So far, the Cloud Security Alliance has issued reports on more than one occasion, advising and urging companies to take measures to better protect cloud services. The Cloud Security Alliance's new report defines the definition of cloud computing as well as the definition of the international Standards and Technology Association (NIST), as well as the need for self service, broadband network access, resource sharing, rapid configuration and scalability, metering and usage. NIST also divides cloud services into three categories: software services (SaaS), where applications are provided by service providers, and platform services, where providers provide tools and programming languages, customers develop and deploy their own applications, and infrastructure services, where the service provider provides a hardware platform with a network for customers to use. "Security is a key area to focus on in the V2.1 version of cloud computing guidance." "The importance of cloud security was mentioned in some of the earlier drafts of the bill, and the security issues were distributed in 76 pages of 13 areas, each of which included more specific recommendations," abbreviated. The paper recommends that cloud service providers use ISO/IEC 27001 Information security standards to build information security management system. Customers should carefully verify the qualification of suppliers, and also see whether their plans are in accordance with the certification standards and requirements. At the very least, suppliers should show their customers that their practices are based on ISO 27002 standards. The report points out that customers need to be clearly aware of the type of cloud service they are buying and how they need to take responsibility for the security of data and the management of their applications. Amazon's EC2 infrastructure, for example, serves as the address of a service entity, providing security for the environment and virtualization, rather than the security of operating systems, applications, and data itself in virtual situations. Through the cloud services provided by Salesforce.com CRM software, the service provider must be responsible for all security, including applications and data. Companies must fully understand the safety measures of their suppliers, or risk compromising their data security. "Unless cloud providers are willing to disclose their security controls to their customers and the scope and extent of their implementation, consumers will know which controls are necessary to keep their information secure, or they will cause customers to make wrong decisions and have significant risks." "the report said. The report notes that, in general, potential users of cloud services need to assess the importance of data and the security of the business, and provide relevant proof to vendors. "For any security-related aspect, the enterprise should take a risk-averse approach to the cloud computing environment and choose a safe way." "the report said. To this end, the report recommends the following steps: 1, carefully consider and determine what data or functions run in the cloud environment; 2. Assess the importance of the data or function to the enterprise; 3. Determine what kind of cloud to take: public cloud, private cloud, community, mixed cloud; 4. Assess the extent to which existing control measures reduce risk; 5, draw out and exit. Cloud data flow diagram to determine the exposure point of risk.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.