Cloud-era panic counting cloud computing's most serious threat

Source: Internet
Author: User
Keywords Cloud computing these lost cloud computing these lost

Cloud computing has entered the stage of landing, the development of everyone is obvious to all, many companies began to consider or have embraced cloud computing. Cloud computing provides small and medium-sized enterprises with many benefits, saving money, creating new resources and so on. These are the benefits of cloud computing, but among these advantages, most people are still worried about its shortcomings, the most concerned is the security issue. Analyzing threats and risks in cloud computing can help you understand the pros and cons of cloud computing, take advantage of cloud computing, and adopt appropriate measures to avoid loss.

Security threats

According to the IDC survey, cloud security issues have been the most concerned aspect of cloud computing. Domestic reports have similar findings that the respondents to the survey have technical security concerns that are preventing them from migrating to cloud computing platforms.

In fact, some cloud service providers encrypt the user's data while also backing up the user's data for a period of time before destroying the data, so companies need to anticipate and plan for risk before going into the cloud.

Therefore, to enable enterprises and organizations to apply cloud computing technologies and platforms on a large scale, and to confidently deliver their data to the cloud service provider, it is essential to fully analyze and address the security issues facing cloud computing.

Is it easier for companies and individuals to become targets of hackers when cloud computing is the key data management enterprise? This may not be a common problem, but it is not a possibility, given that cloud computing data security issues, such as medical, financial and other data-sensitive enterprises are not recommended to apply cloud technology.

Data threats

Data issues are a top priority for every CIO. Because the biggest nightmare of leaks is that the company's sensitive internal data has fallen into the hands of its competitors, and that cloud computing has added new challenges to the problem.

Data loss is a serious problem for both consumers and businesses. Data stored in the cloud can be lost for other reasons. A single deletion by a cloud service provider, or physical damage due to natural factors such as fire, can result in loss of user data unless the vendor makes a very good backup effort.

But the responsibility for data loss is not always on the supplier side, for example, if the user is improperly encrypted before uploading the data and then loses the key himself, it can also cause data loss.

Internal operational issues

Both within the enterprise and within the cloud computing service provider, the malicious actions of the people are very dangerous and the consequences are very serious. Cloud service providers will certainly not disclose their employees ' level of physical server and virtualization, much less tell you about his analysis and reporting policies.

The threat posed by malicious insiders in the security industry from internal malicious personnel has become a contentious topic. Malicious insiders who are at risk for an organization may be employees, contractors, or other business partners who have access to the organization's network, system, and database permissions, and abuse their authority, resulting in impaired confidentiality, integrity, and availability of the system and data of the enterprise organization.

This means that as long as there is a certain level of authorization, the internal personnel can obtain confidential data and control cloud services, listen to the horror of it! In fact, users can obtain information about these operations, as long as the service level agreement signed when it is possible.

Service outages and attack issues

From these years of experience in cloud computing services, there are always some common outages that occur, including data backup, downtime, and data center offline. Thankfully, these cloud-breaking failures are predictable.

The best way to solve the power failure is to prevent power outages, after all, there is no reliable server. Therefore, the author recommends that the enterprise choose a cloud computing service provider that can provide many service interruption solutions.

There are also denial of service attacks in addition to service interruption issues. A denial-of-service attack is a means by which an attacker prevents normal users from accessing the cloud services normally. It is common to force some critical cloud services to consume a large amount of system resources, such as processing processes, memory, hard disk space, and network bandwidth, causing the cloud server to react extremely slowly or completely unresponsive.

Denial of service (DDoS) attacks have caused a lot of trouble and have been the focus of the media, their attacks may not have a substantive purpose. Asymmetric application-level denial of service attacks are aimed at the fragility of Web servers, databases, or other cloud computing resources, and then run a small malicious program on the application, sometimes less than 100 bytes.

There are also some cloud service providers that are not strict with the registration process for market or other purposes, and cloud services are easier to obtain. Unscrupulous criminals can use the cloud computing platform to send a lot of spam, manufacturing or hosting malicious code, large-scale crack passwords, DDoS attacks, manufacturing and management of zombie networks.

Investigate audit issues

In cloud computing, storage, bandwidth services can be acquired across the world, and user-supplied account information may be forged, combined with different countries and regions on the demand for illegal evidence, so it is difficult to trace the network crime based on cloud computing platform. Traceability is more difficult when the resources in the platform come from multiple, multi-level third-party vendors.

On the other hand, cloud computing platform storage has a number of customer data, in the investigation and forensics process, the supplier does not necessarily cooperate, if the cooperation, will give other customers business risk. For example, Google has repeatedly submitted WikiLeaks volunteers ' mailbox data to the U.S. government, which means that Gmail users are at risk of privacy being compromised. Furthermore, in the process of qualification audit, the service provider may not provide the necessary information, so that the third-party agencies may not be able to carry out accurate and objective assessment of the service provider.

Insufficient review to reduce cost, operational efficiency, security promotion, these advantages let people flock to cloud computing, for those who have the resources to be able to reasonably use cloud technology enterprises, this is indeed a very real goal, but there are many enterprises in the swarmed tide, not really clear understanding of this technology's full picture.

If the cloud services provider environment, applications, operational responsibilities (such as accident responsibility, encryption issues, security monitoring), and so do not fully understand, enterprise organizations if the hasty adoption of cloud computing, it may face the various unknown risks of cognitive deficiencies, which is more serious than the immediate risk.

In fact, we can see that compared with traditional data center services, cloud computing has many advantages, such as large-scale benefits, can achieve rapid, intelligent resource expansion. But also must realize the article analysis these kinds of security threat and the risk, takes the appropriate measure, avoids weaknesses, lets more applications benefit from the cloud computing service.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.