数据库安全性和完整性考虑
The cloud, everyone’s racing to be there, the blogs and forums are a buzz – and have been for some time now. Personally though I feel that cloud computing isn’t necessarily new. It’s a new enough take on how we design, deploy and manage application and computing services and is worth the excitement. With so much excitement around, cloud security tend to be given a lesser importance than it deserves.
云,每个人都在竞相竞标,博客和论坛都在嗡嗡作响-并且已经存在了一段时间。 尽管我个人认为云计算不一定是新的。 这是我们设计,部署和管理应用程序和计算服务的方式的新手,值得一试。 面对如此多的兴奋,云安全性的重要性往往没有应有的重视。
Consider the following facts about Cloud: • A recent study, by the London School of Economics, underwritten by Microsoft, as covered by Forbes.com shows that growth of cloud-related jobs in the smartphone sector is set to grow by 349%. • Depending which estimate you believe, the revenue from Cloud Computing services will be anywhere from $118.7 to $148.8 billion by 2014. • IEEE spectrum reports a prediction of nearly a billion people subscribing to mobile cloud apps by 2014.
请考虑以下有关云的事实:• 最近,一项由Microsoft 承办的伦敦经济学院的研究 (由Forbes.com报道)显示,智能手机领域与云相关的工作将增长349%。 • 根据您认为的估计 ,到2014年,云计算服务的收入将在118.7到1488亿美元之间。• IEEE频谱报告预测,到2014年将有近十亿人订阅移动云应用程序。
These huge numbers shows lot of interest and excitement of people around cloud computing. When we store our information with cloud vendors, such as Rackspace, Google, Microsoft, Dell, Apple, Amazon and the multitude of others or as a business, there’s potentially a lot at stake. This covers many things, including our privacy and our customers. So, our utmost priority is to consider the security initiatives and practices designed to make Cloud Computing as secure as any other technology solution. It’s important that we do due diligence, so that we’re as prepared as we can be for the potential downsides and can maximize the upsides.
这些巨大的数字显示出人们对云计算的浓厚兴趣和激动。 当我们将信息存储在Rackspace,Google,Microsoft,Dell,Apple,Amazon等云供应商以及众多其他供应商中或作为企业时,潜在的风险就很大。 这涉及许多方面,包括我们的隐私和我们的客户。 因此,我们的首要任务是考虑旨在使云计算像其他任何技术解决方案一样安全的安全措施和实践。 我们必须进行尽职调查,这一点很重要,这样我们才能为潜在的不利因素做好充分的准备,并可以最大限度地提高优点。
In this article we discuss and raise few questions for your consideration. Some questions you may have thought of and discussed already, some you may not. These questions aim to help ensure that you’ve taken a good look at implications, legal requirements and other cloud security issues.
在本文中,我们讨论并提出一些问题供您考虑。 您可能已经想到并讨论了一些问题,有些则没有。 这些问题旨在帮助确保您已充分了解其含义,法律要求和其他云安全性问题。
Depending on provider’s geographic location the provider will be subject to a number of legal requirements and responsibilities. Some of these legislations are: • The Sarbanes–Oxley Act. • The Gramm–Leach–Bliley Act. • PCI (Payment Card Industry) Compliance.
根据提供者的地理位置,提供者将受到许多法律要求和责任。 其中一些立法是:• 《萨班斯法案》 。 • 《格拉姆-里奇-布莱利法案》 。 • PCI(支付卡行业)合规性 。
Also, the type of data that is being stored may be subject to even further legislation, such as HIPPA. So before committing contract with a provider, did you verify that they comply with the respective legislation?
而且,要存储的数据类型可能还要遵守其他法规,例如HIPPA 。 因此,在与提供者签订合同之前,您是否已验证他们遵守相应的法律?
Are you fully conversant with the relevant acts pertaining to your business and your information? Have you taken the time to take these in to consideration during the due diligence process with your vendor & vendor solutions?
您是否完全了解与您的业务和信息有关的相关行为? 您在与卖方和卖方解决方案的尽职调查过程中是否花了时间考虑这些因素?
I’m not of the opinion that companies like Apple, Google and Amazon are likely to go bankrupt. But in recent years the global financial crisis and its impact has brought down old and well respected companies too. You should factor in plan to cover your data and a migration strategy to a different vendor if the need be. Are you sure and have you gone over your data recovery practices to ensure that in the event of this happening, you will have continuity of service and can continue to adhere to your stated SLAs?
我认为苹果,谷歌和亚马逊等公司可能会破产。 但是近年来,全球金融危机及其影响也使老牌公司备受推崇。 您应该考虑计划覆盖您的数据,并在需要时考虑向其他供应商的迁移策略。 您确定并且是否已遍历数据恢复实践,以确保在发生这种情况时,您将具有连续的服务并可以继续遵守声明的SLA?
This question isn’t really new to Cloud computing and is something we all do consider. But it bears repeating. What are the security measures that your provider puts in place to secure the data centers and the information therein? Does the vendor have good intrusion detection procedures? What are the network level security features and policies like?
这个问题对于云计算而言并不是真正的新问题,我们都在考虑这个问题。 但这需要重复。 您的提供商采取了哪些安全措施来保护数据中心及其中的信息? 供应商是否具有良好的入侵检测程序? 网络级别的安全功能和策略是什么样的?
Then there’s the question of staff. What checks do they have in place for their staff? Is the data secured such that staff isn’t able to take it off site? Are there suitable access controls in place such that only suitably authorized personnel are able to access respective data? Have they considered role based, mandatory or discretionary access controls?
然后是人员问题。 他们为员工准备了哪些检查? 数据是否受到保护,以使员工无法将其带离现场? 是否存在适当的访问控制,以便只有经过适当授权的人员才能访问各自的数据? 他们是否考虑过基于角色的,强制性的或随意性的访问控制?
What logging is in place? When information is accessed, is there a record of it occurring? It is one thing to be able to recover from a security breach, but it’s important to know what happened, by whom and when to help ensure that it never happens again.
有什么日志记录? 访问信息时,有记录吗? 能够从安全漏洞中恢复是一回事,但重要的是要了解发生了什么事情,由谁以及何时进行帮助以确保再也不会发生。
Is staff suitably trained? No matter if you have the best security measures in place, if staff are able to circumvent them, then their effectiveness is nearly nought. Consider the recent Apple iCloud security breach of Mat Honan’s account that set blogs and Twitter ablaze. What about a similar security breach that happened to Amazon or that happened to GoDaddy?
是否对员工进行适当的培训? 无论您是否拥有最佳的安全措施,如果员工能够绕过它们,那么它们的有效性几乎是无用的。 考虑一下最近苹果iCloud违反 Mat Honan帐户的安全漏洞 , 该漏洞使博客和Twitter泛滥成灾。 发生在亚马逊或GoDaddy的类似安全漏洞又该怎么办?
It’s all very well and good to consider the previous questions about the vendor’s security, but what about looking closer to home? In the process of moving applications to the cloud, have we stopped to consider how secure they are? If we have a, proverbial, 12 inch thick wall all around, but leave the back door open, we can hardly complain if and when it’s abused to gain access to our data.
考虑先前有关供应商安全性的所有问题都很好,但是看起来离家更近呢? 在将应用程序迁移到云的过程中,我们是否已停止考虑它们的安全性? 如果我们周围都有一堵众所周知的12英寸厚的墙,但让后门保持打开状态,我们几乎不会抱怨是否以及何时滥用它来获取我们的数据。
According to a 2011 article on Security Week, over 75% of attacks occur through web applications. According to another 2011 article, this one by the Cloud Security Alliance:
根据2011年《安全周刊》的文章 ,超过75%的攻击是通过Web应用程序发生的。 根据2011年的另一篇文章 ,由Cloud Security Alliance 撰写的这篇文章 :
…only 18% of IT security budgets allocated to address the threat posed by insecure Web applications, while 43 percent of IT security budgets were allocated to network and host security. …只有18%的IT安全预算分配给应对不安全的Web应用程序带来的威胁,而43%的IT安全预算分配给网络和主机安全。Does your company take application security seriously? Have you devoted sufficient budget to ensuring that your applications are resistant to the variety of attack vectors available, such as Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF/XSRF) and SQL Injection attacks?
贵公司是否认真对待应用程序安全性? 您是否已投入足够的预算来确保您的应用程序能够抵抗各种可用的攻击媒介,例如跨站点脚本(XSS),跨站点请求伪造(CSRF / XSRF)和SQL注入攻击?
The PHP Security Consortium, amongst others, provides a solid guide on securing your web applications. Does your development team take security seriously? If you outsource, have you stipulated that security is a must in the applications that are produced?
除其他外, PHP Security Consortium还提供了有关保护Web应用程序安全的可靠指南。 您的开发团队是否认真对待安全性? 如果您外包,您是否规定必须在所生成的应用程序中确保安全性?
These are but a few of the questions that we should consider and I hope that they haven’t scared you off but it has helped ensure that you keep cloud security in mind. I truly believe that Cloud Computing can and should be an excellent leap forward and brings with it a raft of benefits that we can all prosper from. But we have to do our due diligence. What measures are you taking to ensure the security and continuity of your business in the cloud?
这些只是我们应该考虑的几个问题,我希望它们不会使您感到恐惧,但这有助于确保您牢记云安全性。 我坚信,云计算可以而且应该是一个极好的飞跃,并带来许多我们可以从中受益的好处。 但是,我们必须尽职调查。 您正在采取什么措施来确保云中业务的安全性和连续性?
I’ve provided the following links should you want to learn more about the impact of security in the cloud. • Rackspace CEO’s Cloud Computing Business Strategy • Cloud Computing: Legal and Regulatory Issues • Summary of the HIPAA Privacy Rule • Moving to the cloud? Take your application security with you • Cloud Computing Drives Mobile Data Growth • Legal Cloud: Have It Your Way • Cloud computing security
如果您想进一步了解云中安全性的影响,我提供了以下链接。 • Rackspace CEO的云计算业务战略 • 云计算:法律和法规问题 • HIPAA隐私规则摘要 • 迁移到云? 随身携带应用程序安全性 • 云计算推动移动数据增长 • 合法云:按您的方式行事 • 云计算安全性
翻译自: https://www.sitepoint.com/have-you-thought-about-cloud-security/
数据库安全性和完整性考虑
相关资源:jdk-8u281-windows-x64.exe