Security Guidelines for Cloud Computing Services

Enterprise 2023-07-11 20:04:07 views: null

statement

This article is to study GB-T 31167-2014 Information Security Technology Cloud Computing Service Security Guide. Download the study notes organized by the address, and share them in the hope that more people will benefit. If there is any infringement, please contact us in time

Cloud Computing Service Safely Out of Service

9.1 Opt-out requirements

Contract expiration or other reasons may cause customers to withdraw from cloud computing services, or migrate data and business systems to other cloud computing platforms. Exiting cloud computing services is a complicated process, and customers need to pay attention to the following links:

  1. When signing the contract, agree on the exit conditions in advance, as well as the responsibilities and obligations of the customer and the cloud service provider when exiting, and negotiate with the cloud service provider on the interface and plan for migrating data and business systems out of the cloud computing platform;
  2. In the process of exiting the service, the cloud service provider should be required to return the customer data in full;
  3. In the process of migrating data and business systems back to the customer's data center or other cloud computing platforms, the availability and continuity requirements of the business should be met, such as taking measures such as running the original business system and the newly deployed business system in parallel for a period of time;
  4. Timely revoke the cloud service provider's physical and electronic access rights to customer resources;
  5. Remind cloud service providers of their responsibilities and obligations after customers withdraw from cloud computing services, such as confidentiality requirements, etc.;
  6. After exiting the cloud computing service, it is necessary to ensure that the cloud service provider retains the data or completely clears the data as required;
  7. If you need to change the cloud service provider, you should first follow the requirements for selecting a cloud service provider, perform various activities in the cloud service provider selection stage, determine a new cloud service provider and sign a contract. After completing the migration of cloud computing services, exit the original cloud computing services.

9.2 Determining the scope of data transfer

The data migrated from the cloud computing platform includes not only the data and materials handed over by the customer to the cloud service provider, but also the data and related documents generated and collected during the operation of the customer's business system on the cloud computing platform, such as data files and programs. Codes, manuals, technical data, running logs, etc. A detailed handover checklist should be drawn up, including:

  1. data file. Each data file should be marked: file name, description of data file content, storage format, file size, check value, type (sensitive or public), etc. Cloud service providers should be required to provide decryption methods and keys to realize the transfer of encrypted files; provide technical materials or conversion tools to realize the transfer of non-universal format files;
  2. code. For the functions or business systems customized by customers, it is specified in the contract or other agreements whether to hand over executable programs, source codes and technical materials, which may involve: executable programs, source codes, function descriptions, design documents, development and operation Environmental description, maintenance manual, user manual, etc.;
  3. other data. According to prior agreement and negotiation between the two parties, determine other data that should be handed over, including relevant data collected and counted during the operation of the customer's business, such as statistics on customer behavior habits of cloud computing services, network traffic characteristics, etc.;
  4. Documentation. Various documents and materials provided by the customer to the cloud service provider during the use of cloud computing services, and related materials related to the customer jointly completed by both parties.

9.3 Verifying Data Integrity

The customer should verify the integrity of the data returned by the cloud service provider. To obtain the data completely, the customer should take the following measures:

  1. Require cloud service providers to return customer data in full according to the handover data list, paying special attention to historical data and archived data;
  2. Supervise the process of the cloud service provider returning customer data, and verify the validity of the returned data. Decrypt and verify encrypted data; use tools to restore proprietary format data and verify;
  3. The validity and integrity of data can be verified through business systems, such as deploying data and business systems on a new platform to run verification.

9.4 Safely delete data

After customers withdraw from cloud computing services, they should still require cloud service providers to safely handle customer data and assume relevant responsibilities and obligations. Customers should take the following steps:

  1. After quitting the service, the cloud service provider is required to safely store customer data for a period of time according to the contract requirements;
  2. Require the cloud service provider to delete customer data and all backups through written authorization;
  3. Cloud service providers are required to safely dispose of storage media storing customer data, involving the following aspects:
  4. Media cleaning1 should be carried out before reuse , and non-cleanable media should be physically destroyed;
  5. Require cloud service providers to record the media cleanup process and supervise the process;
  6. Media storing sensitive information cannot be used to store public information after cleaning.

further reading

For more content, please click to download GB-T 31167-2014 Information Security Technology Cloud Computing Service Security Guide. Further study

Links

Qi Anxin Data Security Risk Research Report of Chinese Government and Enterprise Organizations.pdf

  1. Media Sanitization: Refers to the process of deleting data on media without destroying the media. ↩︎

Guess you like

Origin blog.csdn.net/maoguan121/article/details/128519817
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com