Cloud computing is trustworthy three major areas of security technology face challenges

"51cto.com exclusive feature" 2011 with the global economic situation improved, it industry will be fully recovered, cloud computing has a new opportunity for development. More and more companies are starting to accelerate into cloud computing. Gartner predicts that the security application services provided by cloud computing will grow three times times in 2013. It is undeniable that cloud computing will be the direction and trend of IT development in the future, and its security issue has become one of the most controversial topics in the industry. Major security companies are also trying to promote their own advantages, and the major cloud computing services and platform providers have shown great interest in this issue. Even so, security disasters have occurred. This April, Sony's PlayStation Web site was hacked, hackers hacked into Sony's San Diego data server in the United States, stealing personal information from Sony PS3 and music, animated cloud services network qriocity users, including names, addresses, birthdays, logins and passwords, Up to 77 million users are affected, involving 57 countries and regions. Meanwhile, Sony Online Entertainment (Sony Online Entertainment), another Sony group responsible for computer online gaming services, has also been hacked, with as many as 24.6 million user data leaking out. Sony is not the most serious event in history. 2009, the Heartland Payment system Company's 130 million user data was leaked, in 2007, the retailer TJX Company's 94 million user data were leaked, these events at that time caused the industry shock. The Sony incident, in turn, sparked a security debate over cloud computing. It can be said that cloud computing changed the way of service, but did not subvert the traditional security mode. The difference is that in the age of cloud computing, security devices and safety measures are deployed in different locations; Originally, the user wants to guarantee the security of the service, now by the cloud computing service provider to ensure the security of service delivery. Not long ago, 51CTO reporters discussed the current security threat trends and cloud computing security with Mr. Bret Hartman, RSA chief technology officer for the EMC Information Security Division. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" "width=" "height=" 327 "src=" http ://images.51cto.com/files/uploadimg/20110531/1309530.jpg "/>RSA chief Technical Officer Bret Hartman for the Sony incident, Bret said he did not understand the truth, Only through the Internet to understand some of the situation, but it is certain that the Sony incident itself is due to internalLoopholes. At the same time, Bret also emphasizes the cloud services provided to individual consumers, its security is not as strong as it is supposed to be, in fact, many cloud services are provided for the enterprise environment and their security measures are very comprehensive, but even in a very strong security environment, attackers can find vulnerabilities to attack. Bret admits there is a long way to go for all cloud service providers. Earlier this year, reporters had an exclusive interview with Mr. Bret at the RSA Convention in the United States. At the time, he told reporters that the concept of cloud computing was born, people were just focused on what cloud computing is, what cloud services are all about; over the past few years, we've seen a shift in focus to the security of cloud computing. Today, a lot of people will ask a question: can we trust the cloud? Obviously, "How do we Trust cloud computing and cloud services?" This problem has become the focus of the moment. In this respect, Bret believes that let everyone trust cloud computing and services is a future development direction. The direction he refers to is the application of security technology in the cloud computing environment. At present, many professional security vendors, including RSA, are making efforts to this end. When it comes to securing technologies to protect cloud computing environments, Bret divides cloud computing security into three broad areas: identity protection, infrastructure protection, and information data protection, according to protection objectives. But these types of security technologies also face many challenges. For identity security, the user needs a strong authentication mechanism, this strong authentication mechanism to consider the general ID and password protection, so that we can have sufficient confidence to ensure that authorized users access to an application or system. But Bret that in the cloud environment we face a challenge: there is no definition of identity in the cloud. In other words, from a cloud service to another cloud service, how can we prove that the identity of the user is legitimate and that the access cloud service is within the purview? Obviously, we need federated identity authentication technology in the cloud environment to achieve secure migration of cloud services and cloud applications. Bret stressed that it was hard to admit that identity authentication in the cloud computing environment was a difficult task. The second area is the security technology that protects the infrastructure. The infrastructure includes hardware and network facilities, operating systems, and application environments. For infrastructure security, there is a very big challenge to securing the infrastructure, and it is also a challenge to ensure that virtual machines are not attacked when they move from one cloud environment to another. Another important aspect of infrastructure security is the need for a very strong trusted chain, which includes security on the hardware, the Internet and the operating system, as well as the entire virtualization, which creates a strong credibility in all the chains. The third area is to secure data and information. There are also many challenges in this area of technology to ensure that when a user accesses the cloud, it ensures the confidentiality of the data, i.e. who can read the data and, on the other, the integrity of the data in the cloud environment,That is, when the data is accessed, it should not be tampered with arbitrarily by anyone. In this field of technology mainly includes distributed key management technology, as well as encryption of key technology, as well as DLP technology. Cloud service providers need to ensure that the entire data is transmitted in a cloud environment without loss of content. Bret told reporters that RSA is ready to launch a cloud-based identity authentication service to the market in the third quarter of 2011. In fact, the Sony incident is only the beginning of a future cloud service provider will face more brutal attack and competition. Whether the public cloud service provider can have perfect security protection and whether it can detect the security threat in the cloud environment will determine the basis of the trust of cloud service providers like Sony in future business competition. Frankly speaking, whether the cloud computing environment can be trusted, but also rely on practice test. At present, many events happen to reflect the cloud computing environment in the existence of security problems can not be ignored, it is the emergence of these problems, only to make people question cloud computing, so that the integrity of cloud computing has become the focus of the industry. But we should also see, as Bret said, cloud computing is the direction of future development, cloud computing brings people more convenience than its security problems caused by the loss, we can not because of various types of cloud computing security problems look at the clouds. After all, we should be confident that many professional security companies are trying to make cloud computing more believable and expect cloud computing to change the day of human civilization and life.