China Telecom: IDC's Cloud security

Over the past year, large data leaks have been occurring around the world. This April 23 13 o'clock in the afternoon, the AP Twitter account was hacked to publish a "White House bombing" false news, the stock index of the United States stocks a brief plunge. After the false message was clarified, the stock index was soon restored to its original location. It is the AP using a low security level it consumer platform, to the hackers use IT systems to manipulate the news, from the stock up and down the opportunity to profit.

According to the latest survey and research results of trend science and technology, the average loss of corporate data leakage has increased to 3.7 million U.S. dollars. 90% of organizations are suffering from active malware intrusion, but 55% of them are unaware of it; 91% of apt attacks begin with harpoon-style phishing attacks. How to protect the enterprise information assets, how to more intelligent management and protection to deal with the new situation it threat? In this regard, the telecommunications operators that provide cloud services to the enterprise should take precautions for the security and virtualization of cloud applications.

China Telecom is Taiwan's largest telecommunications operator, and is committed to become the most convenient IDC company. In providing cloud computing services, China Telecom faces international rivals like Amazon AWS. Therefore, to provide users with a more secure IDC services, become the pursuit of China telecom goals.

In the design of cloud data center, China Telecom, in addition to the pursuit of environmental protection, energy conservation, reliability and corporate social responsibility principles, but also deliberately the data center virtualization derived from the security threat focus planning. Through the Research Institute of China Telecom Institute of Data Communication security, the establishment of independent and advanced information security Defense technology, in order to achieve information security defense.

Last February, the International Cloud Security Alliance (CSA) released 9 of the 2013-year cloud security threats, they are data disclosure, data loss, account hijacking, unsafe APIs, Denial-of-service attacks, malicious operations by internal personnel, misuse of cloud services, unreasonable cloud service planning, and the vulnerability of shared technologies. "Of the 9 major threats, our biggest difference is in sharing technology vulnerabilities." "The users of the cloud are concerned about the security of the cloud, such as whether the uploaded information will be intercepted," Liu Shunde, a researcher at the Institute of Data Communications Security at the China Telecom Institute, said in an interview with "business value" at a recent trend-high end CIO summit. Will the others be affected by the attack? These problems are derived from the virtualization of the computing center, allowing users to doubt the use of the cloud. ”

"The security of the Cloud data center has both the traditional and the emerging cloud defense mechanism, and needs the automatic enterprise Information security Policy monitoring mechanism." "Liu Shunde said. Therefore, China Telecom in the cloud security development, in addition to traditional security, but also added to the security of virtualization, and policy implementation. For example, in compliance with China Telecom Information Security implementation details, each host and its environment should comply with the security requirements, but the virtualization of the host replication and removal is very convenient, how to ensure that when the virtual host is moved or replicated to another place, can continue to meet security requirements, This is a very interesting topic emerging in the cloud of law and order. China Telecom in compliance with standards and regulations, from the reference, compliance and compliance with three levels of implementation.

In addition to regulatory compliance, entity security and backup are also important. In the process of virtualization, there will be virtual and entity mix, China Telecom in addition to providing security protection, but also provide encryption and decryption services. For example, for VM file management, China Telecom uses the SAFEVM full encryption mechanism, can be stationed in the virtual host image files are automatically added to decrypt, even if the VM was hacked, image files were stolen, the data is encrypted state and make it unable to distinguish. In addition to VM, to do not like the entire encryption customers, China Telecom also provides external hard drive encryption.

To provide better security for our customers, China Telecom quickly deploys cloud-safe mechanisms in both physical and virtual machines to protect data centers and cloud platforms from data leaks and business outages, and to reduce operating costs. On the other hand, secure the applications and data of the servers in the physical, virtual, and cloud environments.

Liu Shunde said that data center construction is the only way to the development of virtualization. When building a cloud data center, information security should be considered before construction. He also cautioned that information security is a process that does not have a one-time solution and requires an ongoing maintenance team. In addition, in addition to good equipment, but also need good expert assistance, in order to do better IDC information security protection.