Now with the continuous progress and development of cloud computing, many cloud computing providers are also starting to serve as a third-party cloud service to users of various cloud computing services, in the cloud, data security has always been the user and enterprise managers have been particularly concerned about, many companies are also beginning to consider their own data security strategy and planning issues.
Cloud ERA blow only 40% enterprises pay attention to cloud security?
Now more and more companies choose to put their own data in the cloud, which includes the public cloud as well as the private cloud of the enterprise and mixed cloud, which means that data and network security has become the biggest responsibility of these providers, many companies also closely follow the cloud wave, The infrastructure and business applications needed for cloud computing services are being upgraded and developed, making cloud data a safer security.
But no matter how much infrastructure and how many network services and business applications The enterprise moves into the cloud, the ultimate responsibility for information and networking rests with the enterprise itself. That's why companies need to elaborate cloud security policies.
Although cloud services are on the rise, only 40% of companies have a formal, centralized cloud security policy, according to a 2013-year endpoint state survey by the Ponemon Research Institute. This provides an ample opportunity for administrators to tighten their company's data and network. The above data we can see that until the rapid development of cloud computing today, there are still many enterprises do not realize, or still do not take the necessary data security control measures and strategies to protect the user's data, This is a reminder for cloud computing providers and many business users. >>
Cloud computing strategy key points
Cloud computing security is a commonplace topic, and to make data more secure, the security policies and solutions of an enterprise's internal cloud computing network are essential, says Hazdra, chief Security Advisor for Security Service provider Neohapsis, who said: "In the event of an accident, the enterprise will realize that We didn't expect such a thing to happen. ”
A short statement of the importance of data security in cloud computing, indeed, many businesses are aware of the importance of deploying cloud-computing security policies only when data is compromised and data is lost, but by then it is already too late, and ideally, companies should create their own cloud security policies before deploying the cloud.
In these issues, the important question is whether the enterprise has a clear data classification policy. The more sensitive data companies have, the more important the problem is, especially in tightly regulated industries such as health care and financial services companies. Data classification helps businesses prevent accidental uploads of critical data in data centers, and helps protect data that travels through network services. For example, Rackspace provides a way for clients to control which types of traffic can go through the paths of virtual networks, but businesses first need to classify traffic.
Of course, cloud computing security is not limited to data classification, the data is divided into classes, the enterprise may be targeted at other data policies of cloud computing applications to deploy, enterprises also decide whether to allow users to directly access to their hosted cloud computing server, The advantage of this is that users will be easier to upload data and downloads, but again, the downside is that data security is getting the threat factor rising.
In determining where existing policies overlap with new cloud policies, check to see if the cloud technology vendors considered by the enterprise are compliant with your policies. "If the cloud supplier does not have any policies or controls that the company wants, it needs to consider whether the supplier applies to the company," Hazdra said. ”
Find the location of data storage
The physical location of the data involves legal and privacy issues. Can the cloud service provider move data from the enterprise to the outside? Does the supplier agree to keep the enterprise's data in a specific data center? If the supplier policy does not meet all the requirements of the enterprise, what data should be kept within the enterprise? From these issues, data classification is important.
For data that the enterprise holds in the public cloud, business managers will certainly want to get the data security information from the cloud service provider, especially when it comes to SaaS, a problem that software developers have been working on to improve the performance of their programs, sometimes in conflict with good security. Sometimes developers are allowed to turn off security features to achieve the required level of performance. Enterprises need to prioritize security and performance.
In addition, whether the performance of the cloud services infrastructure is directly proportional to the enterprise's investment in cloud computing and a point that enterprise users deserve to consider, it is particularly important to carefully consider the standards and priorities of cloud computing services, as the enterprise needs to prioritize and ensure that cloud vendor policies conform to the enterprise's expectations.
If the enterprise is now considering a full cloud security policy, it will take a moment to think about who will authorize or approve the agreement with the cloud vendor, which would make it easier for individual employees to work, but would also put enterprise data at risk. Specify a specific location to set up a cloud service for work purposes and consider the specific consequences of violating policies. >>
Cloud computing security who's going to pay?
The core issue of cloud computing is security, so it's hard to say who is responsible for security issues, and it might be a headache for many of the cloud computing industry's friends, but it's difficult to define whether it's a SaaS service provider or an IaaS service provider, but, anyway, For the security policies and data information provided by these providers, enterprise users should also be responsible for their own data security.
Whoever is handling this information. If you are looking for an infrastructure provider, you must ensure that the supplier fulfills its commitments, whether through performance, inspection, or discussion with the cloud vendor on specific details. As enterprises move to SaaS, implementing acceptable use, privacy, encryption, and data mining policies remains a business responsibility. CIOs must also ensure that cloud providers follow their own policies.
Edited words
Cloud security is not a short-term topic, cloud computing to long-term development and by individuals and business users trust and attention, data security issues must be in the first place, otherwise cloud services strategy is like rowing, our future work and life must be inseparable from the cloud, a large number of data are placed in the cloud, Convenience at the same time security issues can not be overlooked.