Taking stock of the risk of data outsourcing industry in cloud era

First, cloud computing data outsourcing needs to consider

However, no http://www.aliyun.com/zixun/aggregation/8876.html "> Free lunch, Cloud computing data outsourcing cannot solve legal risks ( This is a key issue that accompanies third parties ' knowledge of data storage and transmission locations. This issue is discussed in this article. The following points must be taken into account when an enterprise decides to adopt a third-party cloud computing solution.

First of all, it is of course necessary to define what we are talking about, because there are many definitions for "cloud computing." Recently, a well-known CIO defined it as: The virtual server is controlled by an organization, and the computing technology that the end user can access through the network. We define "cloud computing" as the service delivery of commercial software, the application of software and the data stored on virtual servers over the network. Cloud Computing provides a commercial enterprise technology: The infrastructure is the service, the software is the service, and the platform is the service, all these service offerings are online and under the Web2.0 framework. When a third party controls any part of the cloud, relevant data security, privacy, and regulatory issues arise. In a way, the problem arises when the data line is replaced by a communication scheme that bundles data from n companies. Third parties try to fully improve the efficiency of virtualization technology, and the traditional enterprise own functions (infrastructure, system platform and software) commercialization, at the same time, legal risks have emerged. The benefit of

Third-party Solutions is that commercial software is well established. From Third-party software solution vendors that leverage multi-user requirements to outsourced infrastructure vendors, which invest in technology solutions that are faster and newer than a single user, third parties can achieve economies of scale while reducing the cost of delivering functionality. However, there is an inherent risk of profitability, the following is the cloud computing data outsourcing needs to focus on the risk issues.

Cloud Data Outsourcing risk performance: Data storage and transfer

in traditional outsourcing agreements, users can negotiate with suppliers about the control of data storage locations, including where the backup process is conducted. In this way, both users and vendors can understand what kind of management method should be provided for the transmission regulations of relevant data. However, outsourcing of cloud computing is cost-effective because vendors can move data anywhere in the world or send data from one enterprise to different locations, depending on capacity, application, and bandwidth. Increased degrees of freedom will result in processing processes that do not comply with many of the world's data-storage and transfer-related regulations.

For example, early cloud vendors allow customers to control the location of data storage for certain technologies through "available zones." Because each country's data transfer regulations are different, the cloudThe vendor may store the data in a predetermined area (e.g., the European Economic Area); With this approach, data can be continuously transferred from the vendor's European servers without a problem with the rules because the data is stored in specific licensed areas.

Data Security

Data security and data protection is often a major concern in outsourcing plans. The outsourcing agreement plan precisely sets the safety management technology that the supplier must adopt. The implementation of these security management plans is driven by the protection rules of sensitive data (personal data or financial data). How do you control it with cloud computing solutions? The CEO of Cisco says that cloud computing is like a nightmare of data security and cannot be controlled in the traditional way. For most companies, data security and data protection are the biggest obstacles to outsourcing cloud computing technology to applications that contain sensitive or confidential data.

Therefore, signing an outsourcing contract with a cloud vendor requires a more careful and less inclusive term and condition. Users should be concerned about whether cloud computing solutions guarantee data compliance, and ultimately, users will rely on vendor-supplied solution texts and believe that compliance is ensured (whether directly-for example, banking or medical software, or indirectly, such as interpreting specific data storage locations). As a result, the failure of the supplier to implement the user data processing process is deemed to fail to comply with the service description and be subject to compensation under the contract.

As with any outsourced program, it is a critical step to review the vendor's solutions to determine control over data access. Does this vendor solution implement restrictions on enterprise data access and implement monitoring of visitors (so you know who has accessed which data)? What specifications need to be encrypted? How often is the data archived? Are all of the application software and software in the latest security upgrades? Whether the security level agreement includes this clause: the maintenance of the security system is a performance parameter.

(Executive Editor: admin)