先说明这里的云计算安全不是被炒作的“云安全”

云计算安全是基于云计算的安全，也就是怎样为云计算提供安全服务。

我相信云计算是可以看得见的未来，其中有很大的商业机会，也有技术挑战。将带来互联网新的变革。

最近一直在思考一些云计算安全的问题，但是还没有形成体系化的思想，所以也就还没有去整理。

归根到底还是因为只是在YY这个东西，还没有接触到很实质化的云计算，所以一切都是处于空想阶段。

但这一天迟早都是要到来的，所以，我们不妨早点开始“空想”。

下面是老外提出来的云计算安全面临的一些挑战，我也有自己的答案，等到有体系化思想，有实践论证过后，再一一阐述吧。

http://www.informationweek.com/blog/main/archives/2008/12/cloud_computing_6.html

What about having the ability to validate how your cloud provider keeps data secure? Or, even for the ability to independently audit their policies and processes?

What about the background of the employees and administrators hired by the cloud provider? Who will actually have access to your data? Even if it's encrypted, it can still be lost, destroyed, or your access to it cut. How does AES help you there?

What about your business continuity and disaster recovery plan?

What about data-loss prevention from the cloud?

How will your business manage identity and access management to cloud-based applications and data?

What about the fundamental security of the application code your cloud provider is using? I don't think buffer overflows and data injection attacks -- and all of the other application-based challenges we still haven't solved -- will just vaporize in the cloud. Please.