下面為大家整理一篇優(yōu)秀的
essay代寫范文-The risks of cloud services,供大家參考學(xué)習(xí),這篇論文討論了云服務(wù)的風(fēng)險(xiǎn)。如今,云服務(wù)的主流地位已不可動(dòng)搖,并且每年都在接管更多的企業(yè)職能。以前云服務(wù)僅限于簡單的存儲(chǔ)或者聯(lián)系人管理,而現(xiàn)在像ERP這樣的核心功能已經(jīng)遷移到云中。隨著越來越多的基本服務(wù)不斷遷移到云中,我們必須關(guān)注當(dāng)今云環(huán)境中固有的風(fēng)險(xiǎn),并采取預(yù)防措施來緩解這些風(fēng)險(xiǎn)。
Essay代寫范文
Cloud services and their associated risks will only become more important over time.This article explains how to manage these risks without losing the benefits of the cloud.
隨著時(shí)間的推移,云服務(wù)及其相關(guān)風(fēng)險(xiǎn)將變得更加重要。本文將解釋如何在不損失云優(yōu)勢的情況下管理這些風(fēng)險(xiǎn)。
The dominant position of cloud services is already unshakable,and it is taking over more enterprise functions every year.Previously,cloud services were limited to simple storage or contact management,but now core functions like ERP have migrated to the cloud.As more basic services continue to migrate to the cloud,IT leaders must focus on the risks inherent in today's cloud environment and take precautions to mitigate them.
云服務(wù)的主導(dǎo)地位已經(jīng)不可動(dòng)搖,它每年都會(huì)接管更多的企業(yè)功能。以前,云服務(wù)只限于簡單的存儲(chǔ)或聯(lián)系人管理,但現(xiàn)在像ERP這樣的核心功能已經(jīng)遷移到云上。隨著更多的基礎(chǔ)服務(wù)繼續(xù)遷移。對(duì)于云,IT領(lǐng)導(dǎo)者必須關(guān)注當(dāng)今云環(huán)境中固有的風(fēng)險(xiǎn),并采取預(yù)防措施來減輕風(fēng)險(xiǎn)。
In banking,the ability to adapt to risk is often set to guide business decisions.Conservative risk resilience,for example,can lead Banks to reject lucrative but highly uncertain loans.The"knife-licking""type of risk adaptation could yield higher returns in the boom years.Banks could be hit hard by the next crisis.
在銀行業(yè),適應(yīng)風(fēng)險(xiǎn)的能力往往被設(shè)定為指導(dǎo)業(yè)務(wù)決策的能力。例如,保守的風(fēng)險(xiǎn)恢復(fù)能力可以導(dǎo)致銀行拒絕利潤豐厚但高度不確定的貸款。“舔刀子”式的風(fēng)險(xiǎn)適應(yīng)可以在繁榮時(shí)期產(chǎn)生更高的回報(bào)。銀行可能會(huì)受到下一次危機(jī)。
From an IT management perspective,an enterprise's risk adaptation will guide your due diligence,ongoing monitoring,and willingness to invest in risk reduction measures.For example,an enterprise can establish a hierarchical approach to mitigate risks and maximize the use of limited resources.The approach to reducing the risk of"level 1"cloud service failure is achieved through staffing,periodic testing,and the adoption of top level vendor support.
從IT管理的角度來看,企業(yè)的風(fēng)險(xiǎn)適應(yīng)將指導(dǎo)您的盡職調(diào)查、持續(xù)監(jiān)控和投資于風(fēng)險(xiǎn)降低措施的意愿。例如,企業(yè)可以建立一種分級(jí)方法來降低風(fēng)險(xiǎn)并最大限度地利用有限的資源。通過人員配備、定期測試和采用頂級(jí)供應(yīng)商支持來降低“1級(jí)”云服務(wù)失敗的風(fēng)險(xiǎn)。
Cloud providers like to emphasize ease of use and flexibility.Once an enterprise experiences the ease of use of the cloud,it is rarely willing to go back in time and maintain its old infrastructure.But a lackadaisical attitude to cloud services can put employees at risk because of their stupidity.
云提供商喜歡強(qiáng)調(diào)易用性和靈活性。一旦一個(gè)企業(yè)體驗(yàn)到云的易用性,它就很少愿意回到過去并維護(hù)其舊的基礎(chǔ)設(shè)施。但是,對(duì)云服務(wù)的懶散態(tài)度會(huì)使員工因愚蠢而面臨風(fēng)險(xiǎn)。
John Hodges,vice President of product strategy at AvePoint,commented:"the point is that cloud services often encourage'casual use'of data;I can collect,search and store anything anywhere.We often see this in systems like Box,DropBox,and OneDrive,where there is a real danger of mixed use in terms of content storage and sharing."However,simply and crudely prohibiting the use of mixtures can also cause problems.
Banning high-risk cloud services would help,but it doesn't eliminate the problem entirely.Hodges explains:"for accounts provided by enterprises,such as the Slack channel or Microsoft Teams,and other systems,users always take the most convenient route of data sharing.But this behavior may not be consistent with records retention policies or restrictions on data sharing."If your company is subject to litigation or a similar investigation,inconsistent application of record-keeping policies can be a headache for businesses.
Zero trust is an IT security policy that requires every user,system,or device within and outside the perimeter to be validated and certified before being connected to its system.How can you use the zero-trust model to reduce cloud risk?Insurity is an enterprise specializing in property and casualty insurance services and software,for which a zero-trust approach means very strict access restrictions.
Jonathan Victor,chief information officer at Insurity,said:"we provide minimal and privileged logical access to a very small number of users that meets the requirements of working functionality.This control is audited internally by our corporate security department and is part of our annual SOC external audit."
Periodically check the user access level and see if this is reasonable.Does the enterprise need dozens of users with administrative access rights?Every super user adds additional risk.
Spend some time researching industry news about cloud-related failures that will help reduce cloud risk.In today's enterprise,the complexity and evolving nature of cloud applications means there is always something to be learned from blockbuster events.
Rich Petersen,co-founder and President of JetStream software,commented:""we're focused on the loss of data,so we've learned important lessons from a few events.For example,in August 2017 Meraki lost data in which the local system failed to back up the data to the cloud service as designed."
Cisco has also acknowledged that cloud configuration errors have led to data loss and reduced productivity.As Register reports,"the incident caused cisco a great deal of trouble because Meraki sold cloud services based on its support,which avoided the amount of tedious work required to run networks and voice systems.Meraki has made such a big mistake-and it seems the lack of data protection tools to recover from this contingency is a big stain on its reputation."
Automation,virtual assistants and data processing not only help businesses sell more products,but also manage their cloud services.For Barracuda networks,the range of manual security jobs has shrunk dramatically since the cloud began to automate processes.
Greg Arnette,director of data protection platform strategy at Barracuda networks,said:"we have abandoned manual security checks and moved to automated scans,as the growing and ongoing threat forces us to be constantly vigilant to ensure system integrity,data protection and compliance control requirements."
However,when it comes to reducing cloud risk,moving to automation has significant limitations.After all,it's impossible to automatically assess the risk to cloud providers.But if you use more automated tools to detect problems in the cloud and standardize the configuration,employees can spend more time focusing on complex issues,such as cultivating and managing relationships with cloud providers.
Whether you have the right to audit cloud providers is a hot issue.If your company's contracts and agreements lack this clause,you will feel tied down in the event of an accident.Big cloud providers,on the other hand,are putting these requirements back on the enterprise.
Ted Rogers,head of executive advisory operations for the UpperEdge project,said:"with regard to auditing,there are a number of cloud providers that are in turn putting pressure on companies not to have the authority to audit their data centers and their processes,procedures and security measures.Why?Because they don't want a third party to show up and audit.Instead,suppliers say they are compliant,or they say they don't have to worry because if they don't,they will get into trouble for other reasons of the contract,such as leaks.
One solution is to critically evaluate the auditing methods developed by cloud providers.Rogers recommends the following alternatives:"access the cloud provider's audit documentation.Specifically,see if they've made an update based on facebook's difficulties with data privacy.Some cloud providers say they are just data processors.They claim they don't touch the data and they don't leak it."This raises the question:how do you know if providers are keeping their promises?
There are ways to mitigate this risk,even if cloud providers are reluctant to give their audit rights to the enterprise.You can ask for more comprehensive reports and emphasize the need to provide key risk indicators.You can also ask the company's internal audit department to give an opinion when discussing the contract.
Finally,hacking and security aren't the only risks to consider.There is also the risk of falling behind.
Tony Buffomante,us regional head of cybersecurity services at KPMG,commented:"for some of our less mature clients,the key business risk is not actively pursuing cloud transformation and services.Cloud is not only a new technology,it has also changed the business and operating model of many industries.It's about transforming the business to be more flexible and competitive."
Moreover,few businesses have the budget or the willingness to build data centers,develop all their own software,and build local infrastructure.In fact,companies with weaker IT capabilities will benefit from the risk management capabilities of large cloud providers.