Eight steps of using cloud computing safely

  • Detail

Tips: eight steps to safely use cloud computing

participants in the interop conference heard on Thursday that if you think it is difficult to meet the requirements of security audit, if you want to put your data in cloud computing, you should try to pass this audit

Chris Richter, Savvis' vice president for security services, leads a cloud computing security team. He said that the task of auditors is to maintain a well-defined standard for enterprises. These security standards do not exist only for cloud computing environments. Therefore, auditors should be cautious. They need to be very strict because there is no clear policy for auditing

these rules should keep pace with the times. However, these rules do not yet exist. Therefore, enterprises need to be cautious about the types of data they want to submit to cloud computing, and ensure that the data comply with regulatory standards. For example, ensure that the regulatory requirements of HIPAA, PCI and Sarbanes Oxley can be verified in these standards

richter said that auditors should see the internal situation of cloud computing. This is not allowed by many cloud computing providers. Many cloud computing providers are confidential about their physical architecture, policies, security, virtual local area architecture, and other important current factors. If you can't see how the data flows, how the virtual local area is segmented, and how your data is separated from other people's data, you should not be allowed to do this

richter said that what complicates this problem is how to deal with identity recognition and access management, so that unauthorized users cannot enter enterprise cloud computing. He said, I don't know anyone who has achieved truly effective identity recognition and access management in cloud computing

that is to say, he believes that it is possible to use proprietary cloud computing for the most sensitive information. He said, I know the most powerful proprietary cloud computing. I have confidence to put my most valuable data there. Part of the reason for this is that enterprises can retain the level of control over data, applications and infrastructure in private cloud computing. You can trust what you do more

no matter whether a cloud computing is trusted by the enterprise and approved by auditors, it is still the enterprise that protects data. External applications, platforms or infrastructure cannot be outsourced

if a cloud computing provider is generally considered to comply with security standards, it does not mean that individual enterprises using this cloud computing service will also comply with the standards. It is your end users who are responsible for compliance, not service providers

richter has developed eight steps for enterprises planning to use some form of cloud computing to safely transition from proprietary traditional infrastructure to cloud computing:

1 Evaluate your application. Key materials and products need to be tackled by the chemical industry. Some applications are closely related to your enterprise system and are not suitable for cloud computing

2. Classification data. Determine what is sensitive data for improving inspection quality and what is not. This result can determine what type of cloud computing you choose

3. Determine the type of cloud computing that best suits you: software as a service, platform as a service, or infrastructure as a service

4. Select the delivery method. Proprietary cloud computing, self managed cloud computing, managed or external cloud computing, public cloud computing, enterprise cloud computing, hybrid cloud computing

5. Specify the platform architecture. This should include technical specifications for computing, storage, backup, network routing, virtualization and dedicated hardware

6. Specify security controls. This should include firewall, intrusion detection/prevention system, record management, application protection, NBS data protection, data loss protection, identity and access control, encryption and security vulnerability scanning, etc

7. Policy requirements. Check the policies of cloud computing providers to ensure that their policies meet your requirements. "Believe me, the policies of every provider are very different."

8. View the service provider itself. Are service providers geographically dispersed? Can users configure it automatically? Does the service provider have enough capacity to meet the sudden increase in demand? Can they monitor all user communications to avoid a user inadvertently implementing a denial of service attack on Cloud Computing? What is a service level agreement? Is this provider financially stable? (end)

Copyright © 2011 JIN SHI