Cloud computing's huge appeal calls for companies to invest in her thin embrace, in China, the level of cloud computing is not as rich as the developed countries, but also in full swing to develop. So, in the "cloud" process, enterprises should be concerned about what issues? What are the top priorities? How do companies ensure safety?
On cloud security issues, how companies are "intimate" with the cloud is critical. Whether the enterprise is outsourcing and using cloud-based applications, or putting its own applications in the cloud, this is closely related to how the cloud is secured. Especially with the increasing application of mobile devices in enterprises, the solution to authenticate users and their devices is an important topic in the future development of cloud.
Organizations need to deploy authentication and encryption. It is important to ensure that channels in and out of the cloud are protected, especially in the case of today's mobile devices that often access cloud-based applications.
With the extensive use of enterprise mobile devices, new security issues will be created. But companies should focus on "self-contained devices", which is a very realistic challenge for the company's chief information security officer and enterprise. Previously, employees used the equipment distributed by the company so that the company could control the equipment and safety issues. But with the widespread use of mobile devices such as tablets and smartphones, the security situation has quietly changed. Many companies have acquiesced in the "self-contained devices" of their employees, but have not taken into account the risks involved, nor have they developed a security strategy.
To cope with the new security challenges that employees bring to enterprise data and cloud computing, the enterprise should first know who a device belongs to.
The next step is to authenticate the device and use several different levels of authentication. First of all, access to the mobile device authentication, the user needs a username and password to access the device, this is the minimum. But enterprises should also establish other security mechanisms, such as the tools that require employees to install Anti-malware code on smart devices.
Second, it is necessary to review whether the devices that have been granted access to the company's network resources are indeed required. In addition, companies need to use digital signatures on mobile devices, and using usernames and passwords alone is not enough. Because today's mobile devices can easily access e-mail and different applications in the cloud, it is increasingly important to secure the security of the device itself and the data on it.
Therefore, at least two aspects of authentication, the first is the identity of the person who owns the device, the second is to authenticate the device itself, through these certification to ensure the legality of users and equipment.
Finally, a sound certification can not be separated from the implementation of people. Talent is the weakest link in the chain of safety. Enterprises to do a good job of staff safety education and training, to prevent employees from being phishing attacks and social engineering attacks, to better protect the mobile devices under the conditions of the cloud and data security.