How to view cloud security risks lurking in large data projects
Source: Internet
Author: User
KeywordsRepresents security large data items cloud security
David Barton, head of technical support at UHY Advisors, a business consultancy, says many companies use cloud computing services from Amazon's resilient cloud computing, Microsoft Windows Azure, or other cloud infrastructure providers to do large data analysis, Because large data analysis projects often require sufficient computational power to perform large-scale data analysis. While these cloud services can help businesses capture, manage, and analyze TB-structured and unstructured data, these services can risk data leaks, hijacking of accounts or services, or abuse if the system is not protected or regulated.
At the large data security meeting of MIS training Cato, a monitoring and information security training facility, Barton said that often business units bypassed the IT team using credit cards to rent cloud computing infrastructure. Executives want to get the most out of the data, and they want it to happen in a short time.
"The main driving force for most large data projects is not security, but sales," Barton says. "Rapid analysis and deployment are the main reasons for using cloud computing, and data security and privacy slows that, so business units try to circumvent it teams." ”
Cloud Security Alliance and other organizations have clearly identified the potential risks of cloud computing. Experts say a large number of inappropriate cloud deployments offer potential business opportunities for channel solution providers. For leasing computing power, infrastructure, or service providers, is usually the cheapest option, but "cheap stuff" also poses the greatest risk. Unless the enterprise chooses to rent a private cloud, the infrastructure in the public cloud environment is often shared with other users, and the location of the data is often uncertain, increasing the risk of data leakage.
In addition to sharing the infrastructure, these systems may also "share" technical vulnerabilities, making them vulnerable to attackers. For example, a denial of service attack could cause a cloud service outage and leave the system inaccessible for a long time.
Tools associated with large data are often less secure, Barton says. For example, Hadoop, which is commonly used for in-depth analysis of large amounts of data, lacks security features and often defaults to "Accept All Access".
Barton recommends that Hadoop users deploy Kerberos to protect the security of information, and Kerberos is a network authentication protocol. The protocol is supported in Hadoop but is not widely used.
In addition, the enterprise should deploy file encryption and key management to protect the data. The server needs to be validated to ensure that the necessary security measures are taken when each node is networked. "Before you connect to a new node, make sure that it Barton the security measures taken by the other nodes," he said. ”
When investigating security failures, log management and active viewing of logs can help identify attacks, diagnose failures, and assist IT teams. Enterprises should also adopt SSL and TLS security protocols when transmitting sensitive information.
As an auditor, Barton says he usually also looks at documents that demonstrate the company's periodic checks and controls, and whether policies are deployed. Security policies must be communicated effectively and have implementation mechanisms.
"Big data is closely related to cloud computing, so cloud risk equates to big data risks," Barton says. "The key question is: Is your business able to take on the risks it faces?"
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.