Analysis: Choosing "Cloud Computing" must clarify 10 questions.

The paralysis around cloud computing may make you think that large-scale adoption of cloud computing will happen tomorrow. However, research from various sources has shown that security is the biggest obstacle to large-scale adoption of cloud computing. The reality is that cloud computing is just another phase of natural evolution along the path of technologies such as hosts, clients/servers, and Web applications, so it has its own security issues, just like all other phases.

Of course, security concerns will not prevent the use of these technologies can not prevent the adoption to be able to solve real business needs of cloud applications. To ensure that the cloud is secure, it needs to be treated as the next step in technology evolution, rather than as a revolution that requires a radical change in security models. Security policies and procedures need to be adapted to the cloud model in order to prepare for the adoption of cloud services. Like other technologies, we have seen some early adopters disguising distrust of cloud patterns by taking the lead in deploying private clouds or experimenting with non-critical applications in the public cloud.

Businesses and organizations ask a lot of questions and weigh the pros and cons of using cloud computing solutions. Security, availability, and manageability are all factors to consider. This article refers to the 10 security-related issues that organizations should consider. Answering these questions can help companies and organizations make decisions about whether they need to deploy the cloud, and which cloud model should be used if they need to be deployed— - Private, public or hybrid?

1. Cloud deployments will change how business risk management?


deployment of cloud computing - whether public or private cloud cloud - meaning you no longer have complete control over the environment, or personnel data. Changes in control can lead to changes in risk management – ​​in some cases the risk will increase, while in other cases the risk may decrease. Some cloud applications are completely transparent to you and provide advanced reporting capabilities and integration with your existing systems. Such applications can reduce the risk of the business. Other cloud applications may not be able to improve their security configuration and match their existing security measures, thus potentially increasing security risks. All in all, it is only reasonable that the company's data and its level of sensitivity will ultimately determine which cloud model should be adopted.

2. What needs to be done to ensure that existing security policies can accommodate cloud patterns?


improve their overall security posture and security policy an opportunity to migrate to the cloud model. Early users of cloud applications will have an impact and help drive the security model implemented by cloud providers. Instead of creating new security policies for the cloud, companies should extend their existing security policies to accommodate the new cloud platform. In order to deploy the cloud to modify the security policy, there are some factors that need to be considered: where the data is stored, how to protect the data, who can access the data, what regulations to follow, and service level agreements.

3. Will cloud deployment damage corporate compliance?


cloud deployments will change the risk profile of the business, which may affect the ability of enterprises to adapt to a variety of regulatory compliance. This requires a reassessment of compliance needs when compliance needs are associated with cloud deployments. Some cloud applications have strong reporting capabilities that can be tailored to fit specific compliance needs, while others are more generic and unlikely or unable to accommodate detailed compliance needs. For example, if a country's regulations stipulate that corporate data should not be stored outside the country, some cloud providers may not be able to meet the requirements of this regulation because of the location of their data centers.

4. Is the cloud provider using certain security standards (SAML, WS-Trust, ISO or others)?


in the cloud, standards play a very important role, because interoperability between various cloud services to ensure cloud security will not fall into the island patent is vital . A number of organizations have created and expanded various standard initiatives to support the cloud. Cloud-standards.Org lists most of the standards organizations associated with cloud computing, as well as organizations related to cloud security standards.

5. What should I do if a data leak occurs?


when enterprises in the cloud security planning must be properly formulate a good plan to prevent data leakage and data loss. This is a crucial point when companies sign an overall agreement with a cloud service provider. Both cloud providers and enterprises should develop data leakage notification policies or regulatory rules that must be followed. Companies must urge cloud providers to support the company's notification needs when needed.

6. Who is the responsible party when securing corporate data? Or who should be considered the subject of responsibility?


in reality, the security will be the responsibility of the parties sharing. However, in public opinion courts (at least today), companies, not cloud providers, are responsible for collecting data, so only companies should be seen as the ultimate responsible for information security. If the agreement between the enterprise and the cloud provider is not leaked, perhaps the enterprise can take less responsibility and share the responsibility with the cloud provider, but from the perspective of the enterprise customer, the enterprise will still be considered as the ultimate responsible person.

7. How to ensure that only the right data is stored in the cloud?


sensitive corporate data must be clear what data, critical data and applications based on whether or not to build the appropriate security model for understanding what this data can be stored in the cloud is very important. This process should begin long before the cloud deployment is considered, as this is a key part of good security practices. Many companies use data leakage prevention techniques to classify and tag data.

8. How to ensure that only authorized employees, partners and customers can access data and applications?


identity management and access management are security challenges that already exist, this challenge is magnified some technical features in cloud deployments, such as federalism, security systems and virtualization are all pre-configured in the cloud Play in security, just as they do on today's IT platform. Extending and complementing the enterprise's existing environment to support cloud deployment will help solve this problem.

9. How to manage the data and applications of the enterprise, what kind of security technology is appropriate?


cloud provider should provide this information, as it will directly affect the ability of an organization to comply with regulations. Transparency is important and necessary because it allows companies to make decisions based on an understanding of the situation.

10. What factors can companies use to understand and trust cloud providers?


in assessing the level of trust a cloud provider, there are many factors to consider. There are many factors that are related to the factors that companies consider when considering outsourcing contracts, such as: whether the provider and its services are mature, the type of contract, SLA, vulnerability procedures and security policies, the provider's performance record; Forward-looking strategies and more.

migrate to a new computing platform is by no means a thing without careful consideration they decided to do. The answers to these questions are complex and often lead to more questions. This article has only touched on some of the shallower issues related to security when considering the cloud platform.

In addition, enterprises should also understand that they have the ability to promote the development of cloud security technology used. It should be clear that cloud consumers can, should, and expect them to take responsibility for security, making the cloud a safe platform that can really save costs and increase productivity.