Cloud computing with a crisis: legal protection and security remains a weakness
HC Network Security For now the cloud computing suppliers, whether legal or virtual machine safety is not the biggest obstacle to cloud security. While many
Company Have to consider migrating to the "cloud" and going, the security experts at last week's Black Hat security Meeting The reminder that the safety of third-party cloud services are still far from ideal.
Sustained economic downturn makes the cloud computing a hot topic, eager to save the cost of entrepreneurs and small Enterprise On the Internet using a virtual machine, while large enterprises such as customer relationship management of their job to the companies such as salesforce.com. But experts warn that companies need to more carefully consider the infrastructure transferred to the "cloud" in to the security risk.
"Many small companies use the cloud to save money, but those high-end users do not use cloud computing when audited," from the security company's director of HaroonMeer SensePost said, he had led the led the flexibility of the Amazon cloud computing research.
Their experiments showed that companies often do not to scan those obtained from a third party application, which is easy in the company's internal network to create a Trojan horse.
There are many similar examples, the final meeting for their BlackHat a five-point safety experience in the cloud:
1, the lack of legal protection for cloud computing
Companies need to realize that the data in the cloud is not a higher law Standard , The government or lawyers focused on the discovery, even without an investigation in the use of data.
Moreover, the cloud vendors more concerned with protecting themselves, rather than the client, iSecPartners security consultant AlexStamos so that it not the expectation of legal services would be beneficial to customers.
"Cloud services to all companies have a very active and well-trained legal department," Stamos said, "When you apply for cloud services, agree to these agreements, basically means you will have nothing." In other words, If there is data loss, suppliers will not do anything for you.
2, does not belong to your hardware
If the business you want to test some things, they must remember that they do not own any hardware. Although some service agreements (such as Amazon) to specify the client test, but can be run in the top software vendors license is a key.
3, strong Policy And user education
Although cloud computing provides access to corporate data, saving manpower and other benefits, but always on the server means Hacker They might have the potential threat to the company.
4, do not believe that the virtual machine
When the cloud providers that use the virtual machine, the user should not believe that runs on the operating system. Meer said so.
SensePost researchers found, a cache, such as credit card data, keys and a number of potential malicious code may be hidden in the system, but no one to notice.
He suggested companies set up their own mirror for internal use, to protect themselves.
5, reconsider your erection In any case, the enterprise Technology Managers need to reconsider their assumptions in the cloud.
Example, when you are in the data center to deploy a virtual machine applications, these randomly generated virtual machine might not make your application into effect. The problem in the virtual machine's security and much worse than physical servers.
Read the article were also viewed:
Privacy Information Manager cloud computing challenges of advantages and disadvantages
Inventory: Around the emerging cloud computing five "dark side"
Security vendors even behind the cloud computing speed with pressure malicious programs
I am an expert from decorative-wall-panel.com, while we provides the quality product, such as Stone texture , Homogeneous accessory system, decorative wall panel manufacturer,and more.
Processing your request, Please wait....
