模块4：云计算数据安全学案.ppt

Digital Rights Management is a concept that data is self protecting within it’s environment. DRM is essentially the bundling of encryption with business rules that govern that data in a specific environment. Microsoft’s DRM is one example – encrypted data that contains it’s own rules for proper use that is enforced by the application. Another form of DRM is DLP – rather than enforce in the context of the application, it does so at the OS or network layer. 数字版权保护是一个数据可以在其环境中自我保护的概念。DRM本质上是加密手段与在特定环境下管理数据的业务规则的绑定。微软的DRM方案是一个例子－加密的数据包含由应用执行的、它应如何正确使用的规则。另一种形式的DRM就是DLP－不是在应用上下文中执行，而是在操作系统或网络层面执行。 DRM is very effective in closed systems with a small number of trusted users. The more open the environment, and the more users you allow access, the less secure the data. DRM在一个有少量可信用户的封闭系统中非常有效。环境越开放，允许访问的用户越多，数据就越不安全。 58 We want to stress that the storage architectures are key in understanding threats and security controls – and these vary per cloud service. 我们想强调存储架构对于理解威胁和安全控制而言是关键的－这随每种云服务的不同而变化。 The data security lifecycle help you examine how data will be accessed and used and the different phases where it will need protection. 数据安全生命周期帮助你检查数据如何被访问和使用，以及在不同的阶段需要什么样的保护。 Encryption is your go-to security tool for most security needs (storage, movement, end of life crypto shredding 对大多数安全需求（存储、移动、直到密码粉碎结束生命周期）而言，加密是你通往安全的工具。 Monitoring through DLP and request filtering helps detect sensitive information on the move 通过DLP监控以及请求过滤帮助检测敏感数据的移动 Also remember that when it comes to encryption keeping control of your own keys is the best way to ensure encryption will keep your data secure (i.e. don’t share them) 也要记住当考虑加密时保持对你自己密钥的控制是确保加密数据安全的最好方式（即不要共享它们）。 And encryption can be used anywhere from storage, network, applications, databases and even on the data. 同时，加密可以在任何地方使用，包括存储、网络、应用、数据库甚至在数据上。 59 59 59 59 59 59 59 59 59 59 59 8 9 Platform as a service providers abstract the underlying storage mediums, and use the concepts of files, databases or storage APIs. 平台即服务提