Services cloud computing or cloud computing, including newly introduced in Indonesia, it is necessary to educate the local users, including anticipation of concerns about data security and privacy issues.
National Technology Officer of PT Microsoft Indonesia, Tony Seno Hartono, explained that the factor of security and privacy become two of the four most important issues surrounding the implementation of Cloud Computing in Indonesia, in addition to the limitations of internet access problems and the existence of the data itself.
"Worse knowledge of people about security on the Internet haunts the adoption of Cloud Computing. In addition, people feel more secure storing data on your own computer rather than in the cloud. In reality, the data in the cloud can be much more secure than data stored on the computer itself, "he explained, as reported through official statement on Wednesday (26/10/2011).
The data certainly is safer because there are rules which require that every cloud computing service providers to adhere to related regulations and rules. For example, ISO 27 002 which is standard on information security best practices that can also be used to assess the level of security in a Cloud Computing service provider.
In addition to concerns over the safety factor, privacy is also an issue of concern to Microsoft. "The era of social media is changing the habits of people in dealing with privacy. Privacy is very important in Cloud Computing, the desired level of privacy because everyone is different. With data privacy capabilities, then each person can determine who is entitled to access or modify any information based on digital identification, "he explained.
The main advantage of cloud computing is that we can rent computing capacity according to need. There is no need for us to buy and install a computer / server itself.
"Cloud computing is not the solution to all IT problems, but it is one component of a complete IT solution, which usually is a combination of cloud services coupled with the applications installed on the server's own," explains Tony Seno.
Cloud computing is not new technology, but it is a natural stage in the evolution of computing through several eras. Cloud computing is the embodiment of the democratization of technology, where technology is now affordable for anyone, because cloud computing services are available ranging from free to paid.
"If we subscribe to cloud computing is like we subscribe to clean water from PAM (Water Company), where we do not have to dig their own wells, a water pump and treat yourself, and pay for electricity. We simply take water in accordance with the needs and pay monthly dues to the PAM, "he explained.
Security and Privacy Aspects of Cloud ComputingBefore a company / organization benefit from cloud computing, there are several aspects relating to Security and Privacy below that must be considered:
1. Risk Management and Compliance, organizations are starting to adopt the cloud still be responsible for aspects of security management, risk, and compliance with the rules applicable in the related industry. Risk and compliance management requires a strong internal team and the transparency of the process of cloud service providers.
Recommendation: cloud service providers have to use some or best practice frameworks such as MOF, or ITIL, and have certifications such as ISO / IEC 27001:2005, and publish the audit report to the SAS 70 Type II. In addition, according to provisions of a state, may also have to adhere to the PCI or FISMA.
2. Access Management and Identity, the identity can be obtained through some cloud service providers, and must be interoperable between different organizations, different cloud providers, and based on strong process.Recommendation: Authentication is recommended to use several factors at once, such as biometrics, one time password tokens (such as token BCA), ID card with a chip, and a password.
3. Integrity Service, cloud-based services must be built with a foundation of strong security, and operational processes must also be integrated with security management in the organization. The cloud service provider must follow the process that can be proven, well-defined, and clearly in integrating security and privacy in services ranging from the earliest point, at any point in the cycle, until the final. Besides security management and auditing must be aligned between cloud providers and customers.
Recommendation: Use such certification EAL4 + (for security evaluation), SDL (for application development), ISO / IEC 18 044 (for incident response).
4. Client Integrity, cloud services are used on the client side should pay attention to aspects of security, compliance, and integrity on the client side. Integrity client can be improved by using a combination of best practices.
Recommendation: Strengthen the desktop system, make sure the health of desktop systems, apply the appropriate IT policy, identity federation, Network Access Protection and so on.
5. Information protection, cloud services require a reliable process to protect the information before, during, and after the transaction. Take advantage of data classification to improve the control of the data is ready to be released into the clouds.
Recommendation: Use encryption technology and information rights management (IRM) prior to data released to the cloud.
National Technology Officer of PT Microsoft Indonesia, Tony Seno Hartono, explained that the factor of security and privacy become two of the four most important issues surrounding the implementation of Cloud Computing in Indonesia, in addition to the limitations of internet access problems and the existence of the data itself.
"Worse knowledge of people about security on the Internet haunts the adoption of Cloud Computing. In addition, people feel more secure storing data on your own computer rather than in the cloud. In reality, the data in the cloud can be much more secure than data stored on the computer itself, "he explained, as reported through official statement on Wednesday (26/10/2011).
The data certainly is safer because there are rules which require that every cloud computing service providers to adhere to related regulations and rules. For example, ISO 27 002 which is standard on information security best practices that can also be used to assess the level of security in a Cloud Computing service provider.
In addition to concerns over the safety factor, privacy is also an issue of concern to Microsoft. "The era of social media is changing the habits of people in dealing with privacy. Privacy is very important in Cloud Computing, the desired level of privacy because everyone is different. With data privacy capabilities, then each person can determine who is entitled to access or modify any information based on digital identification, "he explained.
The main advantage of cloud computing is that we can rent computing capacity according to need. There is no need for us to buy and install a computer / server itself.
"Cloud computing is not the solution to all IT problems, but it is one component of a complete IT solution, which usually is a combination of cloud services coupled with the applications installed on the server's own," explains Tony Seno.
Cloud computing is not new technology, but it is a natural stage in the evolution of computing through several eras. Cloud computing is the embodiment of the democratization of technology, where technology is now affordable for anyone, because cloud computing services are available ranging from free to paid.
"If we subscribe to cloud computing is like we subscribe to clean water from PAM (Water Company), where we do not have to dig their own wells, a water pump and treat yourself, and pay for electricity. We simply take water in accordance with the needs and pay monthly dues to the PAM, "he explained.
Security and Privacy Aspects of Cloud ComputingBefore a company / organization benefit from cloud computing, there are several aspects relating to Security and Privacy below that must be considered:
1. Risk Management and Compliance, organizations are starting to adopt the cloud still be responsible for aspects of security management, risk, and compliance with the rules applicable in the related industry. Risk and compliance management requires a strong internal team and the transparency of the process of cloud service providers.
Recommendation: cloud service providers have to use some or best practice frameworks such as MOF, or ITIL, and have certifications such as ISO / IEC 27001:2005, and publish the audit report to the SAS 70 Type II. In addition, according to provisions of a state, may also have to adhere to the PCI or FISMA.
2. Access Management and Identity, the identity can be obtained through some cloud service providers, and must be interoperable between different organizations, different cloud providers, and based on strong process.Recommendation: Authentication is recommended to use several factors at once, such as biometrics, one time password tokens (such as token BCA), ID card with a chip, and a password.
3. Integrity Service, cloud-based services must be built with a foundation of strong security, and operational processes must also be integrated with security management in the organization. The cloud service provider must follow the process that can be proven, well-defined, and clearly in integrating security and privacy in services ranging from the earliest point, at any point in the cycle, until the final. Besides security management and auditing must be aligned between cloud providers and customers.
Recommendation: Use such certification EAL4 + (for security evaluation), SDL (for application development), ISO / IEC 18 044 (for incident response).
4. Client Integrity, cloud services are used on the client side should pay attention to aspects of security, compliance, and integrity on the client side. Integrity client can be improved by using a combination of best practices.
Recommendation: Strengthen the desktop system, make sure the health of desktop systems, apply the appropriate IT policy, identity federation, Network Access Protection and so on.
5. Information protection, cloud services require a reliable process to protect the information before, during, and after the transaction. Take advantage of data classification to improve the control of the data is ready to be released into the clouds.
Recommendation: Use encryption technology and information rights management (IRM) prior to data released to the cloud.
0 comments:
Posting Komentar