【 Weak current College 】 cloud computing security metrics?

<br> United States national technology development center (NIST) cloud computing should have the following features: network access everywhere, cloud computing should be required to provide self-service; use isolated location of the resource pool; good elasticity, and can provide scalable .services. National technology development center special requirements for cloud services should be measured. This shows that cloud computing is more mature. <br> <br> Security Organization JerichoForum made a interesting about cloud computing security method. He first describes the clouds. Forum security .and identity management across all layers of elements, and provides a design pattern. They put this design pattern called a collaboration-oriented schema (CollaborationOrientedArchitectureCOA) <br> <br> Since the Foundation provides the Foundation, they put cloud computing security is defined as .a three-dimensional shape of the model. Approximately at the same time, the cloud computing Security Alliance and their ideas are very similar. Last revision cloud computing delivered in three forms: <br> <br> 1. Infrastructure service (IaaS) < .br> <br> 2. Platform as a service (PaaS) <br> <br> 3. Software as a service (SaaS) <br> <br> Which in turn determine the cloud consumption mode: <br> <br> .1. Private <br> <br> 2. Public <br> <br> 3. Management <br> <br> 4. Mixed <br> <br> Cloud Computing Security Union defined the stacking pattern is very complex. Although I .am not against their reference model, but please allow me here to speak several different views. Security of the three basic principles: <br> <br> 1. Confidential <br> <br> 2. Availability <br> <br> 3 .. Integrity <br> <br> Clearly, cloud computing, especially in public / external situation, we have no control. Once the bits "leave our network", then lose control. Usually lost a control, we will add more control. < .br> <br> The following to explain some of the other control. <br> <br> Confidentiality <br> <br> We secure through technology, such as encryption and access control. While we still can be encrypted, but imagine the .next occurrence of large data sets. It is sent, or assembled into the cloud, then remains encrypted form, and then sent to us for processing. <br> <br> Once the data in the US, we now have to decrypt the data ., along with the operations of the demand, and then re-encrypt the delivery to the cloud. This method while feasible, but the performance is great, we still need to pay a heavy price. <br> <br> In the privacy of .another other factor is the ability to destroy data. Because of the cloud is not our, we cannot control, we cannot control the storage media. The same media to a large extent, may be used for other purposes. These buckets are dynamic and service ./ platform / application software providers may assign them to other users. <br> <br> In many cases shared storage media, this requirement can verify the validity of the data exceeds really ruin after. We must follow a strict system, the system includes .it would indicate that the data you need to store the length of time, when who destroyed it, and how to verify this destruction. Due to the tape degaussing or grinding discs is impossible, so we have to deploy more more flexible software to ensure you .can destroy. <br> <br> When we want to change a hard drive data, things become more complicated. Data will typically be in the driver store location between mobile, but at this point we cannot manage. The only viable solution is to .require service providers to periodically clean up the storage media. <br> <br> Availability <br> <br> When working with cloud computing resource, thanks to the network, the remote server, and any control are applicable. But we always bear .the risk that the user's information is very sensitive. In order to avoid risks, we usually create redundancy on your system. Doing so will probably increase line, servers, network equipment and personnel. But on a corporate complexity means that redundant? what is the .true cost of the operation? <br> <br> Let us look at an example: we have a sometimes extending 10 times the volume of data, then the cloud computing appears to be the perfect solution. Therefore, we may: <br> .<br> 1. We asked the cloud services provider for the provision of data storage explosion of availability. <br> <br> 2. We call our network service provider to create another redundancy and high availability path to cloud services providers. <br .> <br> 3. Now we must consider when we don't have the data available to the cloud, if such data explosion, we want to do. Immediately stop handling? work? of course not. So whether we use cloud services, .we must have a plan for the storage of these data. <br> <br> Integrity <br> <br> After they change, we can detect these changes. From the hash to redundancy check, a digital signature to the wiring, we .are able to determine the changes. But we are no longer blocked these changes. In particular, we talk about cloud computing. <br> <br> In fact, the spread may cause direct cloud against attack. While most hosting companies will ensure that .they are monitor, security is good, but in fact, the cloud's configuration has been at risk. <br> <b> </ b> R> they now can also change the data and associated payload that directly reach the intended destination. Therefore ., we are facing some countries regard legal issues: <br> <br> 1. how we comply with the law? <br> <br> 2, if our data is the EU going? <br> <br> 3. when .we audit and the United States Securities and Exchange Commission disclosure risk information, we have to do? <br> <br> 4. how we comply with the rules on CALEA? e-discovery? data forensics? <br> <br> Finally ., we know that the data lifecycle. If the cloud is considered to be untrusted data? it does any value, that nobody knows, maybe the only time can tell us. <br> <br>.