Cloud security issues have you considered it? Due to the expensive maintenance of hardware and software within the enterprise, it is logical to give the enterprise IT architecture to cloud computing. The main advantages include: when it architecture is offered to you as an Internet service, you no longer need to have the expertise or control, you just have to give everything to cloud computing, and the price is very affordable. But as with all new technologies, too many people are deploying cloud computing solutions that have not yet been able to consider cloud security issues. Ford Motor Company's security advisor and senior Web design architect Matt Schneider I'm very interested in cloud security, and we're currently developing a Web application to provide secure email, chat, message boards and collaboration platforms to the public, At the same time, everything in our network and database server is protected with powerful encryption and key. As a web developer, I know that developers will preach that they are doing their best to protect user data, although they simply store user data in plain text on a shared site. In most cases, your personal information is worthless to other people and to the sites you visit, and people are always too trusting in the Web application to expose their information. Most of the Internet data is unimportant data that is rarely stolen or destroyed, but it is inevitable that we are talking about confidential information in forums or chat tools that happen to be intercepted by someone. How much attention do ordinary users have to cloud computing? Probably most people have not thought about cloud computing, just like the recent attacks on Facebook and Twitter, and if users are really worried about information security, they should stop using those platforms. For a website, especially those users disclose important personal information of the site, whether the security can be mainly reflected in the following aspects: SSL Connection • Credit certification (such as VeriSign and GeoTrust certification, etc. 0) • Multiple credibility certification (VERISGN, McAffee and BBB, etc.) • Credible company name • Extensive publicity • Media referrals • A large number of user groups I think the above conditions can basically determine whether a website can protect the important information of customers. Typically, users trust a Web site to protect their data based on their own judgment, even if they don't know how the site protects their data or storage location. But is it really safe? CEO and CTO Terry Woloszyn of Ontario Prov. Perspecsys, Canada: When someone wants to adopt a cloud-based application, they usually need to ensure that these factors: privacy, storage location, and security (PRS). There are two main categories of cloud security: Data security provided by cloud computing providers and data safety before the cloud vendor firewall and user authentication. So before you consider what a cloud problem is, you need to create a taxonomy. WiKibon Project's partner and principal research director Michael Versace: Some people portray cloud security as too complex. Security is a risk-based rule, and users first need to understand the risks inherent in cloud services, and then deploy the best entrepreneurial/management/business processes and technology controls to manage risk and control risk to an acceptable level. Network security advisor George Moraetes: Cloud computing is a business concept, commonly known as SaaS (software as a service), PaaS (Platform-Service), and IaaS (infrastructure or services). In fact, it refers to outsourcing data centers to Third-party vendors (claiming that their products are the best and safest products), the problem is that each system is considered reliable in cloud computing and there is virtually no secure system. Let's first analyze the cloud as an outsourced data center that provides computing services to the enterprise. If the services provided are software, platforms, or infrastructure, then the security of these special services should be the same as that of non-outsourced services that protect compliance with industry best practices, but is that the case? Can companies really control the security of outsourced data? Can security itself be outsourced as protection of data and transactions? ? Can companies explain to suppliers how to protect their data? When the data is outsourced to a third party, who holds the data? Where is the data stored? And who controls the data? These are related to the legal liability of data breaches. In fact, cloud computing may cause more security losses than the cost of deploying local services, and from a legal standpoint, it is best to ensure that outsourced third parties that advocate the ability to run their data center protection data can truly meet their commitments. I think cloud security should be like this: be able to ensure that the technology and operations deployed by the traditional data center of the enterprise are also available to third party suppliers. Rather than cloud security, including legitimacy, best practices, and industry standards, these control security frameworks, which have become hot issues, are extremely attractive because of cost issues. KVH Information Security Manager Venkatesh Ravindran: As we all know, basic security is based on availability, integrity, and confidentiality, and cloud security must address these basic security issues. The following security issues are mainly covered in another perspective: • Network perimeter security (perimeter security deployed by cloud computing security vendors) • Network communications Security (communication between customers and cloud security providers) • Application/Platform Security (this is the most challenging part because most applications or platforms are multiple) • Data security • Laws and regulations and compliance maricom System Company's main architect/CSO Wing Ko: I agree with George Moraetes that cloud computing is just a data center outsourcing. Although different modes (*AAS), how they are used, and how vendors deploy services, cloud security is more complex than traditional data center outsourcing.Having said that, I agree with Mike Versace that we should provide some basic ways to help people understand and ask questions that I have always used as rain (below), which is a proven planning and analysis method: • (R) Equirement Requirements: Understand your business needs, from which technical requirements, non technical requirements, management requirements and security requirements. • (A) nalysis analysis: Start with your business requirements, analyze the tasks or services that you want or can outsource, and identify who is responsible for those tasks so as not to increase the difficulty of later work. Risk analysis is then carried out, particularly from cloud connectivity, multiplicity, local data privacy regulations, and business continuity considerations. • (I) Nterface interface: Clearly define system and user interface. Who is responsible for contacting the supplier or advising the supplier on the issue? What APIs or Web pages are used? How to use it? What is the result of the return? The more interface/contact points, the higher the probability of data leakage E (N) throaty ensure that the services are verified and guaranteed to be performed according to the terms. Test the results sent by the supplier to ensure that it is sent in the format that you expect, audit or pen-test, perform the operations of the vendor run Cloud Security Summary The widespread use of cloud computing technology makes businesses increasingly reliant on cloud infrastructure and virtual resources provided as Internet services, but security experts worry that Many companies do not consider risk before they go into cloud computing. "Editorial recommendations" cloud security is a prerequisite for cloud computing in the context of cloud computing the security of mobile devices in the age of clouds cloud: standard not yet unified blindly building cloud computing by "hot" SMEs performance "calm" Cloud-based data protection strategy is the general trend Cloud security ABC: Cloud business data is safe cloud computing: Governance and Security "responsible editor: Liyan TEL: (010) 68476606" Original: It experts on cloud security definition of six views back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.