برای حفاظت از برنامه ها و داده های ابری به چه چیزی نیاز دارید ؟
در این یادداشت به 6 مورد که برای امنیت برنامه ها و داده های ابری " کلود " مورد نیاز است اشاره میکنیم .
2- کشف و مشاهده برنامه های ابری و داده ها ( توسط کارمندان در خانه و محل کار و تلفن همراه )
4- نظارت و تنظیمات امنیتی
5- پیشگیری از دست رفتن اطلاعات ( Data Loss Prevention )
6- آنتی ویروس و حفاظت در برابر تهدیدات ( Anti-Malware & Threat Protection )
دیسنا : پایگاه اطلاع رسانی امنیت اطلاعات ایران
Here are the 6 factors to consider when looking for a cloud apps security solution
If you are governed by security regulations, you must now expand your compliance level vulnerability scans, threat assessments, security controls, monitoring and management to your extended cloud based apps and data. This process starts with a Cloud Risk Assessment as part of a full security risk assessment.
2. Discovery and visibility of cloud apps and data storage (by internal and external employees at the office, home, or mobile)
Visibility & control of cloud apps must extend across all apps, including native clients on laptops, tablets, and smartphones, and whether users are on-premises or remote.
Ongoing inventory of apps being used – you need to know what apps are being used and what new apps were just added.
Who is using the apps? Are these users authorized to use these apps? Do they present an unrecognized threat?
How are they being used? Are users viewing or uploading company data to the cloud? Is this allowed? It is common for employees to share files via cloud apps like DropBox. But little do they know that these apps, if not properly secured, can leak out confidential data.
What data is being accessed? By classifying data, you can recognize when key sensitive data is being accessed and prevent data from being moved to the cloud unless it is secure and authorized.
Managing the security risk of cloud-based apps requires control of user access, app usage, and the data security itself. Areas of control need to include:
Which users can access specific types of data
The level of security used for user access to apps. Use of 2-factor authentication can be used to increase and enforce access control. Single sign-on can be used to increase security and make user access to apps easier.
Which apps can be used
How apps can be used
Ability to encrypt key data transparently to users
4. Monitoring and adjusting security
Visibility tools must provide for ongoing monitoring in real-time and the ability to adjust controls to match changes, threats and violations.
5. Data loss prevention
Protecting key data means identifying and protecting sensitive data in as accurate and efficient manner as possible, across a multitude of both sanctioned and unsanctioned apps. You also might need support for critical workflows like quarantine and legal hold.
6. Anti-malware & threat protection
Many of the sanctioned apps within companies are laced with malware. And worse, sanctioned apps represent less than 5% of the apps being used by companies today.
Cloud sync and share programs can easily spread malware.
Cloud app usage demands the ability to detect and remediate malware such as viruses, APT, spyware, worms, ransomware, and more in sanctioned apps, en route to and from any app.