Tech-Tip# 325 By Mark Tiongco - July 31, 2011
【译文】
毫无疑问,云计算在我们的技术领域中已经普遍存在。它帮助企业提高生产力,为消费者提供更多数据存储和备份的便利。当然,对一个企业的所有者或平均JOE计算机使用者来说,在应用云计算前还需要解决一些存在的问题,。
减少控制
流行的云计算概念涉及到场外的第三方公司保证几乎百分百地正常运行和分随时随地地安全访问和归档有关的文件和数据。问题是,基本上是由另一个实体保留了你的机密信息,从而降低了你对这些信息的控制量。此外,你不知道你的信息是否被存储。
举个例子,你的数据是由于第三方云服务公司管理,其管理的云计算服务器位于尼帕尔,由于反政府起义,这个云公司的基础设施被破坏,你怎么办?你不知道你的数据是否安全,是否到了另一个地方,或数据被未经授权者拥有。当然,这种事情发生的几率很小,但最后的结局就是你对于维护你的信息不受外部环境影响的问题上几乎无能为力。关于墨菲定律,很多云服务公司保证几乎100%的正常运行时间,但当您需要他的时候仍有服务期间不可用的时候(由于系统故障或维修)。
法律问题
于为您和托管公司,使用云服务存在着一个潜在的法律难题对。例如,云服务提供商Dropbox最近经历了一个安全漏洞,约四小时间所有帐户可以输入任何密码进行访问。 虽然Dropbox能够及时纠正问题,他们的用户之一,针对安全问题现在提起诉讼。
如果你有个人(或公司)被攻破的信息 应该怎么办?你有什么样的法律追溯权? 基本上,这意味着你(和你的法律团队)将有额外的工作来处理与整顿,(如违反合同和/或另谋云服务提供商)。对于云服务的用户寻找能存储音乐到他们各自的数字储物柜,外部单位(如音乐标签公司)的音乐已经提出了一个引起法律轩然的大波亚马逊云音乐服务,从长远来看,关于什么类型的数据可以被存储在云,这可能很难实现。
积极主动的措施
虽然是没办法完全防止任何类型的云服务的问题,有几个可以采取的步骤,以尽量减少这些问题危及您的机密的个人或商业信息的机会。
首先 ,它是合乎逻辑的, 采取“跟不上所有的鸡蛋放在一个篮子里”的做法,这意味着只有上传的相关数据需要由相关的公司人员访问。
例如,如果你有一个销售人员要到欧洲参加贸易展,他们需要访问云,不离开你的财务将是明智的做法,竞争策略,公司财务报表都记录在云中。
您还可以指定究竟哪些员工允许访问您的云服务器,使他们认识到参与这类访问的高度安全性(增加的责任与更新的IT安全访问/政策)
接下来 ,您还可以使用第三方加密程序,如True Crypt,并加密所有信息,然后上传到你的云服务器上。 这两项提供双重安全。
1. 首先,您的数据将是无用的,如果未经授权的当事方截获(任何方式)。 (除非他们可以通过破解True Crypt的强硬加密)
2.其次,如果云服务的基础设施被破坏,除了你或你的员工您的信息对任何人来说仍然是无用的。 您还可以在您自己安全个人或公司的网络中保存你的机密信息的副本,以防任何原因的接入点云服务停机。
对于个人和公司生活来说所有这一技术的的不断革新,你应该希望用平衡的观点解决这项新技术,权衡双方的利弊和优劣,同时考虑在保证您的数字生活安全的大背景下可以采取哪些步骤。
【原文】
Cloud Computing – A Blessing or a Curse?
Tech-Tip# 325 By Mark Tiongco - July 31, 2011
There’s no doubt that cloud computing has made a huge splash in our technologically ubiquitous society. Its benefits help businesses with productivity and give consumers more convenience about back-ups and data storage. Still, there are a few issues that should be addressed for anyone, whether a business owner or average Joe computer user, before making the jump to any cloud computing solution.
Reduced Control
The popular concept of cloud computing involves offloading and archiving pertinent files and data to an off-site 3rd party company which guarantees virtually 100% uptime and secure access anytime anywhere. The problem is that you’re basically having another entity hang on to your confidential information which reduces the amount of control you have over that information. In addition, you have no idea where your information is being stored.
What if, for example, your data is managed by a 3rd party cloud service company whose computer servers are located in Niger and due to an anti-government uprising, the cloud company’s infrastructure is compromised? You would have no idea whether your data was saved and moved to another location or if the data itself was possibly compromised by unauthorized parties. Granted, the chance of this happening is probably low but the big picture is that you’re virtually powerless in safeguarding your own information against issues from the external environment. Regarding Murphy’s Law, many cloud service companies pitch a near-100% uptime guarantee but there is still a chance the service could be unavailable (due to system malfunctions or maintenance) during the time when you need it the most.
Legal Issues
Using cloud services also presents a potential legal headache for both you and the hosting company. For example, cloud service provider Dropbox recently experienced asecurity breach in which all accounts were accessible by entering ANY password for approximately four hours. While Dropbox was able to rectify the issue promptly, one of their users is now filing a lawsuit for the security issue.
What if you had personal (or company) information that was compromised?What legal recourse would you have? Basically it means there would be extra work for you (and your legal team) having to deal with straightening things out, (such as breach of contract and/or having to find another cloud service provider). For cloud service users looking to store music into their respective digital lockers, external parties such as music label companies have raised a legal uproar about Amazon’s cloud music service which could make it difficult, in the long-run, about what type of data can be stored on a cloud.
Proactive Measures
While there is zero way to completely prevent any type of cloud service issue, there are a few steps you can take to minimize the chance of having one of these issues compromise your confidential personal or business information.
First, it would be logical to adopt a“Don’t keep all your eggs in one basket” approach which means only uploading the pertinent data that needs to be accessible to the necessary company personnel.
For example, if you have sales personnel traveling to Europe for a trade show and they need cloud access, it would be wise to not leave your Finance, Competitive Strategy and Company Financial Statements available on the cloud.
You can also specify exactly, which employee(s) are allowed access to your cloud servers and make them aware of the heightened security involved with such access. (Increased accountability with updated IT security access/policies)
Next, you can also use a 3rd party encryption program such as True Crypt and encrypt all information before uploading it to your cloud service. This provides redundant security on two counts.
- First, your data would be useless if intercepted (in any way) by unauthorized parties. (unless they can break through True Crypt’s ridiculously-tough encryption)
- Second, if the cloud service’s infrastructure is compromised, your information is still useless to anyone except you or your employees. You can also save a copy of all your confidential information on your own secure personal or company network which provides an alternative access point in case the cloud service goes down for any reason.
The big picture is that with all this technology that’s continuously revolutionizing our personal and company lives, you should always approach new technological solutions with a balanced perspective, weighing both the pros and cons while considering what steps can be taken to keep your digital life secure.
Are you currently utilizing a cloud service? If so, let us know in the comments and share your own prespective about this topic!
Till Next Week.... Happy Computing!
