Five important experiences on cloud computing technology security

Source: Internet
Author: User
Keywords Cloud computing Technology security

How can cloud computing technology be safer? Now we look at the relevant issues in detail, in fact, in terms of security issues, only a more secure to better occupy the market. Now let's take a look at the relevant issues in detail.

Some cloud computing technology security may pose a security risk, but there is no exhaustive example of where the danger exists, and for today's cloud computing technology security providers, whether legal or virtual machine security issues are not the biggest obstacle to cloud security.

While many companies are considering migrating apps to the cloud, security experts warned last week's Blackhat security meeting that cloud Security's third-party services are still not ideal.

The ongoing economic downturn has made cloud computing a hot topic, with eager cost-saving entrepreneurs and small businesses using virtual machines on the Internet, while large enterprises have pushed their jobs such as customer relationship management to companies like Salesforce.com. But experts warn that companies need to be more cautious about the security implications of moving infrastructure into the cloud.

"Many small companies use the cloud to save money, but high-end users are not audited when using cloud technology security," said Haroonmeer, director of security company SensePost, who led the study of Amazon's elastic computing cloud.

Their experiments show that companies often do not scan applications that come from third parties, making it easy to create a Trojan horse in the company's internal network.

There are a number of similar examples, and eventually they presented five points about cloud security at the Blackhat Conference:

1, cloud computing technology security lack of legal protection

Businesses need to recognize that data in the cloud does not have a higher legal standard, and that governments or lawyers focus on finding and even using data that has not been verified.

Also, cloud providers are more concerned with protecting themselves than customers, says Isecpartners's security advisor Alexstamos, so don't expect legal services to benefit customers.

"All cloud services companies have very active and well-trained legal departments," Stamos said, "agreeing to these agreements when you apply for cloud services basically means you have nothing." "In other words, if there is data loss, the supplier will not do anything for you."

2, does not belong to your hardware

If the enterprise wants to test something, they must remember that they do not own any hardware. Although some service agreements, such as Amazon, can specify that the client is tested, it is also critical to obtain permission from the software vendor running above.

3. Strong policy and user education

While cloud computing technology security provides businesses with the benefits of accessing data and saving people, a server that is always online means that hackers can threaten the company at any time.

4, do not trust the virtual machine

When using a virtual machine from a cloud vendor, users should not trust the operating system on which they are running. Meer said.

SensePost researchers found that a series of keys and potentially malicious code, such as a range of caches, credit card data, could be hidden in the system, but no one noticed. He advises companies to build their own mirrors for internal use to protect themselves.

5. Reconsider Your Erection

In any case, the company's technical managers need to reconsider the cloud in their assumptions.

For example, cloud computing technology security when you deploy applications on a virtual machine in a data center, these randomly generated virtual machines may not make your application effective. The problem is that the security of a virtual machine is much worse than that of a physical server.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.