Seven Sins of revealing cloud safety

According to the IDG Group's Computerworld website, security experts say companies that choose cloud computing may be familiar with the concepts of multiple leases (multi-tenancy, where multiple companies host their data and business processes in the same server group of SaaS Services) and virtualization, But that does not mean they fully understand the security of cloud computing. Cloud Security Alliance (CSA) executive Director Jim Reavis believes that cloud computing is actually a combination of technologies to create an application with a unique management system. This is a new chapter in the computer age, and while all this sounds familiar, there is a difference as long as you understand it. The speed with which companies use cloud computing often surprises security experts, and security experts reavis that companies should take a more pragmatic approach, such as using risk assessments to understand real risks and how to mitigate them, before deciding whether to deploy cloud computing technology. The Cloud Security alliance, together with Hewlett-Packard, lists seven sins of cloud computing, based mainly on findings from 29 companies, technology suppliers and consultancy firms. 1. Data Loss/disclosure: Cloud Computing in the security control of data is not very ideal, API access control and key generation, storage and management deficiencies can cause data leakage, and may also lack the necessary data destruction policy. 2. Shared technology vulnerabilities: In cloud computing, simple error configurations can have a serious impact because many virtual servers in the cloud computing environment share the same configuration, so a service level agreement (SLA) must be implemented for network and server configurations to ensure that hotfixes are installed and best practices are implemented in a timely manner. 3. The Mole: Cloud computing service providers of staff background investigation may be different from the enterprise data access control, many vendors do a good job in this area, but not enough, the enterprise needs to evaluate the supplier and propose how to filter the staff's plan. 4. Accounts, services and communication hijacking: a lot of data, applications and resources are concentrated in the cloud, and cloud computing if the authentication mechanism is weak, the intruder can easily access the user account and log into the client's virtual machine, it is recommended to proactively monitor the threat, and the use of two-factor authentication mechanism. 5. Insecure application interfaces: in developing applications, businesses must view cloud computing as a new platform, rather than outsourcing. During the lifecycle of an application, a rigorous audit process must be deployed, and developers can use certain guidelines to handle authentication, access control, and encryption. 6. Cloud computing is not used correctly: in the use of technology, hackers may progress faster than technicians, hackers are often able to quickly deploy new attack technology in the cloud of freedom to travel. 7. Unknown risk: Transparency issues have been troubling cloud service providers, account users use only the front-end interface, they do not know what their suppliers are using the platform or repair level. The chief technology of HP, a cloud service providerArchie Reed, the operative officer, says the seven sins of the cloud are not comprehensive, but they are very important, and they can guide how to use cloud computing correctly. Seven of sins indicate that the cloud security situation is changing very quickly, that security technicians must understand the factors that affect their work, including government law and industry standards, and that they should be aware of whether these factors are properly applied to the risk assessment methodology and whether the methods are periodically modified. There is no doubt that cloud computing does give us new opportunities, but this new technology also means that suppliers ' solutions and technologies are evolving. While companies can trust cloud computing, they cannot deliver all the responsibility to cloud computing, and companies must manage the data or programs in the cloud. "Editorial recommendations" cloud security is beautiful but only blooming blooming "one now"? Precision, efficiency and low cost--the topic of cloud security Technology "responsible editor: Xu Fengli TEL: (010) 68476606" Original: Secrets of cloud Safety Seven sins return to network security home