This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
接受
或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
发布评论
评论(4)
这取决于您想要存储什么类型的数据。
如果您谈论的是信用卡或财务信息,那么它不安全。 PCI 1 级合规性排除了使用云的任何可能性,因为要合规,您需要执行第三方现场审核,而大多数云提供商不允许这样做。这是亚马逊的立场它。对于任何其他需要合法合规的数据,您会发现很难将其托管在云上。
对于不需要法律合规性的其他类型的数据,这一切都归结为您的企业的风险偏好以及您正在处理的云供应商的类型。完全同意斯蒂芬的观点。
有关云安全的一般信息,您应该访问云安全联盟。他们拥有该领域最相关的信息。
It depends on what kind of data you want to store.
If you are speaking of credit card or financial information, then its NOT secure. PCI Level 1 compliance rules out any possibility of using the cloud, because to be compliant you need to perform third party on-site audits, and most cloud providers don't allow that. Here is Amazon's stand on it. For any other data that requires legal compliance, you will find it difficult to host it on the cloud.
For other kinds of data that doesn't need legal compliance, it all boils down to your enterprise's risk appetite and the kind of cloud vendor you are dealing with. Completely agree with Stephen on this.
For general information on cloud security, you should visit Cloud Security Alliance. They have the most relevant information in this field.
如果您非常担心安全性,也许您应该寻找云以外的其他地方,而是寻找值得信赖的提供商或运行自己的提供商。
If you're that worried about security, perhaps you should be looking elsewhere other than the cloud and instead at a trusted provider or running your own.
根据 CSA(云安全协会)的数据,75% 的云服务并不安全,从隐私和数据安全的角度来看,基本安全的方法或执行为零。
根据我自己的经验,SAAS 应用程序创建者仅在两种情况下考虑安全性: 1. 公司成熟且资金充足 2. 他们遭到黑客攻击。
企业应向每个供应商询问其相关领域的安全白皮书/认证,例如 PCI DSS、HIPAA、SOX 等...
According to the CSA (cloud security association) 75% of cloud services are not secure, from privacy and data security perspective there is zero methods or enforcement of basic security.
From my own self-experience, SAAS apps creators think about security only in two case: 1. The company is mature and funded 2.They got hacked.
Enterprise should ask each vendor about their security whitepaper/certifications in the relevant area like PCI DSS, HIPAA, SOX etc...
好问题。
我想,这可以归结为仔细检查云计算服务提供商的细则,了解他们对隐私的保证(以及这些保证是否有法律支持),然后做出权衡风险和收益的“商业决策”。
一般来说,开发人员不应该做出这些决定。
Good question.
I guess, it boils down to carefully examining the fine print of a cloud computing service provider, seeing what they guarantee about privacy (and whether those guarantees have legal backing) and then making a "business decision" that weighs the risks and benefits.
Generally speaking, developers should not be making these decisions.