Secrets of cloud Security Seven deadly Sins

HP and Cloud Security Alliance recently enumerated Izumo Security Seven sins, if you want to move your application into the cloud, it is better to know the "guilt" in advance. See if you or your cloud service have committed these crimes?

Data Loss/Disclosure

So far there has been no widely recognized security level that can control data security in the cloud. Some applications leak data because of weak API access control and key generation, storage, and mismanagement. And good data destruction strategies do not exist.

Sharing technology Vulnerabilities

In the cloud, an incorrect configuration parameter may be replicated across the entire network environment, that is, many virtual machines share the same configuration parameters. The solution that can be considered is to enforce service level agreements (SLAs) for patch management and to implement best practices for network and server configurations.

A spiteful insider.

The level of background review that a cloud service provider performs against its personnel may vary depending on the enterprise's need to control access to the data center. Many cloud service providers provide good services, but there is a serious information asymmetry between the entrusted enterprises. The evaluation of the Executive service provider should be considered and the audit level of the service provider should be planned.

accounts, services and traffic hijacking

Enterprises have a large number of data, applications and resources concentrated in the cloud, and if the cloud service provider certification loopholes, then the intruder can easily access the customer's account, and then control the customer's virtual machine. It is suggested that the risk should be monitored beforehand and double factor safety authentication.

Unsafe application programming interfaces (APIs)

It's important to think of the cloud as a new platform, not just a place to outsource application development. Data verification procedures should be implemented throughout the life cycle of the application, and developers should understand and implement certain guidelines related to security authentication, access control, and encryption.

Misuse and malicious use of cloud computing

Bad people use cloud computing more aggressively than good people. We see a lot of hackers who are good at combining new threats with the rapid integration of cloud computing, and can easily expand or shrink the scale of the threat. All it takes is a credit card to open the floodgates of mass threats.

Unknown risk

The issue of transparency will continue to haunt cloud providers. Users who have accounts only interact with the front-end interface and do not actually know what's on the back end. Who knows what platform the service provider uses, and what level of patches?