云计算关键领域安全指南 V3.0 第三版 中文版

云计算关键领域安全指南V3.0云计算关键领域安全指南V3.0©2011CLOUDSECURITYALLIANCE|1导论TheguidanceprovidedhereinisthethirdversionoftheCloudSecurityAlliancedocument,“SecurityGuidanceforCriticalAreasofFocusinCloudComputing,”whichwasoriginallyreleasedinApril2009.Thepermanentarchivelocationsforthesedocumentsare:(thisdocument)(version2guidance)(version1guidance)Inadeparturefromthesecondversionofourguidance,eachdomainwasassigneditsowneditorandpeerreviewedbyindustryexperts.Thestructureandnumberingofthedomainsalignwithindustrystandardsandbestpractices.Weencouragetheadoptionofthisguidanceasagoodoperatingpracticeinstrategicmanagementofcloudservices.Thesewhitepapersandtheirreleaseschedulearelocatedat::Domain3:LegalIssues:ContractsandElectronicDiscoveryandDomain5:InformationManagementandDataSecurity.Wenowhaveaddedanotherdomain,whichisDomain14:SecurityasaService.©2011CloudSecurityAlliance.Allrightsreserved.Youmaydownload,store,displayonyourcomputer,view,print,andlinktotheCloudSecurityAllianceGuidanceat:(a)theGuidancemaybeusedsolelyforyourpersonal,informational,non-commercialuse;(b)theGuidancemaynotbemodifiedoralteredinanyway;(c)theGuidancemaynotberedistributed;and(d)thetrademark,copyrightorothernoticesmaynotberemoved.YoumayquoteportionsoftheGuidanceaspermittedbytheFairUseprovisionsoftheUnitedStatesCopyrightAct,providedthatyouattributetheportionstotheCloudSecurityAllianceGuidanceVersion3.0(2011).云计算关键领域安全指南V3.0©2011CLOUDSECURITYALLIANCE|2目录导论..............................................................................................................................................................................................................................................1目录..............................................................................................................................................................................................................................................2前言..............................................................................................................................................................................................................................................3V3.0中文版译者序................................................................................................................................................................................................................4英文版致谢................................................................................................................................................................................................................................6编者寄语....................................................................................................................................................................................................................................8关于风险的编者按...............................................................................................................................................................................................................10第一部分云体系架构D1:云计算体系架构......................................................................................................................................................................................................14第二部分云的治理D2:治理与企业风险管理.............................................................................................................................................................................................31D3:法律问题：合同与电子发现...............................................................................................................................................................................36D4:合规与审核................................................................................................................................................................................................................44D5:信息管理与数据安全.............................................................................................................................................................................................48D6:互操作性与可移植性.............................................................................................................................................................................................61第三部分云的运行D7:传统安全、业务连续性和灾难恢复.................................................................................................................................................................70D8:数据中心运行...........................................................................................................