KeywordsCloud computing data security cloud security cloud security
More and more enterprises are expected to adopt cloud technology in the next 12 months, including architecture as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and private cloud. However, in terms of cloud computing security, there is a question mark on the head. The concept of cloud computing, which keeps corporate data in a data center outside the corporate firewall, and accesses it over the Internet, does make many businesses feel unreliable. Although security needs to be considered for any enterprise technology project, because of the fact that data is moved, stored, and accessed differently in the cloud, its security issues are more important than other technical projects. Should companies worry about cloud computing security? Cloud Computing does raise a new set of security issues than traditional technology projects, but cloud computing is actually more secure than traditional technology projects from an expert standpoint. Ovum's chief analyst, Graham Titterington, argues that cloud-computing providers Value data security much more than the intranet security managers of ordinary companies. Titterington said: "Most of the enterprise internal security technicians are not like cloud service providers to provide quality security services, cloud service providers not only have a professional security level, but also has a certain reputation, which is very important in the industry." So once a service provider has a security problem, the service will suffer a devastating blow, especially at a time when most companies are on the sidelines. He added: "For about 95% of today's companies, the security of using cloud services is more reliable than their own security systems within the enterprise." Hackers are far less difficult to hack into an enterprise's internal servers than to invade a cloud service environment. Bob Tarzey, Quocirca's manager, said that building a private cloud within the corporate firewall would not pose any additional security risks and that the only security problem might be the virtual machine, but most of the problems had already been resolved. Tarzey agrees with Titterington's view that professional cloud service providers are more secure than their own security systems, saying: "One of the things that businesses can easily overlook is that the architecture used by cloud service providers is state-of-the-art, in advanced data centers, This is far more secure than an enterprise's own internal network, and more satisfying business continuity requirements. "Eduardo Ustaran, general manager of the Field Fisher Waterhouse law firm, also believes that the data security implications of cloud computing are no more security risks than outsourcing the enterprise IT services." Because cloud computing is backing up data in different locations, it is much more secure than the traditional approach. Ustaran says that from a customer's point of view, thisIt feels easier to lose control of the data, he said: "In the face of potential customers, cloud service providers must be very careful about this issue, and let customers understand that the security provided by the suppliers is far from what they had previously imagined." "While cloud service providers can achieve high levels of security, companies still need to be aware of the issues before cloud services move forward, so that cloud computing can be implemented as securely as possible." Data movement Traditional enterprise internal computing differs from cloud computing in that the latter needs to transmit data between cloud providers and customers over the Internet, and some companies believe the process is likely to have security implications. In fact, today's network technology has been able to enable companies to transfer data on the Internet to ensure data security, not by malicious elements to monitor and intercept. "Today's network has become more and more secure," Ustaran said in an interview with Silicon.com, "and it is now safe to transmit data over the network compared to the previously open network." Ovum Titterington added: "SSL and vpn-types of technology can be very good on the public network for data security transmission." "Encrypting data is another way to enhance security when data is passed between customers and service providers." This means that data is secure, either within the enterprise or in the cloud service environment, or stored in a cloud service environment. The physical movement and storage of data in the cloud architecture is also strictly legal, so this cannot be overlooked when discussing cloud computing. In Europe, for example, personal data can only be transferred to other EU countries, such as the United States, which has a secure port agreement. If the cloud service provider backs up the enterprise's data in two servers located in different locations (typically not in the United States, or in different countries), the enterprise may worry about whether the data will eventually be lost. While this concern is justified, it can be resolved through negotiations with service providers. "No matter where the data is in the world, as long as there is good security, geography shouldn't be a problem," says Ustaran of Field Fisher Waterhouse. "Titterington believes that companies should be sure that their data are kept in a zone without a safe haven agreement. "Can companies get the guarantees they need from suppliers? Does the supplier have a similar safe haven agreement or are you signing a similar agreement with those areas?" he said. Once the company is pleased to see that suppliers can provide the appropriate materials, they will gladly sign the relevant cloud services agreement because they know their data will be guaranteed when they migrate. Titterington that if data is encrypted during transmission and storage, there is no need to worry about the security of its storage in a Third-party data center. If, in addition to the enterprise itself, other institutions and individuals can not interpret the data content, then the data movement is not muchSecurity requirements. Shipping vendors know that businesses are concerned about the geographic location of data stores, and the new security issues of data, so that business concerns are lifted in major markets through more open cloud data centers. Ensure information security stored in the cloud environment once the data has reached the storage location of the cloud platform, the next step of data security is initiated. Titterington said: "In general, the actual transmission phase is the least worrying stage, when the user is concerned about how the data will be stored." "The use of access control technology is critical to cloud technology," he said, "and access control must be Titterington." The gateway to cloud services is always internet-oriented, whether it's software as a service (SaaS), platform as a service (PaaS) or architecture as a service (IaaS) model. Only the access control mechanism works between the open environment and the enterprise data. "Ovum recommends that organizations integrate access control into their own cloud services so that internal and external identity authentication and login systems are synchronized, reducing the chance of security risks." Businesses also need to make sure they get the latest data access records. This strategy means that once a user leaves the office environment, their access rights are immediately withdrawn, so they cannot access the cloud services from an unauthorized system outside the office location. As with the data transfer process, it also requires data encryption to improve the security of the information. Ovum's Titterington says that some encryption technologies allow businesses to keep the keys used by data encryption in the cloud, so that only people with full control can view the decrypted information in the virtual machine. Titterington said: "There is already data encryption technology for the cloud environment, enterprises should consider using." "Another problem that businesses consider about data storage in a cloud environment is that it is possible to store data in close proximity to their own, or to store in a nearby virtual machine, the competitor's data." Analysts say that data-mixed storage and even access by the wrong user are largely unlikely to happen. Ustaran of Field Fisher Waterhouse said: "I've never seen that service provider mix data from different customers and be accessed by wrong customers." Titterington added: "For most organizations, the technology and architecture they use to create cloud architectures is used to prevent data cross-contamination." "Compliant cloud when considering cloud services, companies should first consider which of their business flows are best suited to cloud services and keep in mind compliance with regulatory rules such as the Oxley Bill. For example, financial information is generally seen as not suitable for cloud computing, because there are too many regulatory systems around financial information in other areas of information. TitteringtonAs a result, cloud service providers are taking the opportunity to give a more detailed account of their security plans, as other information provided by customers is less stringent than the regulatory requirements. "For companies that require very detailed and rigorous vetting of reports, it is difficult for suppliers to come up with a formal document that meets the requirements of the review," he said. Therefore, as a cloud service provider, your attractiveness to such companies is limited. Quocirca's Longbottom says companies need to classify their data according to regulatory and regulatory requirements. Types of data can include openness, business, confidentiality, and confidentiality. You can then develop strategies for different information, such as which types of data can be distributed and stored, and whether they can be printed. In cloud computing, companies need cloud service providers to support this type of data classification and corresponding strategies. Longbottom said: "This data classification method can be well adapted to the cloud computing environment because it is not restricted by network, platform or equipment." Ustaran, of Field Fisher Waterhouse, believes that cloud service providers can choose to provide European data protection regulations as their service standards, so that customers know that their data will meet regulatory requirements before negotiating with suppliers. He added that businesses and suppliers needed to find a balance that would meet both data security and regulatory requirements, while achieving sufficient flexibility. The supplier will provide the corresponding service according to the balance point. "The contract should focus on reality rather than set too many legal provisions so that suppliers will be too restrictive to provide the services they need," Ustaran said. "Retrieving data from the cloud the final aspect to consider when facing cloud computing is how to get your data back from a previous vendor if you decide to change the cloud service provider later. Quocirca's Tarzey that one of the few big things companies need to consider about cloud computing is the future of corporate data. Organizations should consider how they can retrieve data from the cloud architecture and ensure that all data backups are removed from the vendor's servers. Titterington said: "If you can not easily get your data back, then you are tied to the service provider, no matter how he you can not be separated." This is not what any enterprise wants to see. "So companies must bring this up when they choose a cloud service provider," he said, "to raise all the right questions and to include all the service commitments in the contract." "Edit Recommendation" Websense Triton Unified Content Architecture Protection data Security Ruijie network new generation firewall for cloud computing security five major concerns for cloud security 2011 The five trends of clouds safety resolution use SSL to easily resolve cloud security issues? "Responsible editor: Chen Bowen TEL: (010) 68476606" Original: Cloud SecurityWorry is just a cloud? Back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.