Szyfrowanie w chmurze korporacyjnej2015-10-19 12:00
AVET Information and Network Security opracował we współpracy z InfoSec Institute dokument o zaletach i wadach stosowania szyfrowania danych w kontekście cloud computingu. Wstęp jest dostępny poniżej, natomiast pełny artykuł dostępny jest na stronie http://resources.infosecinstitute.com/encryption-in-the-corporate-cloud/
In theory, a cloud-based solution should provide the customer with at least the same level of security as his current, traditional IT model does. In an ideal world, a cloud service provider should be offering an even higher security level, and one of the rationales for switching into the cloud should be the low cost of security controls from the customer perspective. The same set of security controls would be more expensive to implement and support on-site for the customer than what he gets from cloud service provider. No matter what security level is offered by the cloud service, it is important to understand that security is not a “thing” but a process and therefore has to be performed by both ends of cloud service, meaning that the end-user (further called the cloud service user) is still required to take the same actions in order for his data to be secure.