When cloud migration, our biggest concern is the data privacy issue. According to market statistics, the transfer to the cloud is expected to bring about 1 trillion US dollars of direct or indirect expenditure in the next five years, that is to say, for enterprises, that is A huge expense. The privacy of users is always the top issue for enterprises. When it comes to how to dispel these concerns of customers in order to expand their business, cloud service providers do face challenges.
Data privacy issues have reached an unprecedented level of attention in 2016, mainly due to several factors: Apple and the FBI have had a protracted debate around the encrypted iPhone, Europe introduced new regulations, and people have been worried The US National Security Agency and the government visit personal information disclosed by Edward Snowden.
JD Sherry, vice president of Optiv Security, a Denver-based solution provider, said: "There is no doubt that data privacy is the top concern when migrating to the cloud."
This obstacle is a key issue for many companies' revenues, as research firm Gartner claims that moving to the cloud is expected to generate $1 trillion in direct or indirect spending over the next five years. Similarly, research firm IDC predicts that by 2020, more than half of IT infrastructure spending will go to the cloud.
Allen Falcon, chief executive of Cumulus Global, a solution provider based in Westborough, Mass., says he always talks about security whenever he talks to customers about moving to the cloud. Or the topic of privacy, this topic is sometimes raised by the customer himself, sometimes by Cumulus Global.
If educated, customers' privacy and security concerns are easier to dispel, but "not fast enough," he said. Charles Radi is vice president and chief cloud architect for Cloud Technology Partners, a Boston-based cloud solutions provider, serving the enterprise market. According to him, the biggest corporate customers also have those concerns.
Ladi said: "We are dealing with almost every customer's [privacy] issue. This is a topic that can never be avoided." Rady said that Cloud Technology Partners' corporate customers especially in government visits, privacy regulations and security tools from There are many concerns about the internal environment moving to the cloud environment.
Vic Winkler, an independent security consultant and author of Cloud Security, said the concerns were mainly caused by confusion and confusion.
In an interview with CRN, Winkler said: "It is difficult to discuss these topics of cybersecurity in a well-thought-out perspective. The reason is that a lot of false information and different opinions are confusing. How to dispel customers? These concerns, in order to expand the business, cloud service providers do face challenges. If they want to expand their business, it is necessary to dispel these concerns."
But when it comes to data privacy in public clouds, how effective are these concerns? If you ask the major cloud service providers themselves, they say: The basis is not very sufficient.
Neal Suggs, vice president and deputy general counsel of Microsoft, said: "This is your data. This is not our data. Generally, we design systems and processes to ensure that data is treated as Your data, not our data. Microsoft's operations depend on trust."
Sags said that the cloud strategy developed by Microsoft is based on four pillars. Data usage, control and privacy together form a pillar. The other three pillars are security, compliance and transparency. Those pillars are not limited to the design company's systems, the processes in place, the encryption technology, the audit process, and the culture: “Respecting customer-generated content is the customer's content, and we have no right to use it without the customer's consent.â€
Jennifer Lin, director of product management for cloud security and networking at Google Cloud Platform, agrees with the view that security and data privacy are among the top three priorities that customers consider when moving to the cloud. Thus, she said, “Security and data privacy are increasingly becoming a big difference in Google's consideration of solutions.â€
Lin said: "User data is user data, we want to ensure that we protect the user's data. . . . We want to win the trust of customers, we want to show customers that we do not access customer data. I think we are facing This is very clear on the public's official website, and it also clarifies how we define cloud migration."
Amazon Web Services (AWS) did not arrange for an executive to receive an interview with this article.
Terms of Service: Agree or disagree?Marc Goodman, a global security consultant, futurist and author of The Crime of the Future, said privacy concerns are mainly in the privacy policy and the terms of service agreement between customers and cloud service providers. He said that the terms of service vary widely, depending on the provider; the terms of service for free and paid services are quite different.
The paid versions of cloud solutions from Google, Microsoft, Amazon Web Services, and other large companies tend to be "very clear": users own data, not cloud providers own data. He said that this is not the case with free cloud services, such as Google's Gmail and Google Drive.
Goodman said: "If you don't save money, you are not a customer, but a product. Companies of all sizes need to pay attention to the so-called free services and terms of service they use..." I have read and agreed The Terms of Service' is the biggest lie on the Internet."
For example, in Google’s Data Processing Amendment, the amendment outlines the policy of the company based in Mountain View, Calif., for data stored through Google Apps services, including Google For Work sold by solution providers. The solution, the company made it clear that customer data will not be used for any purpose outside of the customer's scope, including for advertising purposes.
Microsoft and Seattle-based Amazon Web Services (AWS) have similar provisions in their respective privacy policies and service terms agreements, and CRN reviewed their policies and agreements.
For example, this is in stark contrast to Google’s privacy policy for consumer Google accounts, which Google said in a privacy policy for a number of reasons, including improving services, developing new services, and providing users with “more accurate search results and advertising. ", it collects information about the use of the service, information about specific devices, and location information.
Does this mean that companies that use fee-based services have no public cloud privacy and security concerns? totally not.
While customers may have thoroughly reviewed cloud service providers, in reality, "some companies that use the cloud are familiar with the cloud, and some companies that use the cloud are not familiar with the cloud," Goodman said.
Goodman said that a prime example of this is that employees circumvent company-approved solutions and instead use often free personal cloud services that are easier to configure.
According to Gartner, by 2020, 95% of cloud security failures are ultimately attributed to customer errors. Many people cannot support the shared responsibility model of cloud security: the customer is responsible for ensuring data security, and the cloud service provider is responsible for ensuring infrastructure security.
Goodman said: "Your data may be stored in the cloud of employees, and you don't know... Even if you use Box or AWS - these excellent companies have standardized terms of service, now your employees use confidential The quarterly reports, customer leads, and intellectual property rights of products that will be placed on the market are stored at the cloud service provider; as your employees store this information, the provider is granted a variety of permissions and access rights."
This is a real problem for solution providers. For example, Cululus Global's Falken said he has seen countless examples of this, including company data loss, or later recognizing that he violated regulations. For example, a customer's employee uses a personal version of the file sharing service. Falken said that after the employee leaves the company, the customer cannot access the company data stored by the employee on the personal cloud account.
Another customer's employee uses the consumer version of Dropbox, and Dropbox has recently exposed data breaches. The employee will use the same password for their Dropbox account and work email. Falken said that the hacker then uses the password to log in to the corporate email account and send malware attached to the email to all of the employee's contacts.
In another example, an employee of a customer uses the same account as the family, and the personal file sharing service she uses is also shared with her family. As a result, the employee's child deleted various sensitive company documents. Falken said that these events are just a few of the many examples.
Falken said: "Our advice to our customers is that if you have enterprise-level services, don't use free services; they should not use consumer services, whether they are free or not."
As a solution provider, Falcon says his mission is to provide customers with the best information and advice to help them make decisions about data privacy. This includes assessing business needs, information access, policies, regulatory requirements, day-to-day monitoring and management, and more, he said.
According to Falken, most companies choose to follow Cumulus Global's advice on data privacy. However, he also encountered some customers using free consumer-grade services instead of buying enterprise-level services, preferring to take risks in data privacy. He said Cumulus Global is shunning customers who refuse to buy solutions that use reliable data privacy standards, especially if it involves regulatory issues.
Falken said: "This will bring responsibility. Our view is that your company's value is worthy of your purchase of enterprise-level tools."
Fight for personal informationThis year, the privacy debate between the public and private sectors is particularly prominent. First, Apple and the FBI launched a very publicized privacy of an encrypted iPhone used by terrorists who participated in the San Bernardino shooting last year. Contest. The FBI eventually cracked the iPhone, instead of continuing to seek legal means to force Apple to unlock the phone.
Recently, Microsoft won a major victory in June, the focus of the case is whether the government has access to customer emails stored in data centers outside the United States. In this case, Microsoft won a 3-0 ruling in the Second US Circuit Court of Appeals in Manhattan, and Microsoft questioned the search warrant for accessing e-mail stored on the company's server in Dublin, Ireland. This means that this will set a dangerous precedent for law enforcement agencies to access US e-mail stored abroad.
Shefley of OpTIv called the privacy ruling "a huge victory for the cloud computing industry", saying that government access to public cloud information is a "big challenge" and an obstacle for customers considering moving to the cloud. He said that this is especially true for global customers.
In particular, Microsoft has taken a tough stance on cloud privacy issues. In April of this year, the company filed a lawsuit against the US Department of Justice, arguing that the government has the right to inform customers when they want to access customer data.
Those problems are very real and significant, and Microsoft claims to have received 5,624 federal search warrants and 2,576 bans in the past 18 months.
In a recent Transparency Report, Google said that from July to December 2015, it received 12,523 data requests in the United States and produced data in 79% of cases.
Amazon said that from January to May 31, 2015, it received 813 subpoenas, 25 search warrants, 13 court orders, and 249 data requests from the National Security Agency.
Microsoft said in a lawsuit in April that it took a tough stance on this issue because the privacy issue caused by the government’s secret access to cloud data “destroyed public confidence in cloud privacy and weakened Microsoft’s commitment to transparency in front of customers. Rights." Microsoft's Sags said that the core of the problem is customer trust: Microsoft will still be the "housekeeper" of data, not the owner of the data. He said that Microsoft will continue to require the government to be transparent about accessing cloud customer data, because trust is the key to its business model, which is like trusting customers: their money is safe and can be taken out when needed.
Sags said: "We believe that the core of our mission is trust. If we can't win this trust, we can't expand our business. Trust is our focus."
The three major cloud service providers have specific provisions for government visits in their respective privacy policies, claiming that access is permitted only when necessary, and will try to inform customers of the access request as soon as possible, unless prohibited by law.
Ladi of Cloud Technology Partners said that the issue of covert subpoenas requiring access to public cloud data is "the most worrying" for corporate customers. He said that the client's legal department is working hard to write specific provisions into the cloud provider contract to protect itself from hidden voucher requests for access to data. He said that solution providers can help implement certain controls to prevent cloud service providers from accessing data. For example, Cloud Technology Partners recommends encrypting all cloud data and managing encryption keys locally rather than by cloud service providers.
Governments are also playing a more important role in regulating cloud data privacy. The European Union recently introduced the General Data Protection Regulations, which updated the standards on how to protect data and how to share data between countries. The regulations stipulate that companies must inform individuals why they collect their data and provide access to their data. This also prevents data from being permanently stored and requires a data protection officer for large amounts of data. Cloud service providers are also subject to these regulations, which came into force in May 2018.
Privacy challenges give partners opportunitiesDoug Cahill, a senior analyst at Enterprise Strategy Group (ESG) tracking and analyzing cloud security, said the chaos brought opportunities, especially when it comes to data privacy and regulatory issues. Many companies are increasingly aware that they have problems with data privacy but don't know how to start solving them. Cahill calls this factor a "cloud security ready gap."
“I think that many companies are well aware of the problems, which is why they are a great opportunity for channel partners. Partners who have the ability to help customers can help customers integrate security from the very beginning of the migration process to the cloud.â€
According to Ladi of Cloud Technology Partners, this is important because many companies have already expected to accelerate adoption of the cloud. He said that companies are beginning to migrate large amounts of customer data, confidential data and personally identifiable information data to the cloud. Solution providers have a responsibility to help them migrate smoothly while meeting security and privacy requirements.
Author Goodman said that providing user education and training is also an important role for partners. He said that this is especially important for turning attention and understanding into action.
He said: "People don't even know the questions to the outsourced IT staff, so people need to make up the knowledge in this area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . It is critical for all of your employees."
Sheri agreed with this view, saying that when the company's users expect to migrate to the cloud, solution providers such as OpTIv play the important role of “trustworthy consultants†through design, consulting, vendor cooperation and advanced cloud security functions. Side by side with customers."
Sheri said that it is very important to stand on the position of a trusted advisor. He expects that the development of cloud computing will usher in a "dramatic change" in the next six to 18 months. She said that many companies still lag behind in terms of security and data privacy.
Sheri said: "Ultimately, we are trying to encourage our customers to trust us and regard us as a reliable security consultant in the process of moving to the cloud."
3.2V105Ah Lithium Ion Battery,105Ah 3.2V Phosphate Battery Cell,3.2V105Ah Deep Cycle Solar Battery,3.2V 105Ah Lifepo4 Forklift Battery
Jiangsu Zhitai New Energy Technology Co.,Ltd , https://www.jszhitaienergy.com