies migrate to the cloud faster and faster. He further noted that, in particular, virtualization and cloud computing had brought more and more data and assets to a separate infrastructure, and that the problem of risk concentration needed to be recognized. "Take virtualization as an example," he explains. We know that attacks against virtual machine managers can lead to a virtual machine movement, which means that many customers may be affected. "Revis stressed the importance of maintaining communication with Governments and national regulators, as well as responding to the consequences of natural disasters, and as stakeholders, they could learn to use their systems or suppliers to mitigate the damage caused by cyber attacks." The solution to the data privacy problem in addition to the development of security standards, Revis is also very concerned about the current use of data location privacy legislation to deepen. This, he explains, is due to the lack of "appropriate and effective data privacy laws and regulations". Revis points out that different regions currently have different views on how to protect the security of sensitive information. For example, companies in the European Union cannot store data in data centers outside of the zone. Of course, Revis admits that the problem can be bypassed by adopting a model of "safe zones". One possible approach, he explains, is "format encryption, so that the encrypted information in the software can be placed in any location without compromising data integrity, in accordance with the Software as a service (SaaS) model." However, he further added that the effects of these methods were "very limited". On a personal level, Revis that discussions on more permanent solutions should "speed up" to allow the law to confirm this as soon as possible, while CSA is committed to accelerating communication with national regulators. On"To help law makers and government officials understand how cloud patterns work, and explain that the law is still being followed in the application of technology," he said in a detailed note, noting that if the practice succeeds, it will not only benefit companies in highly regulated industries, Cloud service providers also benefit from the expansion of the potential customer base. "From an economic point of view, cloud service providers can serve customers beyond the country," Revis said. If you want to become a regional or global supplier, the jurisdictional constraints will have an impact on the probability of success. The CSA executive predicts that the next 18 months will be critical for the cloud industry as a large number of companies will see the results of the cloud project. In fact, he has found that in the past three months, the "migration rate of large projects has become very rapid". Revis pointed out: "The company has believed that the cloud belongs to the future development direction, the question now is how to carry on the concrete deployment"; For businesses, while there is a lot of discussion about what percentage of data should be allocated to private and public clouds, at least they are starting to focus on mixing. As a CSA executive, Ray Davis is encouraged by current trends and is confident that the next 1.5-cloud standard is set to make the industry "more coordinated". "Editorial Recommendation" when intranet security meets cloud security cloud security advantages and disadvantages the SME network can also cloud security the analysis of the five trends of cloud security in the 2011 the cloud security concerns are just clouds? Cloud security Services: How do WAF and DDoS attacks prevent cloud security issues? Where is the cloud security? Data protection is the key cloud security is the premise of large-scale application of cloud computing "responsible editor: Shang Micro TEL: (010) 68476606" Original: Attack threat prompted cloud security standards to quickly establish return to network security home