Cloud computing could help improve security, says Microsoft 微軟稱雲端運算有助提升安全


Cloud computing could help improve security, says Microsoft.
Cloud computing adds security challenges, but also provides opportunities to improve security posture, according to Steve Lipner, senior director of security engineering strategy at Microsoft.
In addition to traditional threats such as cross-site scripting, code injection and denial of service, cloud computing expands some of those threats and introduces others, he said.
“Data privacy issues such as data location and segregation, and privileged access control, become greater in the cloud, for example,” he said.
Threats introduced by cloud computing infrastructures include new types of privilege escalation vulnerabilities from virtual machine (VM) to host or VM to VM.
But the good news, he said, is that the cloud computing model also provides opportunities to mitigate threats, such as slow or incomplete security patching.
“With cloud services, patching is automated to ensure all applications are up to date from a security point of view at all times,” said Lipner.
cross-site scripting:資安術語,跨網站指令碼(又譯「跨站腳本攻擊」),通常簡稱為XSS,是一種網站應用程式的安全漏洞攻擊,允許惡意使用者將程式碼注入到網頁上,其他使用者在觀看網頁時就會受到影響。
mitigate:動詞,減輕;緩和。用法如:to mitigate a punishment(減輕處罰)。
up to date:片語,迄今、最新式、並駕齊驅。例句︰Our computer is up to date. (我們的電腦是最新款的。)

No comments: