Global security cooperation under cloud computing

March 2, 2010 ~3 5th, the world's top Information security conference RSA Conference 2010 was scheduled to be held in San Francisco, United States. Unlike in previous years, this year, the Zhongguancun Science Park CMC has organized 7 China's information security leading enterprises jointly participated in the conference, showing the Chinese government to participate in the world's information security technology exchange of attitude. What are the implications of this year's conference on what is going to be a profound change in the Global Information security field?

Cloud computing Security

Into the biggest hot spot

The keynote speech of the morning of March 2 has always been a bellwether for the future development of the global information security industry, as well as this year. Mr. Arthur W. Coviello, the RSA Global President of the NYSE:EMC Information Security division, delivered a keynote speech to the opening ceremony of the Conference, and he stated at the outset that the widespread adoption of cloud computing would pose a huge challenge to the future information security industry, Asser Covillo There are also huge opportunities.

Covelo said: "There is no doubt that industry manufacturers and users have affirmed that cloud computing has become the global information industry is an important direction of development." It's time to get over cloud computing and how to cloud computing. But concerns about information security have become an important barrier to global deployment of cloud computing. A survey shows that 51% of global CIOs think security is the biggest concern when deploying cloud computing. ”

He argues that the challenge of cloud computing security is mainly in how to protect users ' data in cloud computing environments, and how to ensure manageability and performance. He defines four specific goals for cloud computing security: visibility, predictability, trustworthiness, and the availability of compliance proof.

But, he argues, the security of cloud computing poses an unprecedented opportunity for the security industry, who captures the opportunity to win the future cloud computing era.

These assertions let us see that for a long time to come, escort cloud computing will be the direction of global information security technology.

At this conference, RSA announced a more secure, transparent, and responsible cloud computing infrastructure, including hardware trust root, secure virtual environment, security information and event management, GRC (governance, risk and compliance) management software, with Intel and VMware. The benefit is that you can provide unprecedented visibility into the bottom of the cloud, you can see the activity and actual state within the physical and virtual machines, enabling the enterprise to have the ability to verify security conditions, dive into the cloud "black box", finer control, and enhance the differentiated policies of private clouds, such as which hardware devices can run virtual machines, Which business units can share resources, simplify compliance, and collect, analyze, and report on the activities and events of the underlying architecture layer through automated processes.

Many other vendors in the industry are also offering new solutions to cloud computing security. Before the show began March 1, the conference organized the Security Industry "2010 years of the most innovative spirit of the company" competition, the top 10 finalists are all the various security solutions for cloud computing, including virtual firewalls.

At the same time, the industry generally believes that the security services based on cloud computing will become the focus of future information security industry development direction. In fact, many international and domestic information security vendors have already made important explorations in this direction, and have made fruitful achievements in the market, such as Symantec, Trend Technology, McAfee, rising and other international and domestic anti-virus manufacturers, has already used cloud computing architecture for users to collect and distribute virus code, Conduct a credit assessment of Internet Web pages and documents. The practice was again endorsed at this conference.

Chinese exhibitors Lenovo Network Company's CTO Bi Coya to reporters, the current IPS/UTM, anti-virus software/network management, terminal security and other products can use this kind of service, but the future also need to study how to apply to the number of older equipment, such as firewalls. "The advent of a truly business-oriented cloud computing era may take a long time, but cloud computing technology for information security services is on the ground, I believe in the future in the certification, licensing management areas will be updated to try." ”

Security management increasingly important

In addition to cloud computing security trends, other technological trends are also worthy of our attention.

Lenovo Network Imperial general manager Liu Coquan told reporters, through the participants, he deeply felt the information security technology three development trends: first, the application of security has become the development of information security, the largest source of demand and development direction; Secondly, security must create new value for users; the third is the visualization trend of network security. Visualization is one of the highlights of this exhibition, the so-called security visualization, that is, through technical means, real-time grasp of the network internal visibility of the business situation, security situation, compliance, and so on, to help users really feel the value of security construction.

Bi Coya from a technical point of view, he believes that the future of security management products and solutions will be more promising. About half of the companies at the show have demonstrated safety management products and solutions, especially security information and event management Siem Products. "This is because more and more equipment, network, host and security equipment recorded a large number of logs, centralized collection and comprehensive analysis, timely and accurate positioning of security incidents has become a general demand, information security to the advanced stage of the inevitable trend of development." "He introduced, the exhibition, both ArcSight and other veteran products manufacturers, but also HP, IBM and other traditional network management manufacturers show Siem Products, as well as the traditional identity certification manufacturers RSA involved in this field."

In addition, compliance will lead the future direction of information security technology. Bi Coya Introduction, most of the exhibitors of foreign manufacturers are stressed that products in line with GRC, PCI, Sox and other related bills, the domestic will be fully initiated the level of protection and rectification work will also put forward a clear technical requirements, therefore, future product development and deployment will meet these regulatory requirements.

Chinese enterprises are inferior to foreign

Another important feature of this conference is that China's information security enterprises to attack collectively, in the Zhongguancun Science Park Administrative Committee of the Organization and subsidies, the first Zhongguancun information security enterprises to organize the overall image of 7 Chinese information Security enterprises, booth area reached 80 square meters, to impress the General Assembly.

In fact, the national or regional unity of the exhibition is not only the characteristics of China, but also the trend of the world, showing that the development of information security technology has become the strategic focus of each country. Lenovo Net general manager Liu Coquan told reporters, in addition to the Chinese government delegation, the German information security industry has also unified the organization of more than 10 companies, focusing on the latest technology, so that the global German information security industry left a deep impression. Singapore has also organised five or six companies to participate collectively to promote the Singapore information security industry as a whole. Liu Coquan that the overall effect is very good. This is organized by the government authorities, taking the form of country or city as the unit, not only solves the problem that the manufacturers do not understand the overseas situation, the preparation work is difficult to do and the cost burden is too heavy, but also helps to strengthen the impact and influence of the national level, and is a good organization form of "the government sets up Taiwan, the

Of course, participation in such exhibitions is also of great significance to China's information security enterprises. Liu Coquan that, through 5 consecutive years of attendance, Lenovo Network Imperial has undergone three important changes. The first is the change of vision, "RSA Conference is the global information security world's top event, is the global peer display, Exchange platform, through many years of participation, we gradually have with the world's leading enterprises to synchronize product planning, technical layout of the business vision." "The second is the change in tentacles," We did find an international business partner for the company's development during the meeting and put it into practice. "The last is the change of mentality," the first cautious to observe, to the two-year formal exhibition, not only understand others, but also understand their own strength, confidence more sufficient, we have the ability to compete with the world's enterprises with Taiwan. ”

It is reported that, at this meeting, Lenovo network Royal and NetLogic jointly released the world's highest-priced high-end multi-core unified threat management products Utm/ips/anti-ddos, and the United States partners in San Francisco held a strategic cooperation meeting, the initial decision through the introduction of technology team, The establishment of Lenovo Network in the United States Silicon Valley Technology Innovation Center.

However, it is undeniable that although many Chinese enterprises have the same vision as international companies, there are still some technical gaps. Liu Coquan that the deep understanding of information security technology, Chinese manufacturers are not inferior to foreign manufacturers, at the same time, in technology investment and product development also closely follow the trend. But in the infrastructure security, data security, security visualization, but also with foreign manufacturers have a big gap. At the same time, in the industrial cooperation, Chinese manufacturers also have deficiencies. "For example, this exhibition, many foreign companies are a number of security company products organically combined, and eventually form the overall solution, presented to the user." And China's enterprises are basically to display their own products. Effective integration, cooperation and sharing, set the director of each family, is the best way to ensure the value of users, but also the most necessary to strengthen the domestic security enterprises. ”