云安全聯(lián)盟志愿項(xiàng)目向外界報(bào)道參與者是否遵守了CSA所建議的云安全辦法。

谷歌、Verizon、英特爾、McAfee、微軟以及Savvis加入了一個(gè)由云安全聯(lián)盟創(chuàng)立的志愿項(xiàng)目，此項(xiàng)目向外界報(bào)道參與者是否遵守了CSA所建議的云安全辦法。

通過(guò)閱讀中國(guó)軟件聯(lián)盟STAR（安全信任與保證注冊(cè)處）提交的報(bào)告，參與的供應(yīng)商的潛在客戶會(huì)更樂(lè)意對(duì)產(chǎn)品和服務(wù)滿足安全需求的情況作出評(píng)價(jià)。

為了激發(fā)其他參與者，CSA正在鼓勵(lì)企業(yè)做出規(guī)定，規(guī)定任何與其合作的云供應(yīng)商都應(yīng)提交CSA STAR報(bào)告。

比如，eBay公司的首席信息安全官Dave Cullinane說(shuō)：eBay正在規(guī)定與其共事的所有云供應(yīng)商提交CSA STAR報(bào)告。他稱，這些信息可以保證eBay的安全以及客戶的隱私。類似的情況還有Sallie Mae，它將尋找云供應(yīng)商通過(guò) CSA STAR存檔論證他們的安全性。

CSA STAR讓參與者就“是否遵守了CSA 最優(yōu)方法”作自我評(píng)估報(bào)告。注冊(cè)處也將列舉出哪些公司的GRC（公司管理、風(fēng)險(xiǎn)管理、合規(guī)審查）考慮到了CSA STAR 報(bào)告。CSA稱，這樣做的目的是讓客戶能夠把GRC檢測(cè)和評(píng)估延伸到云供應(yīng)商。

谷歌、微軟、Savvis和Verizon 將遞交服務(wù)的信息，英特爾和McAfee將把安全產(chǎn)品的報(bào)告歸檔。

這周，于弗羅里達(dá)州奧蘭多舉行的2011CSA大會(huì)上，CSA宣布了STAR項(xiàng)目的主要成員。

CSA還聲稱，正在把周密的調(diào)查延伸到云安全服務(wù)供應(yīng)商——就是那些從云平臺(tái)提供安全服務(wù)的企業(yè)。

客戶對(duì)安全即服務(wù)的擔(dān)心包含以下幾點(diǎn)：

可能無(wú)法完全鎖住系統(tǒng)

可能無(wú)法全面對(duì)工作人員進(jìn)行審查

多租戶環(huán)境內(nèi)虛擬計(jì)算機(jī)的數(shù)據(jù)泄露問(wèn)題

云安全服務(wù)也許不符合法規(guī)標(biāo)準(zhǔn)

CSA最近在云計(jì)算大會(huì)上發(fā)表的“關(guān)鍵領(lǐng)域指南”中提到：“當(dāng)在高管制的行業(yè)或環(huán)境中部署安全即服務(wù)時(shí)，用來(lái)限定管理目標(biāo)要求的服務(wù)等級(jí)的計(jì)量協(xié)議要與SLA文檔定義服務(wù)一同商榷。”

CSA說(shuō)，這些云安全服務(wù)范圍廣泛，包括識(shí)別和訪問(wèn)管理、數(shù)據(jù)丟失保護(hù)、網(wǎng)絡(luò)和郵件安全、加密和侵入防護(hù)。

A voluntary Cloud Security Alliance program provides public information about whether contributors comply with CSA-recommended cloud security practices

Google, Verizon, Intel, McAfee, Microsoft, and Savvis are joining a voluntary program set up by the Cloud Security Alliance that provides public information about whether contributors comply with CSA-recommended cloud-security practices.

By reading reports submitted to CSA's STAR (Security Trust and Assurance Registry), potential customers of participating providers can more readily assess whether products and services meet their security needs.

To encourage other participants, CSA is encouraging businesses to require that any cloud vendors they deal with to submit reports to CSA STAR.

For example, eBay is requiring the submissions from all cloud vendors it works with, says the company's CISO Dave Cullinane. He says the information will help eBay security and its customers' privacy. Similarly, Sallie Mae will look for cloud vendors to demonstrate their security via CSA STAR filings.

CSA STAR lets participants file self-assessment reports about whether they comply with CSA best practices. The registry will also list vendors whose GRC (governance, risk management, and compliance) wares take the CSA STAR reports into account when determining compliance. The idea is that customers will be able to extend GRC monitoring and assessment to their cloud providers, the CSA says.

Google, Microsoft, Savvis, and Verizon will submit information about their services and Intel and McAfee will file reports about security products.

CSA announced the keystone participants in its STAR program at CSA Congress 2011 in Orlando, Fla., this week.

CSA also announced it is extending its scrutiny to cloud-based security service providers -- businesses that offer security services from cloud platforms.

Customer concerns with security as a service include:

Systems might not be locked down properly

Personnel might not be vetted thoroughly

Data leakage among virtual machines within multi-tenant environments

Cloud-based security services might not meet compliance standards

"When deploying Security as a Service in a highly regulated industry or environment," says the CSA's latest Guidance for Critical Areas of Focus in Cloud Computing, "agreement on the metrics defining the service level required to achieve regulatory objectives should be negotiated in parallel with the SLA documents defining service."

These cloud-based security services are wide-ranging and include identity and access management, data loss protection, Web and email security, encryption and intrusion prevention, CSA says.

在不久的將來(lái)，云計(jì)算一定會(huì)徹底走入我們的生活，有興趣入行未來(lái)前沿產(chǎn)業(yè)的朋友，可以收藏云計(jì)算，及時(shí)獲取人工智能、大數(shù)據(jù)、云計(jì)算和物聯(lián)網(wǎng)的前沿資訊和基礎(chǔ)知識(shí)，讓我們一起攜手，引領(lǐng)人工智能的未來(lái)！

標(biāo)簽： Google 安全 大數(shù)據(jù) 谷歌 網(wǎng)絡(luò) 信息安全 云計(jì)算

版權(quán)申明：本站文章部分自網(wǎng)絡(luò)，如有侵權(quán)，請(qǐng)聯(lián)系：west999com@outlook.com
特別注意：本站所有轉(zhuǎn)載文章言論不代表本站觀點(diǎn)！
本站所提供的圖片等素材，版權(quán)歸原作者所有，如需使用，請(qǐng)與原作者聯(lián)系。