China Telecom Liu Shunde: Cloud data center needs to eliminate security concerns of virtual environment
Source: Internet
Author: User
KeywordsSecurity China Telecom Shunde information security
China Telecom is Taiwan's largest telecommunications operator, covering the three major areas of fixed-line communications, mobile communications, and data communications. Based on the principles of Data center planning in the Cloud era, China Telecom is also one of its key plans in addition to environmental protection, energy conservation and reliability considerations. to this end, in the China Telecom Institute has set up a Data Communication Security Institute, one is to establish independent and advanced information security Defense technology, and second, to support China Telecom Information Security defense. "The trend of data centers under cloud computing is to create faster computing, more storage space and more flexibility with smaller hosts, lower power consumption, lower costs," Liu Shunde, a researcher at the China Telecom Institute for Data Communications Security, said at a recent trend-high end CIO summit. In the process of the evolution of Internet Data Center to virtualization and cloud, security should have both traditional and emerging cloud defense mechanism, and it needs automatic enterprise information security Policy Monitoring mechanism. The
Basic Security design for China Telecom Data Center because Taiwan is located in the South Pacific Seismic Zone, in order to ensure the safety of the data center, all the Chinese telecom buildings are made of SRC steel-framed shockproof structure, which can withstand earthquakes up to 7 levels. In addition, in order to avoid the flood, the data center building main body's periphery has designed the waterproof gate, drains and so on flood control equipment. In addition to the physical level of security, China Telecom certainly does not overlook the redundant design of data centers. For example, two sets of equipment, including more than two different areas of substation power supply, the other set up a diesel generator set to provide standby power; dual loop UPS system; Data redundancy, including tape backup, continuous data protection, multi-point room data off-site backup, etc. Liu Shunde pointed out that China Telecom in the implementation of computer room security management is based on China Telecom Information security policy and implementation rules, the rules are constantly improving every year, from the past six chapters to the current nine chapters. For example, in the rules of a computer room and equipment safety management, China Telecom Room is divided into one, tertiary, each level has different standards. Of course, the basic features of network security are the necessary design for each data center, such as firewalls, intrusion detection systems, antivirus and vulnerability scanning deployments. Information security threats and protection in cloud data centers Cloud services use virtualization technology to share hardware resources, as it places data in outsourced vendors. There is a lot of concern about cloud information security in the eyes of the user, cloud data will not be stolen, data is not encrypted, whether there are other people can record my network packets, whether the cloud has access to records, these are faced with whether data security, access security, virtual environment security or information security monitoring are the challenges faced by suppliers. Liu Shunde believes that a virtualized cloud environment inherits all the information security issues previously faced. But the emerging security issues focus on the virtual environment, the first is the virtual platform weaknesses, virtual platform, like Windows operating system, there are security vulnerabilities to be updated in real time, followed by the risk of sharing resources, senior hackers through the lease guest OS launch side Attack get data on hardware RAM or go directly to someone else's Guest OS, and virtual machine migration and backup management, guest OS migrating to different virtual platforms to ensure consistent security policy and strict backup management, and including across virtual host attacks, which requires the implementation of VM security monitoring, With VLAN to ensure VM independence, the conflict of interest of the company or individual guest OS to be placed on a different virtual platform. Liu Shunde introduces China Telecom's cloud security construction guidelines and development direction, including regulatory compliance, physical security and backup, virtual environment security, identity authentication security, data security, application security, communication security and overall information security monitoring and professional team building. China Telecom adheres to standard regulations to ensure that customers use cloud services in a variety ofSecurity considerations. The first is to follow Taiwan regulations and, if not, to follow international standards, such as NIST, ENISA, PCI and Odca Deng. "The standard is divided into several levels, the first is the reference, the second is in line with, the third is to follow, so that the expectation to create to the customer is a trustworthy IDC room." "Liu Shunde points out. customers communicate with the cloud room, using the communication security mechanism provided by China Telecom, such as SSL, SSL VPN and Higate VPN transmission encryption channel and security authentication; According to the ISMS specification to create redundancy, the computer room to provide services to the network using dual-routing design, to ensure that the cloud services continuously line; Cloud services are completed in accordance with the standard software development lifecycle and are X.509 signed to ensure that they are not tampered with. It is the security construction practice of the China Telecom Cloud Data center that the system can ensure the safety of the weak-scan and penetration test continuously. The Liu Shunde describes China Telecom's cooperation with trend technology in the security construction of the cloud data center. By deploying trend technology deep security to protect physical machines and virtual machines, China Telecom protects the data leakage caused by software vulnerabilities, provides the security required for virtual and cloud environments, and eliminates security concerns that are unique to these environments. Using trend technology SafeSync to ensure cloud storage security, in addition to SSL, provide similar S3 encryption and decryption API. In addition, China Telecom for VM file Management provides a SAFEVM full encryption mechanism, the virtual host image files are automatically added to decrypt, even if the image file is stolen, the data is encrypted state and make it impossible to distinguish. It is inevitable that the construction of the data center is moving toward virtualization, Liu Shunde that the virtualization information security issue should be considered before it is built. Information security protection is a process, there is no one-time solution, the need for a continuous maintenance team, good equipment is on the one hand, but there are good experts to do better security protection.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.