Cloud Security alliance: An important risk list for cloud computing

Source: Internet
Author: User
Keywords Suppliers cloud services cloud computing

Some of the most important risk lists for public cloud computing are broad and complex, such as the Cloud Security Alliance's 1.0 edition of the important risks of cloud computing. The following items are included in most risk lists:

1. Network security

From the point of view of the IT manager, this one is still the first to go ahead. This article also includes some data protection and privacy subcategories, from the physical security and application security of software that is a service provider (SaaS), as well as over advertising leaks.

"Trust me, I am saas-y," said Steve MacLellan, senior vice president of the Financial Services Enterprise architecture at the Boston Fidelity Technology Group. He added that it was important to ask them about security strategies, to inspect their data centers, and to ensure that the data was physically safe.

Then, do your best to protect the data. "We make sure that our data is encrypted when we leave, which is done in the data center before the problem occurs," said Petertoth, an IT operations manager at the GfK Customization Institute in Princeton, New Jersey, a Department of Research and Development company GfK Group ”

For others, security is no longer a threat in cloud computing, but something else in their own backyard. "I want to say that the cloud (even the public cloud) is not inherently safer or less secure than your internal environment," said Richmogull, the CEO and analyst at Securosis LLC, a Phoenix consulting firm. It all depends on what kind of control is used and how you implement it. ”

2. Identity Management

Passwords are a problem, especially since the insurgents now have computational power to sabotage (interestingly, they can use the computational power of the public cloud). The federal government is working on the development of the federal ID ecosystem, which protects against cyber-disruptive elements. Earlier this month, the Obama administration announced it would create a credible online identity program led by the new National Planning Office, headed by the Ministry of Commerce.

3, Compliance

In terms of boundaries, they may actually be virtual, but they may also be physical. The new rules limit where and how long the physical data for financial services, health care and insurance will reside. MacLellan said: "Indeed, we have also heard some (about complying with these new rules), the provision of the environment is somewhat unfriendly", may refute the ' cloud is a free-trade zone ' concept. For example, some information may not cross national boundaries, but it is almost impossible to know where the public cloud data is kept. In addition, Drue Reeves, the vice president of Gartner and a leading analyst, believes that the burden on cloud customers is to ensure that cloud providers comply with rules that affect their company's data.

4. Data integration

One risk in using a public cloud service is to integrate data naturally in a cloud silo. It is not easy to integrate the data that resides in the cloud service with the enterprise back-end system. Especially if the enterprise has not experienced organization-level information integration challenges. James Staten, vice president and chief analyst at the Forrester Research company in Cambridge, Massachusetts, argues that companies that have set their data to be easy enough to use across multiple platforms are in the best position to play the full advantage of cloud services.

According to the EMC Corporate Information Leadership Board, an IT executive, whose members mainly discuss the challenges of cloud computing, it is also important to develop the habit of encrypting data, marking stable data and consolidating the storage asset Library. The organization recommends that the number of cloud platforms that must be supported should be minimized by avoiding a large number of integration efforts.

Cloud experts also suggest that the use of ETL (extract, transform, load) tool can simplify the data from one format to another format conversion. The goal is to convert information into a common format-most likely to be translated into Extensible Markup Language (or XML)-so that the data is easier to move and search.

5, the manufacturer locks

This thorny issue boils down to the issue of standard interoperability changes among different cloud service providers. We assume that you don't like your public cloud vendor's policy changes and would like to select another vendor. In this case, the cloud may appear to be known as the Babel problem, although many vendors are providing better interoperability. Microsoft's Azure platform was meant to be directly connected. NET, now there is also an open source software development Toolkit to support developers using the PHP scripting language, while the Salesforce.com company's once dedicated force.com development platform also supports Java application development.

Tom Bittman, a renowned analyst at Gartner, claims that there are 10,000 suppliers of such or such a company that are currently involved in cloud services. "We need someone to help us judge it," he said. He predicts that cloud brokers will rise as new system integrators, and they will help businesses do data integration between back-end systems and cloud services. He also predicts that by 2015, 20% of cloud services will be carried out through cloud service proxies, rather than direct interactions, now at 5%.

This "simultaneous" may also be the result of integration between cloud service providers. As competition intensifies, smaller suppliers will not necessarily fail. Choosing the right suppliers according to Bittman is one of the key decisions that it executives will make this year. "We see some suppliers fail and the data is lost," he said. ”

7, manageability

Cloud services may not provide the level of management consistent with the business expectations. In the opinion of some CIOs, this idea is one-sided, end-to-end view of on-demand customization and cloud applications. These include Gainsco company Ciophilwest, which is headquartered in Dallas Russia, a non-standard automotive insurance provider. Last fall, some vendors, including Vizioncore (now part of the Quest software company), Veeam Software, LogMeIn, precise software solutions, Compuware and Microsoft, released surveillance tools The plan provides end-to-end visibility to the cloud services for the enterprise.

8, usability

Businesses cannot tolerate service outages, for whatever reason, from bandwidth throttling to distributed denial of service (DoS) attacks. "It's all about quality, not about Low-cost services," said Lalitendupanda, a global CIO at D&m Holdings, headquartered in Japan. Interruption of service is a problem; we have several ' situations '. It is unrealistic to hope that you own (infrastructure) and that you can modify it yourself. You have absolutely no control over other applications running in the cloud, which can lead to lower cloud service performance. ”

9. Sharing resources

Because of the nature of the public cloud multiple leases, many companies share a set of infrastructure resources. Drewbartkiewicz, the CEO of Cyberriskpartners Limited (a New York Cloud insurance provider), believes that the reliance on all "households" sharing the same cloud of resources poses a potentially catastrophic risk. "Public cloud providers will only transfer risk through contracts and pray that the disaster does not happen to them," he said. ”

Tanya Forsheit, co-founder of Infolaw Group LLC, believes that the key to cloud services, on the other hand, is that you share space. "If you continue to use the (public) cloud, you have to accept the fact that otherwise you can keep the data in a private cloud," she said. ”

10. Legal ambiguity

The fact is that the responsibility in cloud services is not black and white, because the lack of such public cases can be a precedent reference. If a public cloud-computing provider loses data on regulatory issues, the supplier should share responsibility, says Reeves of Gartner. He added: "It organizations should make it clear in their contracts that suppliers understand and assume responsibility for regulatory issues." If he has already told the supplier what services are needed, why should consumers be held responsible? He added that the division of responsibilities in cloud services was still in its current stage of development and that vendors might be exempt from escrow when a service connection was interrupted, but there was no joint compensation for business losses. Before the dust settles, imagine the new ecosystem that cloud insurance agents are creating.

There's no turning back

This is not so much a risk as it is about reality. Because people in it trenches are worried about what they will lose once they adopt public cloud computing. Danny Jenkins, a BlackBerry administrator at J.c.penney Company in Plano, Texas, said: "Once you get out of the private space and go into the public cloud service, it's almost impossible for you to go back and think about it." "The risk here is that you" give up your own internal knowledge base. ”

(Responsible editor: Duqing first)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.