Cloud security remains China's cloud computing development elbow

With the continuous development of cloud computing technology in China, the development of cloud computing market in our country can be said to be in full swing. But the Chinese people also have to "Great leap forward" thought, the slogan shout of loud, the actual application is really flawed, especially cloud security problem. Since the advent of cloud computing, whether international or domestic cloud security issues have been the development of the cloud computing elbow, enterprises if the transformation of cloud computing must consider the security of cloud computing.

Cloud computing is potentially a huge security risk when it has huge business opportunities. There are many operation and use risks in cloud computing development: Isolation failure risk, compliance risk, management interface damage risk, data deletion not thorough risk, internal threat risk and so on. Therefore, security issues are still the main constraints of enterprise deployment of cloud computing resources, the biggest problem is not in the cloud environment data may be corrupted, but the possibility of cloud disruption, resulting in data loss. There is a view that the biggest risk of using cloud computing is that key data may be compromised, but we rarely see such a scenario, which can be said to be a handful.

It is now more common for cloud outages and data loss, and in this regard, there is a lack of preparation for the business. These problems appear again and again, so they are likely to reappear. Although this is one of the most significant concerns of cloud users, according to Gartner's recent survey, only half of the companies have deployed programs to assess the duration of business continuity processes. He added that the issue of safety leaks should not be overlooked, but the more pressing issue was around business continuity.

The cloud computing industry is slowly tackling these problems, but the vendors, users and third-party agencies that are trying to drive cloud security improvements should do more.

In service level agreements (SLAs), vendors have been reluctant to address the security recoverability of data loss. Everyone complains that cloud service providers are vague about how they protect their customers. Some vendors say they will not publish this information because there may be some security risk involved. Vendors have repeatedly claimed to be able to provide high levels of data availability and confidentiality, but Heiser said they did not provide evidence to allow customers to verify their rhetoric.

In this regard, users should be more proactive. The first thing a user needs to do is classify data and mark the data that really needs to be protected. Incomplete or non-existent data classification is a common problem. "If users do not know the security requirements for specific data that are different from other data, it will be difficult to assess whether the vendor can provide sufficient security," Heiser said. ”

Third-party organizations are working to establish standards and certification in these areas, but Heiser says this is still lacking. For example, the Cloud Security alliance has taken a wide range of measures to address a variety of issues, but these measures are not deep enough to address the fundamental problems of specific areas.

So what should enterprise cloud users do? Choose your Cloud control ' campaign '. The macro trend is that more and more data will appear in more and more end-user devices, making it more difficult to control data and creating more vulnerabilities. By classifying data, companies can prioritize data that requires high security protection. For most businesses, the most important data will be less than 20% of total data, or even 5% or less. For this data, the enterprise should be "desperate to protect", using encryption, token, data loss defense system or to keep the data within the enterprise, rather than the public cloud. You should also deploy antivirus software, Anti-malware, and other security and control to ensure that other data is not vulnerable to attack. In the present situation, the reality is that most of the data will need to protect themselves.

According to IDC statistics, currently, 87.5% of surveyed users believe that "security issues" is the main problem affecting their adoption of cloud services. In particular, there are many differences in the legal aspects of cloud services and traditional IT services. Therefore, clouds enterprises should be cautious. In the contract of cloud computing service, we should pay more attention to the accurate description and definition of the rights and obligations of the contract concerning security breach, data transfer, control change and data access. Carefully consider the risks. Carefully sign the contract. Prevent false entry in the letter trap reserved by the contract.

In addition, cloud service providers must circumvent the risk of malicious users abusing cloud services. To avoid the above risks, cloud service providers must have a comprehensive security reinforcement of the cloud system, not only in the cloud deployment of targeted security products, but also from the system level, the establishment of a sound key management, authority management, cloud security certification monitoring services, such as multidimensional security mechanisms to ensure the safe and smooth operation of the cloud services.