阿里云安全漏洞修复_7种云计算安全漏洞及其应对措施

阿里云安全漏洞修复

Companies are rapidly using the cloud to revolutionize their digital transformations. According to Gartner, the global market for cloud computing is estimated to grow $266.4 billion by 2020, rising from $227.4 billion in 2019.

公司正在Swift使用云来彻底改变其数字化转型。 根据Gartner的数据 ，全球云计算市场估计到2020年将增长2664亿美元，高于2019年的2274亿美元。

There are several benefits of cloud computing including potential lower cost (with more capabilities in the public cloud that could aid productivity versus more limited capabilities in private clouds) and faster time to market.

云计算有许多好处，包括潜在的较低成本(公共云中的更多功能可以帮助提高生产力，而私有云中的功能则有限)和更快的上市时间。

However, with the array of benefits that the cloud offers, data security is amongst the key concerns holding back enterprises from adopting cloud solutions. To back this up, a survey found that 93% of companies are moderately to extremely concerned about cloud computing security risks.

但是，由于云提供了一系列好处，因此数据安全性成为阻止企业采用云解决方案的关键问题之一。 为了证明这一点，一项调查发现93％的公司对云计算安全风险的关注程度中等至中等。

Cloud infrastructure can be complex, and we all know that complexity is the enemy of security. While most cloud security experts agree that companies can benefit from the security solutions built into the cloud, organizations can also make grave errors and expose critical data and systems.

云基础架构可能很复杂，我们都知道复杂性是安全的大敌。 尽管大多数云安全专家都认为公司可以从内置在云中的安全解决方案中受益，但组织还可以犯严重错误并暴露关键数据和系统。

Some of the most common cloud security risks include unauthorized access through improper access controls and the misuse of employee credentials. Unauthorized access and insecure APIs are tied for the number one spot as the single biggest perceived security vulnerability in the cloud (according to 42% of respondents). These security risks are followed by misconfigurations in the cloud at 40%.

一些最常见的云安全风险包括通过不正确的访问控制进行未经授权的访问以及滥用员工凭证。 未经授权的访问和不安全的API并列云计算中最大的感知最大安全漏洞 (根据42％的受访者)。 这些安全风险之后，云中的错误配置达到40％。

How can companies gain the benefits of cloud computing technology while still maintaining data security?

公司如何在保持数据安全性的同时获得云计算技术的好处？

There are several preventive measures that companies can adopt to prevent cloud security vulnerabilities in their early stages. This ranges from simple cloud security solutions such as implementing multi-factor authentication to more complex security controls for compliance with regulatory mandates.

公司可以在早期阶段采取几种预防措施来防止云安全漏洞。 范围从简单的云安全解决方案(例如实施多因素身份验证)到更复杂的安全控制以符合法规要求。

排名前7位的云计算安全漏洞和缓解方法 (Top 7 Cloud Computing Security Vulnerabilities and Ways to Mitigate Them)

In this article, we will take a comprehensive look at the top 7 cloud computing security vulnerabilities and how to mitigate them.

在本文中，我们将全面研究排名前7位的云计算安全漏洞以及如何缓解这些漏洞。

1.错误配置的云存储 (1. Misconfigured Cloud Storage)

Cloud storage is a rich source of stolen data for cybercriminals. Despite the high stakes, organizations continue to make the mistake of misconfiguration of cloud storage which has cost many companies greatly.

云存储是网络犯罪分子窃取数据的丰富资源。 尽管风险很高，但组织仍在犯错误的云存储配置错误，这使许多公司付出了巨大的代价。

According to a report by Symantec, nearly 70 million records were stolen or leaked in 2018 due to misconfigured cloud storage buckets. The report also highlighted the emergence of various tools that allow attackers to detect misconfigured cloud storage to target.

根据赛门铁克的报告 ，由于云存储桶配置错误，2018年有近7000万条记录被盗或泄露。 该报告还强调了各种工具的出现，这些工具使攻击者能够检测到错误配置的云存储以作为目标。

Cloud storage misconfiguration can quickly escalate into a major cloud security breach for an organization and its customers. There are several types of cloud misconfigurations that enterprises encounter. Some types of misconfigurations include:

云存储配置错误会Swift升级为组织及其客户的主要云安全漏洞。 企业会遇到