谷歌、微软、英特尔以及Verizon成为云安全注册会员

2019-02-26    来源:多智时代

容器云强势上线!快速搭建集群,上万Linux镜像随意使用

云安全联盟志愿项目向外界报道参与者是否遵守了CSA所建议的云安全办法。

谷歌、Verizon、英特尔、McAfee、微软以及Savvis加入了一个由云安全联盟创立的志愿项目,此项目向外界报道参与者是否遵守了CSA所建议的云安全办法。

通过阅读中国软件联盟STAR(安全信任与保证注册处)提交的报告,参与的供应商的潜在客户会更乐意对产品和服务满足安全需求的情况作出评价。

为了激发其他参与者,CSA正在鼓励企业做出规定,规定任何与其合作的云供应商都应提交CSA STAR报告。

比如,eBay公司的首席信息安全官Dave Cullinane说:eBay正在规定与其共事的所有云供应商提交CSA STAR报告。他称,这些信息可以保证eBay的安全以及客户的隐私。类似的情况还有Sallie Mae,它将寻找云供应商通过 CSA STAR存档论证他们的安全性。

CSA STAR让参与者就“是否遵守了CSA 最优方法”作自我评估报告。注册处也将列举出哪些公司的GRC(公司管理、风险管理、合规审查)考虑到了CSA STAR 报告。CSA称,这样做的目的是让客户能够把GRC检测和评估延伸到云供应商。

谷歌、微软、Savvis和Verizon 将递交服务的信息,英特尔和McAfee将把安全产品的报告归档。

这周,于弗罗里达州奥兰多举行的2011CSA大会上,CSA宣布了STAR项目的主要成员。

CSA还声称,正在把周密的调查延伸到云安全服务供应商——就是那些从云平台提供安全服务的企业。

客户对安全即服务的担心包含以下几点:

可能无法完全锁住系统

可能无法全面对工作人员进行审查

多租户环境内虚拟计算机的数据泄露问题

云安全服务也许不符合法规标准

CSA最近在云计算大会上发表的“关键领域指南”中提到:“当在高管制的行业或环境中部署安全即服务时,用来限定管理目标要求的服务等级的计量协议要与SLA文档定义服务一同商榷。”

CSA说,这些云安全服务范围广泛,包括识别和访问管理、数据丢失保护、网络和邮件安全、加密和侵入防护。

A voluntary Cloud Security Alliance program provides public information about whether contributors comply with CSA-recommended cloud security practices

Google, Verizon, Intel, McAfee, Microsoft, and Savvis are joining a voluntary program set up by the Cloud Security Alliance that provides public information about whether contributors comply with CSA-recommended cloud-security practices.

By reading reports submitted to CSA's STAR (Security Trust and Assurance Registry), potential customers of participating providers can more readily assess whether products and services meet their security needs.

To encourage other participants, CSA is encouraging businesses to require that any cloud vendors they deal with to submit reports to CSA STAR.

For example, eBay is requiring the submissions from all cloud vendors it works with, says the company's CISO Dave Cullinane. He says the information will help eBay security and its customers' privacy. Similarly, Sallie Mae will look for cloud vendors to demonstrate their security via CSA STAR filings.

CSA STAR lets participants file self-assessment reports about whether they comply with CSA best practices. The registry will also list vendors whose GRC (governance, risk management, and compliance) wares take the CSA STAR reports into account when determining compliance. The idea is that customers will be able to extend GRC monitoring and assessment to their cloud providers, the CSA says.

Google, Microsoft, Savvis, and Verizon will submit information about their services and Intel and McAfee will file reports about security products.

CSA announced the keystone participants in its STAR program at CSA Congress 2011 in Orlando, Fla., this week.

CSA also announced it is extending its scrutiny to cloud-based security service providers -- businesses that offer security services from cloud platforms.

Customer concerns with security as a service include:

Systems might not be locked down properly

Personnel might not be vetted thoroughly

Data leakage among virtual machines within multi-tenant environments

Cloud-based security services might not meet compliance standards

"When deploying Security as a Service in a highly regulated industry or environment," says the CSA's latest Guidance for Critical Areas of Focus in Cloud Computing, "agreement on the metrics defining the service level required to achieve regulatory objectives should be negotiated in parallel with the SLA documents defining service."

These cloud-based security services are wide-ranging and include identity and access management, data loss protection, Web and email security, encryption and intrusion prevention, CSA says.

在不久的将来,云计算一定会彻底走入我们的生活,有兴趣入行未来前沿产业的朋友,可以收藏云计算,及时获取人工智能、大数据、云计算和物联网的前沿资讯和基础知识,让我们一起携手,引领人工智能的未来!

标签: Google 安全 大数据 谷歌 网络 信息安全 云计算

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点!
本站所提供的图片等素材,版权归原作者所有,如需使用,请与原作者联系。

上一篇:云计算需要注意的五大云风险

下一篇:云安全网站联盟仅仅是预警?