CSA 云计算关键领域安全指南v3.0

c . 云计算关键领域 5 b u 安全指南 V3.0 h t i g m o 云计算关键领域安全指南 V3.0 导论 The guidance provided herein is the third version of the Cloud Security Alliance document, “Security Guidance for Critical Areas of Focus in Cloud Computing,” which was originally released in April 2009. The permanent archive locations for these documents are: http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf (this document) http://www.cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf (version 2 guidance) http://www.cloudsecurityalliance.org/guidance/csaguide.v1.0.pdf (version 1 guidance) In a departure from the second version of our guidance, each domain was assigned its own editor and peer reviewed by industry experts. The structure and numbering of the domains align with industry standards and best practices. We encourage the adoption of this guidance as a good operating practice in strategic management of cloud services. These white papers and their release schedule are located at: m o c . 5 http://www.cloudsecurityalliance.org/guidance/ In another change from the second version, there are some updated domain names. We have these changes: Domain 3: Legal Issues: Contracts and Electronic Discovery and Domain 5: Information Management and Data Security. We now have added another domain, which is Domain 14: Security as a Service. b u h t i g © 2011 Cloud Security Alliance. All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance Guidance at http://www.cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf subject to the following: (a) the Guidance may be used solely for your personal, informational, non-commercial use; (b) the Guidance may not be modified or altered in any way; (c) the Guidance may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the Guidance as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance Guidance Version 3.0 (2011). ©2011 CLOUD SECURITY ALLIANCE | 1 云计算关键领域安全指南 V3.0 目录导论.............................................................................................................................................................................................................................................. 1 目录.............................................................................................................................................................................................................................................. 2 前言.............................................................................................................................................................................................................................................. 3 V3.0 中文版译者序 ................................................................................................................................................................................................................ 4 英文版致谢 ................................................................................................................................................................................................................................ 6 编者寄语 .................................................................................................................................................................................................................................... 8 关于风险的编者按 ............................................................................................................................................................................................................... 10 第一部分云体系架构 D1: 云计算体系架构 ...................................................................................................................................................................................................... 14 第二部分云的治理 D2: 治理与企业风险管理 ............................................................................................................................................................................................. 31 D3: 法律问题：合同与电子发现 ............................................................................................................................................................................... 36 D4: 合规与审核 ...............................................................