Where is the bad security of cloud computing a problem?

Cloud computing security issues have always been a concern! Here's the annoying thing: last month, a hacker claimed to have entered many government, military and university websites, only because the sites were weak and easily hacked.

Cloud computing bad security, where is the problem!

Consider if the hacked sites were sold by hackers at less than 500 dollars: the Michigan and Utah State government sites, the South Carolina State National Guard website, Italian and Arab government agencies, and perhaps most of all, the U.S. Army Communications Electronics Command for Battlefield systems Software engineering, These departments should be most prepared to write procedures to prevent hackers from attacking.

Worse, hackers need only use SQL injection and buffer overflow to hack the site, these hackers do not require professional hacker knowledge, as long as a simple script.

Of course, these attacks are also easy to avoid, as long as the programmer set the parameters to ensure the input system's data validity. For example, if the form requires a user name, but the data entered is a SQL code fragment or a 50,002 byte, it should be denied access--not to the background for validation.

But validating the validity of the input data requires an extra piece of code that will slow down the Web server. The result is that many programmers and many programming tools will give up active validation because they are chasing speed, the quicker the response is better, right?

It's not a coincidence, it's a philosophy--speed affects everyone from programmers to network managers, whether it's in the education industry, software vendors, or hardware vendors.

After all, the faster the servers run in cloud computing, the more customers can be serviced by cloud providers at the same cost. When your profits become efficient, speed is money.

Security？ This is an expensive project. You can conclude that it is not a matter of paramount concern for a supplier to cut costs--his contract may contain a normal operating guarantee, but it does not contain security-related terms, which should be in your own data center.

You can't change the "speed first" principle, so if you want to keep your cloud environment safe, you have to proactively address this issue, and you can proactively ask for security-related terms in the contract, including allowing you to do security testing based on your enterprise's own cloud application.

Then you have to spend some money on security tests, hire some "moral hackers" to attack your cloud computing applications, and constantly improve the security of the system, which is a continuing task, because today's security does not mean that it is safe tomorrow.

Is that a bit over the question? Maybe--but that's the only way you'll be verifying the security of your cloud environment. If you don't, you can be sure that hackers will find you sooner or later.