Detect and manage unauthorized cloud computing use
Source: Internet
Author: User
KeywordsCloud computing they the developers if
While most people may know whether they've deployed apps or data in cloud computing, here's a tip: If your http://www.aliyun.com/zixun/aggregation/7155.html "> developers have credit cards, Then you are in the cloud. It's a joke, there's another criterion: if any of your reps ask for help desk less than once a month, you're using cloud computing.
One of the top issues facing companies today is not whether they have adopted a certain level of cloud computing services, but whether they can manage their cloud migration efficiently and securely. Too many companies are too late to discover that some business units or developers have not migrated important data or applications from the enterprise to cloud computing through "proper" channels. It's hard to blame them, because when developers are faced with the following choices, it's hard for us not to make a similar choice: one is to use credit cards to build a cloud-based test system in minutes, and the other is to spend months configuring a new system in the datacenter. And they may not be able to manage them directly.
And those sales reps: Never underestimate the role of free online services that can help salespeople exchange and manage information more easily on the way or at home when telecommuting. These challenges can be divided into two categories: developers and IT experts make full use of cloud computing as an Extended data center/test environment, and users use buyer/convenience cloud computing services to help them deal with their day-to-day work more efficiently. This is not a bad thing, users are not necessarily intentionally violating the rules (if there are rules), but it is important for US security professionals to get more information and control these migrations where necessary.
Here, there are three tools that can help us detect and manage cloud computing in particular:
* URL filtering. While most companies use proven technology to control inappropriate web browsing such as adult content or unauthorized social media services, tools can easily detect multiple forms of cloud computing access. All cloud computing services can efficiently use the network as their primary management interface. Because most APIs call known URLs through the HTTP protocol, this type of use can be detected directly. This is achievable through the SPI layer, SaaS, PaaS, IaaS, and because its management interfaces are different from those that simply connect to the managed Services site, you will not be bothered by too many false positives. URL filters can provide you with a good sense of using the management platform and API interface, at least to achieve the main service.
* Prevent data loss. DLP is not too concerned about the goal, but more attention to content. All the complete DLP tools support HTTP parsing, and even if you support the platform and configuration, it can also analyze SSL sessions. The basic DLP rules should be able to easily detect that sensitive data in the enterprise is transmitted to cloud computing or other. You can make further adjustments to cloud specific information by statistical background content such as goals.
* Database activity Monitoring. Many people are less concerned about employees posting one or two of files on Google Docs, and more about developers putting product data into a cloud-based development environment. Database activity monitoring can detect the activity of the primary production database, indicating a potential transfer operation to an internal or external test environment. Whenever you see a new, large subset of data, you need to look at it. If the user has also entered a URL for a cloud computing provider, it is time to review it further.
These are just basic tools; there may be additional tools to help you improve detection of cloud computing usage and sensitive data migrations. Any time you see someone typing something in the cloud Services management Console or generating a large data, you should immediately be alerted and find out if something is going on.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.