2010/09/04

Cloud computing could help improve security, says Microsoft 微軟稱雲端運算有助提升安全

 ◎陳成良

Cloud computing could help improve security, says Microsoft.
雲端運算有助提升安全,微軟表示。
Cloud computing adds security challenges, but also provides opportunities to improve security posture, according to Steve Lipner, senior director of security engineering strategy at Microsoft.
雲端運算增加安全挑戰,但也提供改進安全態勢的契機,據微軟微安全工程策略高級主管史帝夫.里普納指出。
In addition to traditional threats such as cross-site scripting, code injection and denial of service, cloud computing expands some of those threats and introduces others, he said.
除了諸如跨網站指令碼、插入程式碼以及阻斷服務等傳統威脅,雲端運算服務擴大其中若干威脅,還帶來其他威脅,他說。
“Data privacy issues such as data location and segregation, and privileged access control, become greater in the cloud, for example,” he said.
「舉例而言,諸如資料放置、隔離以及優先存取控制等資料隱私議題,在雲端(運算)中變得更重要」,他說。
Threats introduced by cloud computing infrastructures include new types of privilege escalation vulnerabilities from virtual machine (VM) to host or VM to VM.
雲端運算架構帶來的威脅包括來自「虛擬機器」(VM)對主系統,以及VM對VM的新型態「權限提升」漏洞。
But the good news, he said, is that the cloud computing model also provides opportunities to mitigate threats, such as slow or incomplete security patching.
他說,但好消息是雲端運算模式也提供了契機來降低諸如安全修正太慢或不完整等威脅。
“With cloud services, patching is automated to ensure all applications are up to date from a security point of view at all times,” said Lipner.
「藉由雲端服務,可自動完成程式修正,以確保所有應用程式不論在任何時間,從安全角度來看,都是最新的。」
新聞辭典
cross-site scripting:資安術語,跨網站指令碼(又譯「跨站腳本攻擊」),通常簡稱為XSS,是一種網站應用程式的安全漏洞攻擊,允許惡意使用者將程式碼注入到網頁上,其他使用者在觀看網頁時就會受到影響。
mitigate:動詞,減輕;緩和。用法如:to mitigate a punishment(減輕處罰)。
up to date:片語,迄今、最新式、並駕齊驅。例句︰Our computer is up to date. (我們的電腦是最新款的。)

No comments: