Ten security risks and suggestions for public cloud computing

There are so many risks to public cloud computing that there are definitely more than 10. Professional organizations and CIOs are organizing a list of risks to strengthen their control of the public cloud, which will continue to permeate the enterprise IT environment, whether they want to or not.





Some of the most important risk lists for public cloud computing are extensive and complex, such as the Cloud Security Alliance's 1.0 release of the important risks of cloud computing. Most risk lists include the following:





1, network security





from the point of view of IT managers, this one is still the first to be ahead. This article also includes some data protection and privacy subcategories, from the physical security and application security of software that is a service provider (SaaS), as well as over advertising leaks.





Steve MacLellan, senior vice president of the Financial Services Enterprise architecture at the Boston Fidelity Technology Group, said, "Trust me, I am saas-y" is not a market. He added that it was important to ask them about security strategies, to inspect their data centers, and to ensure that the data was physically safe.





then, try your best to protect the data. "We make sure that our data is encrypted when we leave it, which is done in the data center before the problem occurs," said Peter Toth, the IT operations manager at the GfK Customization Institute in Princeton, New Jersey, a division of the German Research and Development Corporation GfK Group. ”





for others, security is no longer a threat in cloud computing, but a matter for others in their own backyard. "I want to say that clouds (and even public clouds) are not inherently safer or less secure than your internal environment," says Rich Mogull, the CEO and analyst at Securosis LLC, a Phoenix consulting firm. It all depends on what kind of control is used and how you implement it. ”





2, Identity management





Passwords are a problem, especially since the insurgents now have computational power to sabotage (interestingly, they can use the computational power of the public cloud). The federal government is working on the development of the federal ID ecosystem, which protects against cyber-disruptive elements. Earlier this month, the Obama administration announced it would create a credible online identity program led by the new National Planning Office, headed by the Ministry of Commerce.





3, Compliance





in terms of boundaries, they may actually be virtual, but they may also be physical. The new rules limit where and how long the physical data for financial services, health care and insurance will reside. MacLellan said: "Indeed, we have also heard some (about complying with these new rules), the provision of the environment is somewhat unfriendly", may refute the ' cloud is a free-trade zone ' concept. For example, some information may not cross national boundaries, but it is almost impossible to know where the public cloud data is kept. In addition, Drue Reeves, the vice president of Gartner and a leading analyst, believes that the burden on cloud customers is to ensure that cloud providers comply with rules that affect their company's data.





4, Data integration





the risk of using a public cloud service is the natural consolidation of data in a cloud silo. It is not easy to integrate the data that resides in the cloud service with the enterprise back-end system. Especially if the enterprise has not experienced organization-level information integration challenges. James Staten, vice president and chief analyst at the Forrester Research company in Cambridge, Massachusetts, argues that companies that have set their data to be easy enough to use across multiple platforms are in the best position to play the full advantage of cloud services.





in accordance with the EMC Corporate Information Leadership Board, an IT executive, whose members are primarily discussing the challenges of cloud computing, it is also important to develop the habit of encrypting data, marking stable data and consolidating the storage asset Library. The organization recommends that the number of cloud platforms that must be supported should be minimized by avoiding a large number of integration efforts.





Cloud experts also suggest that the use of ETL (extract, transform, load) tool can simplify the data from one format to another format conversion. The goal is to convert information into a common format-most likely to be translated into Extensible Markup Language (or XML)-so that the data is easier to move and search.





5, Manufacturer lock





This thorny issue boils down to the issue of standard interoperability changes among different cloud service providers. We assume that you don't like your public cloud vendor's policy changes and would like to select another vendor. In this case, the cloud may appear to be known as the Babel problem, although many vendors are providing better interoperability. Microsoft's Azure platform was meant to be directly connected. NET, now there is also an open source software development Toolkit to support developers using the PHP scripting language, while the Salesforce.com company's once dedicated force.com development platform also supports Java application development.





Tom Bittman, a renowned analyst at Gartner, claims that there are 10,000 suppliers of such or such services currently involved in cloud service. "We need someone to help us judge it," he said. He predicts that cloud brokers will rise as new system integrators, and they will help businesses do data integration between back-end systems and cloud services. He also predicts that by 2015, 20% of cloud services will be carried out through cloud service proxies, rather than direct interactions, now at 5%.





this "simultaneous" may also be the result of integration between cloud service providers. As competition intensifies, smaller suppliers will not necessarily fail. Choosing the right suppliers according to Bittman is one of the key decisions that it executives will make this year. "We see some suppliers fail and the data is lost," he said. "12 Next