* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog) * [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/) * [未分類](https://origin-researchcenter.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr) * 5 大雲端安全策略:全面的雲端安全策略... # 5 大雲端安全策略:全面的雲端安全策略 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F07%2Fcloud-big-cloud-5-holistic-cloud-security-strategy%2F%3Flang%3Dzh-hant) [](https://twitter.com/share?text=5+%E5%A4%A7%E9%9B%B2%E7%AB%AF%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5%EF%BC%9A%E5%85%A8%E9%9D%A2%E7%9A%84%E9%9B%B2%E7%AB%AF%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F07%2Fcloud-big-cloud-5-holistic-cloud-security-strategy%2F%3Flang%3Dzh-hant) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2019%2F07%2Fcloud-big-cloud-5-holistic-cloud-security-strategy%2F%3Flang%3Dzh-hant&title=5+%E5%A4%A7%E9%9B%B2%E7%AB%AF%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5%EF%BC%9A%E5%85%A8%E9%9D%A2%E7%9A%84%E9%9B%B2%E7%AB%AF%E5%AE%89%E5%85%A8%E7%AD%96%E7%95%A5&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=zh-hant&ts=markdown) \[\](mailto:?subject=5 大雲端安全策略:全面的雲端安全策略) Link copied By [Matthew Chiodi](https://www.paloaltonetworks.com/blog/author/matthew-chiodi/?lang=zh-hant&ts=markdown "Posts by Matthew Chiodi") Jul 06, 2019 1 minutes [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) This post is also available in: [English (英語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/05/cloud-big-cloud-5-holistic-cloud-security-strategy/ "Switch to 英語(English)") [简体中文 (簡體中文)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=zh-hans "Switch to 簡體中文(简体中文)") [Nederlands (荷蘭語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=nl "Switch to 荷蘭語(Nederlands)") [Français (法語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=fr "Switch to 法語(Français)") [Deutsch (德語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=de "Switch to 德語(Deutsch)") [Italiano (義大利語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=it "Switch to 義大利語(Italiano)") [日本語 (日語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=ja "Switch to 日語(日本語)") [한국어 (韓語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=ko "Switch to 韓語(한국어)") [Español (西班牙語)](https://origin-researchcenter.paloaltonetworks.com/blog/2019/07/cloud-big-cloud-5-holistic-cloud-security-strategy/?lang=es "Switch to 西班牙語(Español)") 在與數百位客戶合作的經驗基礎上,我們開發出 5 大雲端安全策略。雖然並非盡善盡美,但如果使用得當,它能夠幫助您的團隊擬定全面的雲端安全策略。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/07/The-Big-Cloud-5-500x318.jpg) 圖 1:5 大雲端安全策略 *對環境缺乏足夠的認識,被認為是因人為錯誤導致事故發生的主要原因之一。--* Nullmeyer,Stella、Montijo 和 Harden,2005 年 **1.** **瞭解雲端環境,取得深入的可視性。** 簡化雲端安全性與合規性工作的第一步,是瞭解開發人員和業務團隊*目前* 如何使用雲端。首先需要瞭解影子 IT 對雲端的使用情況,但還不能僅僅滿足於此。遵循 80/20 法則,您的團隊可以確定需要首先關注的雲端平台。但是,安全團隊不僅要瞭解正在使用哪些雲端*平台* ,也要瞭解在*其中*執行的內容。這就是雲端供應商的 API 發揮作用之處。 API 是使得雲端與大多數內部部署環境不同的關鍵技術之一。您需要始終掌握雲端環境中發生的情況,這不僅需要瞭解貴公司正在使用的雲端應用,也要運用雲端供應商的 API 持續追蹤直至中繼數據層的所有變化。 **2.** **設定防護措施,自動防禦最嚴重的雲端錯誤設定。** 問問自己,哪些設定 (錯誤設定或反面模式) 在我們的環境中不應該存在?例如,數據庫從網際網路直接獲得流量。這是「最不理想的做法」,但 Unit 42 的威脅研究指出,有 28% 的雲端環境中存在這種情況。隨著雲端安全計劃日趨成熟,有必要擬定初步的安全措施並逐步進行擴展。在此提出兩項重要注意事項:建立自動化防護之前,強烈建議首先進行小規模的試驗,確保不會產生意料之外的結果 (例如,自我造成的拒絕服務)。與開發團隊密切合作。如果沒有開發團隊的支援,請勿嘗試實作自動化防護。從一開始就與開發團隊合作,從基礎開始,為未來的成功奠定基礎。 **3.** **標準是自動化的前提條件。** 許多團隊在沒有建立標準的情況下就開始談論自動化。妥善的做法是隨時間推移,逐漸將 80% 的目標自動化。隨著在計劃中完成標準訂定,自動化的工作自然水到渠成。除非是新創公司,否則不要期待在 90 天內即可完成從無自動化到全自動化的轉換。企業通常需要至少九個月才能完成這個過程。 **4.** **培訓和聘用編寫程式碼的安全工程師。** 與大多數傳統的數據中心不同,公有雲環境是由 API 驅動。在雲端中進行成功的風險管理需要安全團隊運用 API。 根據貴公司的規模,先評估目前已有的技能。是否已經有團隊成員熟悉如何編寫 Python 或 Ruby 之類的程式碼?如果有,請大力投資這些團隊成員,根據建立成熟自動化防護的時間表調整自己的目標。團隊裡面沒有這樣的人?那麼您有幾個選擇。確認是否有人想要學習這些技術,並透過調查尋找開發團隊中對於安全技術感興趣的成員。如果訓練的目標一致,而且配置有妥善的資源,那麼可以培訓開發人員進行安全工作,也可以培訓安全工程師編寫程式碼。 如果貴公司在編寫程式碼方面並不擅長,一個不錯的選擇是聘用曾與許多組織有過合作經驗的短期顧問。您不會希望團隊不知道如何修改或使用指令碼。完成這個過程後,就可以在開發渠道中完全嵌入安全性。 **5.** **在開發渠道中嵌入安全性。** 在確定如何將程式碼推送到雲端時,需要確定相關人員、內容、時間和位置。完成這一點後,您的目標應該是為安全流程和工具找到破壞性最小的進入點。獲得開發團隊的早期支援極為重要。 **結論** 透過建構專注於「5 大雲端安全策略」的雲端安全策略,各種規模的安全組織都將享受公有雲所帶來的優勢,而長期以來只有開發團隊從這些優勢中受益。從基礎開始,為未來的成功奠定基礎。 *** ** * ** *** ## Related Blogs ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Strata Copilot - 加速邁向自發性網路安全性的未來](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/introducing-strata-copilot/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 醫療企業是勒索軟體攻擊者的首要目標](https://origin-researchcenter.paloaltonetworks.com/blog/2021/10/healthcare-organizations-are-the-top-target/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 適用於 5G 的零信任:實現安全的數位轉型](https://origin-researchcenter.paloaltonetworks.com/blog/2021/10/zero-trust-for-5g-digital-transformation/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 網路攻擊鎖定金融服務企業的 3 個原因以及防禦方式](https://origin-researchcenter.paloaltonetworks.com/blog/2021/10/financial-services-cyberattacks/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 連續 7 年提供出色的客戶服務](https://origin-researchcenter.paloaltonetworks.com/blog/2021/10/delivering-outstanding-customer-service/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Palo Alto Networks 研究:61% 的企業難以確保在家工作的遙距網絡安全](https://origin-researchcenter.paloaltonetworks.com/blog/2021/09/state-of-hybrid-workforce-security-2021/?lang=zh-hant) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language