Cloud computing is accompanied by a variety of security risks. Amazon's EC2 service and Google's http://www.aliyun.com/zixun/aggregation/13936.html ">google App engine are examples of cloud computing services." Before a supplier is approved, smart users often ask a series of sharp questions and consider obtaining a security assessment report from an independent third party.
Cloud-specific attributes determine the importance of risk assessment, including data integrity protection, recoverability after failure, and privacy. In addition, legal assessments such as e-discovery (electronic discovery) and auditing are also essential. Here are seven risks that users need to guard against before selecting a vendor:
Priority access
As cloud computing service providers use internal procedures to circumvent physical, logical, and personal controls, sensitive data is at risk of being stolen during processing, so it is critical to have as much information as possible to manage the data-related people. The user needs to ask the vendor for details of the hiring and supervision of their preferred access management personnel.
Supervision
Even if the data is in the hands of the service provider, the user is the final 618.html "> responsible for its data security and integrity." Traditional service providers need to be supervised in such ways as external audits and security certifications, which are also essential for cloud computing service providers. For suppliers who refuse to be inspected, the user is best to avoid.
Data positioning
When users enjoy cloud computing services, they are likely to know nothing about the location of the data or even what country it is stored in. Therefore, users need to ask the vendor if they are storing and processing data in a particular region, and whether they are committed to complying with local privacy protection requirements.
Data segmentation
Typically, data in a cloud has many users in a shared environment. Although encryption is valid, it is not omnipotent. Therefore, users need to verify the way the data is split. Cloud computing service providers should provide evidence that their encryption schemes are designed and tested by experienced experts. Encryption accidents can cause data to be completely paralyzed, even if the general encryption is improper can cause data availability complication.
Data recovery
Even if you do not know the location of the data, users should understand what problems their data will face in extreme cases and how they will be handled. Users are at great risk if cloud computing service providers cannot replicate data from different sources and recover applications. As a result, users need to be informed of the vendor's ability to fully recover the damaged data and the time required for recovery.
Investigation support
In the area of cloud computing, it is almost impossible to investigate improper or illegal activities. Because the large number of users ' records and data may be in one place and are likely to be delivered in different hosts and data centers, it is difficult to investigate in cloud computing services. The investigation and disclosure requirements will not be possible without suppliers supporting contractual commitments for various types of investigations, and their effective support for evidence of various investigations.
Long-term development risk
In general, it is desirable that cloud computing providers continue to operate without bankruptcy or annexation. In the event of an unexpected situation, the user must ensure that the data is still available. As a result, users need to consult with cloud computing service providers on how to retrieve data when mergers and acquisitions occur. (
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.