Application of "CIA three" to define cloud computing risk and protection measures (II.)

Source: Internet
Author: User
Keywords Cloud
Tags access access control application backup based block checking software cloud

"I": Integrity (Integrity) risk

These risks affect the assurance of the validity of information and the correctness of information. Some government regulations pay special attention to ensuring the accuracy of information. If information is changed without warning, authorization or audit trail, its integrity cannot be guaranteed.

1) Failure

Computer and storage failures that can cause data corruption.

Defense: Make sure that your chosen service provider has the appropriate raid redundancy for the storage network built into it, and that archiving important data is part of the service.

Instrumentation: Integrity verification software that uses checksums or other methods of data validation.

Blocking: Because of the nature of the data, and the reason for no interaction, we can take little action.

Residual risk: Technical failure of corrupted data can result in operational and commitment risks (especially Oxley).

2 Data deletion and data loss

Accidental or malicious destruction of any data, including financial, corporate, personal, and audit trail information. Data damage caused by computer system failure or misoperation.

Defense: In a cloud environment, be sure to back up your critical data and place it in the environment of multiple cloud service providers.

Detection: Maintain and review data deletion related audit log.

Block: Maintain an education and vigilance program for individuals who access and manage data. Ensure that the appropriate data owners who have full rights and control over the data are allocated.

Residual risk: Once the critical data is lost, it is lost forever and cannot be recovered.

3 data corruption and data tampering

Data changes due to damage to a computer or storage system, or to malicious human operations or software. Attempts to defraud data modifications.

Defense: Use version control software to save archived copies before important data is modified. Cloud services provide virtually unlimited data storage, which means you can maintain an almost unlimited backup of previous versions. Ensure that all virtual servers are protected by antivirus (AV) software. Maintain data based on the principle of least privilege and role-based access control based on the "need to understand" principle for roles or job functions.

Detection: Any modification of critical data requires the use of integrity checking software to monitor and report.

Block: Maintain an education and vigilance program for individuals who access and manage data. Ensure that the appropriate data owners with sufficient rights and control over the data are allocated.

Residual risk: Corrupted or corrupted data can cause significant problems, since effective and reliable data is the cornerstone of any computing system.

4) Accidental Modification

Loss of data integrity is perhaps the most common cause of data change either because of the individual, although he may be modifying other information or because of incorrect input.

Defense: Use version control software to save archived copies before important data is modified. Cloud services provide virtually unlimited data storage, which means you can maintain an almost unlimited backup of previous versions. Ensure that all virtual servers are protected by antivirus (AV) software. Maintain access control for data based on the principle of least privilege, according to the "need to know" job function.

Detection: Any modification of critical data requires the use of integrity checking software to monitor and report.

Block: Maintain an education and vigilance program for individuals who access and manage data. Ensure that the appropriate data owners with sufficient rights and control over the data are allocated.

Residual risk: Corrupted or corrupted data can cause significant problems, since effective and reliable data is the cornerstone of any computing system.

5) Phishing

It is a common strategy for "social engineering" to deceive the victim into revealing personal information through e-mail. For example, an e-mail message that looks like it came from a legitimate company that directs users to log in and provide credit card information.

Defense: Use anti-phishing techniques to defend against malicious Web sites and detect incorrect URLs. Use multi-factor authentication for customer systems to ensure that users know when they are redirected to a fake copy of your site. Regularly send up-to-date information and educational materials to customers to explain how the system works and how to avoid phishing. Never send emails that contain or request personal data, including a customer ID or password.

Detection: Use the application firewall to detect when a remote site is trying to replicate or use your site.

Block: Maintain education and vigilance programs for people who use and store personal information about employees or customers.

Residual risk: Due to public media exposure or allegations of loss of personal data, the loss of a backup disk or a compromised commercial risk of a database containing customer information creates a significant reputational risk. Negative publicity could lead to long-term and short-term corporate reputational losses.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.