Although cloud computing specializes in resource conservation and efficiency, the security issue is undoubtedly the biggest obstacle to its development. This has become the latest research subject of the related parties.
There are not many people who are aware of the hidden dangers of cloud computing. RSA2010 Security Conference, the famous information security expert Ronald L. Rivest even half-jokingly said: "Maybe we called it 'cloud computing' itself is a mistake, because the name can easily make people feel interesting and safe, but the fact that The network is full of threats and dangers. If we originally called it 'swamp computing', we may be able to make people have a correct understanding of it. "
Security issues become a stumbling block
This concern is not unreasonable, as neither the internal cloud nor the external cloud faces a daunting security problem. For the external cloud, the information system of cloud computing applications is highly centralized. The data has the characteristics of borderlessness and liquidity, which makes the security boundaries of the network vague. The security mechanisms such as traditional security domain division have been difficult to guarantee the security of cloud computing applications In addition, the cloud computing service is based on the Internet, and the Internet is hard to guarantee in terms of resource service quality. Users also have a question mark in mind for the continuity, reliability and high quality of the cloud service. For the internal cloud, although the attacks from the outside are greatly reduced, if some important information is put on the Internet, it is inevitable that there is a risk of internal leakage. The security issue is also worth considering.
Now, security issues have become an obstacle to the further development of cloud computing. "Only by solving the above problems can cloud computing flourish everywhere in China," said Tang Xiong-yan, deputy head of China Broadcom National Broadband Engineering Laboratory.
To solve the security problem, we need to analyze the problem and remedy the problem. At present, cloud computing services are broadly divided into three levels: IaaS, PaaS and SaaS. The security issues vary at different levels: The main issues facing IaaS are the reliability, physical security, network security, transmission security, System security, etc .; for PaaS, data security, data and compute availability, disaster recovery and recovery, application-specific attacks are major issues; and for SaaS, users are more concerned with data and application security issues. Cloud computing providers can take specific measures for different security issues.
In cloud computing services, operators mainly provide services on equipment and platforms provided by equipment suppliers, so they should be different from other cloud service providers. A technologist at China Telecom Guangzhou Research Institute believes that operators should improve the security level of cloud computing services in terms of system-level and implementation and application. Based on improving the cloud computing security infrastructure, operators should integrate data encryption, VPN , Authentication, secure storage and other integrated security technologies to build a deep security system for cloud computing applications.
And to fundamentally ensure the security of cloud computing, system-level security is indispensable. Recently, relevant European leaders strongly called for a global agreement on data protection to solve the data security weakness of cloud computing.
Cloud services spawn new business opportunities
Cloud computing providers to solve security problems, but also the use of new models of cloud computing in the field of security to explore new business opportunities. With the cloud computing concept warming, cloud security concepts came into being.
Recently, a variety of virus programs are growing in geometric series, some anti-virus software parry weakness. At the same time, the major threats from the Internet are being turned to malicious programs and Trojans by computer viruses. It is obviously outdated using the signature database.
The so-called cloud security, is through the mesh of a large number of clients on the network software behavior anomalies to monitor access to the Internet Trojans, malicious programs and other latest information, pushed to the server for automatic analysis and processing, then the virus and Trojan solution The program is distributed to each client. With cloud-based security, the entire Internet is a huge "antivirus". The more participants, the more secure each participant and the more secure the entire Internet.
In addition to killing the virus, a typical VMware technology company said that there is a typical cloud computing application - security board, including Web security and spam protection, as well as the international web code detection. In addition, the "cloud" of security devices and security infrastructures and the cloud-based security service are also the directions for the development of cloud-based security services.
In terms of cloud security, the mainstream anti-virus vendors in the industry set foot in the earlier, Jinshan, Kaspersky, Rising, Jiangmin, McAfee and so put forward the corresponding service solutions, Cisco put forward the concept of cloud firewall. However, the Ministry of Industry and Telecommunications Huang Yuanfei Telecom Research believes that the majority of security vendors in the application of secure cloud technology is still in the exploratory stage, the degree of product to be improved.
Operators have started
The aforementioned China Telecom Guangzhou Research Institute experts believe that cloud security services for telecom operators is an opportunity for telecom operators in this area has inherent resource advantages. "After years of network construction and operation, telecom operators already have a network-wide distribution and a large number of security infrastructures, all of which provide resource advantages for cloud security."
It is understood that domestic operators have begun to explore cloud security service model. For example, a telecom operator has launched a DDoS attack protection service and deployed a "cloud defense platform" distributedly at the backbone level to deal with the increasingly large-scale botnet. The service platform has the prototype of cloud security.
In addition, the reporter learned from China Unicom, although China Unicom's commercial cloud services have not yet been introduced, but in the internal pilot phase has been taken into account cloud services. A person from China Telecom said that cloud security is a new market demand point and China Telecom is also considering providing cloud security services.
However, because of the fragmentation of systems and the fact that no effective scheduling management, information sharing, and low utilization of most security systems exist between systems, there is no obstacle for operators to provide cloud security. Experts from China Telecom Research Institute suggest that to remove these obstacles, telecom operators can make full use of cloud computing technologies to integrate the above resources, optimize and build an open, ultra-large-scale "secure cloud" resource pool, and improve service performance of security facilities in an all-round way ability. At the same time, based on their own characteristics, operators should make use of the resources of all parties and combine the advantages of Huawei, ZTE and others in controlling costs and understanding the network, as well as the advanced technologies and highly efficient solutions such as IBM and HP to launch the unique cloud security service.