下面为大家整理一篇优秀的essay代写范文- The risks of cloud services,供大家参考学习,这篇论文讨论了云服务的风险。如今,云服务的主流地位已不可动摇,并且每年都在接管更多的企业职能。以前云服务仅限于简单的存储或者联系人管理,而现在像ERP这样的核心功能已经迁移到云中。随着越来越多的基本服务不断迁移到云中,我们必须关注当今云环境中固有的风险,并采取预防措施来缓解这些风险。
Cloud services and their associated risks will only become more important over time. This article explains how to manage these risks without losing the benefits of the cloud.
The dominant position of cloud services is already unshakable, and it is taking over more enterprise functions every year. Previously, cloud services were limited to simple storage or contact management, but now core functions like ERP have migrated to the cloud. As more basic services continue to migrate to the cloud, IT leaders must focus on the risks inherent in today's cloud environment and take precautions to mitigate them.
In banking, the ability to adapt to risk is often set to guide business decisions. Conservative risk resilience, for example, can lead Banks to reject lucrative but highly uncertain loans. The "knife-licking" "type of risk adaptation could yield higher returns in the boom years. Banks could be hit hard by the next crisis.
From an IT management perspective, an enterprise's risk adaptation will guide your due diligence, ongoing monitoring, and willingness to invest in risk reduction measures. For example, an enterprise can establish a hierarchical approach to mitigate risks and maximize the use of limited resources. The approach to reducing the risk of "level 1" cloud service failure is achieved through staffing, periodic testing, and the adoption of top level vendor support.
Cloud providers like to emphasize ease of use and flexibility. Once an enterprise experiences the ease of use of the cloud, it is rarely willing to go back in time and maintain its old infrastructure. But a lackadaisical attitude to cloud services can put employees at risk because of their stupidity.
John Hodges, vice President of product strategy at AvePoint, commented: "the point is that cloud services often encourage 'casual use' of data; I can collect, search and store anything anywhere. We often see this in systems like Box, DropBox, and OneDrive, where there is a real danger of mixed use in terms of content storage and sharing." However, simply and crudely prohibiting the use of mixtures can also cause problems.
Banning high-risk cloud services would help, but it doesn't eliminate the problem entirely. Hodges explains: "for accounts provided by enterprises, such as the Slack channel or Microsoft Teams, and other systems, users always take the most convenient route of data sharing. But this behavior may not be consistent with records retention policies or restrictions on data sharing." If your company is subject to litigation or a similar investigation, inconsistent application of record-keeping policies can be a headache for businesses.
Zero trust is an IT security policy that requires every user, system, or device within and outside the perimeter to be validated and certified before being connected to its system. How can you use the zero-trust model to reduce cloud risk? Insurity is an enterprise specializing in property and casualty insurance services and software, for which a zero-trust approach means very strict access restrictions.
Jonathan Victor, chief information officer at Insurity, said: "we provide minimal and privileged logical access to a very small number of users that meets the requirements of working functionality. This control is audited internally by our corporate security department and is part of our annual SOC external audit."
Periodically check the user access level and see if this is reasonable. Does the enterprise need dozens of users with administrative access rights? Every super user adds additional risk.
Spend some time researching industry news about cloud-related failures that will help reduce cloud risk. In today's enterprise, the complexity and evolving nature of cloud applications means there is always something to be learned from blockbuster events.
Rich Petersen, co-founder and President of JetStream software, commented: "" we're focused on the loss of data, so we've learned important lessons from a few events. For example, in August 2017 Meraki lost data in which the local system failed to back up the data to the cloud service as designed."
Cisco has also acknowledged that cloud configuration errors have led to data loss and reduced productivity. As Register reports, "the incident caused cisco a great deal of trouble because Meraki sold cloud services based on its support, which avoided the amount of tedious work required to run networks and voice systems. Meraki has made such a big mistake - and it seems the lack of data protection tools to recover from this contingency is a big stain on its reputation."
Automation, virtual assistants and data processing not only help businesses sell more products, but also manage their cloud services. For Barracuda networks, the range of manual security jobs has shrunk dramatically since the cloud began to automate processes.
Greg Arnette, director of data protection platform strategy at Barracuda networks, said: "we have abandoned manual security checks and moved to automated scans, as the growing and ongoing threat forces us to be constantly vigilant to ensure system integrity, data protection and compliance control requirements."
However, when it comes to reducing cloud risk, moving to automation has significant limitations. After all, it's impossible to automatically assess the risk to cloud providers. But if you use more automated tools to detect problems in the cloud and standardize the configuration, employees can spend more time focusing on complex issues, such as cultivating and managing relationships with cloud providers.
Whether you have the right to audit cloud providers is a hot issue. If your company's contracts and agreements lack this clause, you will feel tied down in the event of an accident. Big cloud providers, on the other hand, are putting these requirements back on the enterprise.
Ted Rogers, head of executive advisory operations for the UpperEdge project, said: "with regard to auditing, there are a number of cloud providers that are in turn putting pressure on companies not to have the authority to audit their data centers and their processes, procedures and security measures. Why? Because they don't want a third party to show up and audit. Instead, suppliers say they are compliant, or they say they don't have to worry because if they don't, they will get into trouble for other reasons of the contract, such as leaks.
One solution is to critically evaluate the auditing methods developed by cloud providers. Rogers recommends the following alternatives: "access the cloud provider's audit documentation. Specifically, see if they've made an update based on facebook's difficulties with data privacy. Some cloud providers say they are just data processors. They claim they don't touch the data and they don't leak it." This raises the question: how do you know if providers are keeping their promises?
There are ways to mitigate this risk, even if cloud providers are reluctant to give their audit rights to the enterprise. You can ask for more comprehensive reports and emphasize the need to provide key risk indicators. You can also ask the company's internal audit department to give an opinion when discussing the contract.
Finally, hacking and security aren't the only risks to consider. There is also the risk of falling behind.
Tony Buffomante, us regional head of cybersecurity services at KPMG, commented: "for some of our less mature clients, the key business risk is not actively pursuing cloud transformation and services. Cloud is not only a new technology, it has also changed the business and operating model of many industries. It's about transforming the business to be more flexible and competitive."
Moreover, few businesses have the budget or the willingness to build data centers, develop all their own software, and build local infrastructure. In fact, companies with weaker IT capabilities will benefit from the risk management capabilities of large cloud providers.
51due留学教育原创版权郑重声明:原创essay代写范文源自编辑创作,未经官方许可,网站谢绝转载。对于侵权行为,未经同意的情况下,51Due有权追究法律责任。主要业务有essay代写、assignment代写、paper代写、作业代写服务。
51due为留学生提供最好的essay代写服务,亲们可以进入主页了解和获取更多essay代写范文 提供代写服务,详情可以咨询我们的客服QQ:800020041。
Cloud services and their associated risks will only become more important over time. This article explains how to manage these risks without losing the benefits of the cloud.
The dominant position of cloud services is already unshakable, and it is taking over more enterprise functions every year. Previously, cloud services were limited to simple storage or contact management, but now core functions like ERP have migrated to the cloud. As more basic services continue to migrate to the cloud, IT leaders must focus on the risks inherent in today's cloud environment and take precautions to mitigate them.
In banking, the ability to adapt to risk is often set to guide business decisions. Conservative risk resilience, for example, can lead Banks to reject lucrative but highly uncertain loans. The "knife-licking" "type of risk adaptation could yield higher returns in the boom years. Banks could be hit hard by the next crisis.
From an IT management perspective, an enterprise's risk adaptation will guide your due diligence, ongoing monitoring, and willingness to invest in risk reduction measures. For example, an enterprise can establish a hierarchical approach to mitigate risks and maximize the use of limited resources. The approach to reducing the risk of "level 1" cloud service failure is achieved through staffing, periodic testing, and the adoption of top level vendor support.
Cloud providers like to emphasize ease of use and flexibility. Once an enterprise experiences the ease of use of the cloud, it is rarely willing to go back in time and maintain its old infrastructure. But a lackadaisical attitude to cloud services can put employees at risk because of their stupidity.
John Hodges, vice President of product strategy at AvePoint, commented: "the point is that cloud services often encourage 'casual use' of data; I can collect, search and store anything anywhere. We often see this in systems like Box, DropBox, and OneDrive, where there is a real danger of mixed use in terms of content storage and sharing." However, simply and crudely prohibiting the use of mixtures can also cause problems.
Banning high-risk cloud services would help, but it doesn't eliminate the problem entirely. Hodges explains: "for accounts provided by enterprises, such as the Slack channel or Microsoft Teams, and other systems, users always take the most convenient route of data sharing. But this behavior may not be consistent with records retention policies or restrictions on data sharing." If your company is subject to litigation or a similar investigation, inconsistent application of record-keeping policies can be a headache for businesses.
Zero trust is an IT security policy that requires every user, system, or device within and outside the perimeter to be validated and certified before being connected to its system. How can you use the zero-trust model to reduce cloud risk? Insurity is an enterprise specializing in property and casualty insurance services and software, for which a zero-trust approach means very strict access restrictions.
Jonathan Victor, chief information officer at Insurity, said: "we provide minimal and privileged logical access to a very small number of users that meets the requirements of working functionality. This control is audited internally by our corporate security department and is part of our annual SOC external audit."
Periodically check the user access level and see if this is reasonable. Does the enterprise need dozens of users with administrative access rights? Every super user adds additional risk.
Spend some time researching industry news about cloud-related failures that will help reduce cloud risk. In today's enterprise, the complexity and evolving nature of cloud applications means there is always something to be learned from blockbuster events.
Rich Petersen, co-founder and President of JetStream software, commented: "" we're focused on the loss of data, so we've learned important lessons from a few events. For example, in August 2017 Meraki lost data in which the local system failed to back up the data to the cloud service as designed."
Cisco has also acknowledged that cloud configuration errors have led to data loss and reduced productivity. As Register reports, "the incident caused cisco a great deal of trouble because Meraki sold cloud services based on its support, which avoided the amount of tedious work required to run networks and voice systems. Meraki has made such a big mistake - and it seems the lack of data protection tools to recover from this contingency is a big stain on its reputation."
Automation, virtual assistants and data processing not only help businesses sell more products, but also manage their cloud services. For Barracuda networks, the range of manual security jobs has shrunk dramatically since the cloud began to automate processes.
Greg Arnette, director of data protection platform strategy at Barracuda networks, said: "we have abandoned manual security checks and moved to automated scans, as the growing and ongoing threat forces us to be constantly vigilant to ensure system integrity, data protection and compliance control requirements."
However, when it comes to reducing cloud risk, moving to automation has significant limitations. After all, it's impossible to automatically assess the risk to cloud providers. But if you use more automated tools to detect problems in the cloud and standardize the configuration, employees can spend more time focusing on complex issues, such as cultivating and managing relationships with cloud providers.
Whether you have the right to audit cloud providers is a hot issue. If your company's contracts and agreements lack this clause, you will feel tied down in the event of an accident. Big cloud providers, on the other hand, are putting these requirements back on the enterprise.
Ted Rogers, head of executive advisory operations for the UpperEdge project, said: "with regard to auditing, there are a number of cloud providers that are in turn putting pressure on companies not to have the authority to audit their data centers and their processes, procedures and security measures. Why? Because they don't want a third party to show up and audit. Instead, suppliers say they are compliant, or they say they don't have to worry because if they don't, they will get into trouble for other reasons of the contract, such as leaks.
One solution is to critically evaluate the auditing methods developed by cloud providers. Rogers recommends the following alternatives: "access the cloud provider's audit documentation. Specifically, see if they've made an update based on facebook's difficulties with data privacy. Some cloud providers say they are just data processors. They claim they don't touch the data and they don't leak it." This raises the question: how do you know if providers are keeping their promises?
There are ways to mitigate this risk, even if cloud providers are reluctant to give their audit rights to the enterprise. You can ask for more comprehensive reports and emphasize the need to provide key risk indicators. You can also ask the company's internal audit department to give an opinion when discussing the contract.
Finally, hacking and security aren't the only risks to consider. There is also the risk of falling behind.
Tony Buffomante, us regional head of cybersecurity services at KPMG, commented: "for some of our less mature clients, the key business risk is not actively pursuing cloud transformation and services. Cloud is not only a new technology, it has also changed the business and operating model of many industries. It's about transforming the business to be more flexible and competitive."
Moreover, few businesses have the budget or the willingness to build data centers, develop all their own software, and build local infrastructure. In fact, companies with weaker IT capabilities will benefit from the risk management capabilities of large cloud providers.
51due留学教育原创版权郑重声明:原创essay代写范文源自编辑创作,未经官方许可,网站谢绝转载。对于侵权行为,未经同意的情况下,51Due有权追究法律责任。主要业务有essay代写、assignment代写、paper代写、作业代写服务。
51due为留学生提供最好的essay代写服务,亲们可以进入主页了解和获取更多essay代写范文 提供代写服务,详情可以咨询我们的客服QQ:800020041。
※コメント投稿者のブログIDはブログ作成者のみに通知されます