Analysts said , Virtualization and cloud computing will not affect the online security of most companies . But because IT Service customers assume that their cloud computing providers should take responsibility for security , This makes these customers vulnerable to attack . meanwhile , Virtualization and cloud computing also play an important role .
Analyst for server issues at tech business research Ezra
Gottheil call ：" Security and cloud hosting are two separate things , Entry costs are low , It's usually very simple . Customers may not think much about being responsible for safety ."
In a report released this week , Market research company Gartner The security responsibility of cloud computing is not clear . They think it's necessary to get a list of how cloud services work and service level agreements that clearly state what customers want and what they want .
In March this year , The research conducted by cloud security alliance lists seven top security risks of cloud computing , One of them is that customers ignore safety practices , This information is denied to service providers to address this risk . According to research by the cloud security alliance , Cloud projects and the risks they face can be extremely complex by the fact that they are deployed . Today, the advantages of cloud and some groups are actively promoting cloud deployment . The worry is that these groups may not be able to keep up with the security situation .
451 Group analyst Josh
Corman call , The nature of the cloud computing business means that many customers or prospects don't know when they put a website or company application on someone else's hardware , How are they exposed to risk .
Cloud service provider responsible for hosting and protecting customer application security FireHost CEO of the company Chris
Drake call , If not , Most cloud and website hosting customers also assume that their service providers are responsible for the security of their websites .
How do cloud computing customers suffer
Financial services companies LawLeaf yes FireHost A recent customer , The company's main business is to provide loans to those who raise money in lawsuits . After an attack that almost led to the collapse of the company ,LawLeaf Finally, they abandoned their original network hosting service provider BlueHost.
LawLeaf The general manager of the company Tim
Burke Call him in 2007 Started running the company with very little money in , At that time, his main job was to sell member management software to non-profit companies , The operating company is just one of his sidelines . He chose at first
BlueHost trusteeship LawLeaf.com, choice BlueHost The reason is the company's reputation and monthly 6.95 Service charge in US dollars .Burke call , At the beginning of this year
LawLeaf.com Before you start going downhill , He was right BlueHost Very satisfied with the service .
In January of this year ,LawLeaf.com It's been hit SQL Injection attack . Attacks lead to frequent site crashes , What's worse is that the website also forcibly installs malicious plug-ins on the unprotected users' computers .Burke call , It's February , The site crashes twice a week , And in March , The frequency of website crashes has reached the point of once a day .
The download of malicious plug-ins makes LawLeaf Got a warning from Google .Burke call , If LawLeaf Don't solve this problem , Then Google will ban their site from the list of search results .
because LawLeaf Most of our business comes from our own websites , Frequent collapses have led to a decline in the company's business , It affects the company's reputation .
Burke call ：" Due to website problems , We lost a lot of business , We lose thousands of dollars every day . What worries me most is the lawyers who recommend our services to our clients . The client provided us with confidential documents , The lawyer recommended us to the client for financing . If our website is attacked by hackers all the time , Then customers won't trust us at all ."
about LawLeaf Come on , Fortunately, customer files sent via email were not affected .Burke call , For all that , Every collapse of the website has a serious negative impact on the company's reputation .
Burke point out , When the site crashes ,BlueHost Will remind him , And make some preliminary analysis to make sure that the problem is not on their server . third person ,BlueHost No further action has ever been taken to solve this problem .
Burke call ：" They just kept telling me to kill virus or shut down our website . I tried many times, as they said , But the site continues to crash ."
BlueHost The company's focus is on providing low-cost hosting services for customers and smaller companies . In addition to the monthly fees, only 6.95 In addition to basic services in US dollars , They don't offer more advanced services , And they don't respond to questions that customers respond to many times .
because LawLeaf.com The problem has not been solved ,Burke Changed the service provider into FireHost.FireHost Promise to prevent future attacks or to prevent them after they occur .Burke call , Now they have to pay monthly 400 Service charge in US dollars . It's taking over LawLeaf.com after ,FireHost It is based on the separation of PHP Page of , Problem code cleared .
FireHost Chief executive officer of Drake call ：" actually ,LawLeaf Closing PHP The page aspect has taken the very good measure . But the reason is that there are a lot of problems in the database SQL Injection code ."
Burke In order to get better service , They used to BlueHost The company paid a lot of money . up to now ,Burke Still think BlueHost Should be responsible for the security of the website , Have the obligation to solve the problem of malicious plug-ins .
although BlueHost The commitment of normal operation rate and reliability up to 99.5%, But the company is not right LawLeaf.com Take responsibility for safety issues . Analyst, Technology Business Research Corporation Gottheil call ：" In this case , I'm not sure it's a mechanism issue . But because SQL Injection attacks often attack through their own web pages , Whether the customer knows it or not , It should be the customer's responsibility to guard against such attacks ."
LawLeaf and BlueHost The case of cloud computing shows us why cloud computing customers need to figure out who is responsible for security .