The fog of cloud computing security

The current IT industry has come to the point of saying cloud computing, but most of the confused, especially it users, still have doubts about it, often thinking it's not time to use cloud computing. Why not? Because of security, because the current IT products are basically able to solve the existing problems of enterprise users, because users need to see the cloud mature application case ...

But the point is that cloud computing is a better solution than the traditional it architecture. The analogy is that, when you can open the faucet in your own home to get the water you need, you are basically not willing to think about how to drill wells in the yard to fetch water. This on-demand, on-demand, the advantage of not having to invest a lot of infrastructure resources upfront is the fundamental reason why cloud computing is widely admired in the industry. Therefore, the enterprise customer already has the IT product is not hinders the enterprise application cloud computing the inevitable hindrance. And enterprises are hoping to gain market opportunities, cost savings, reduce complexity for the enterprise is to gain market opportunities for one of the methods, cloud computing is to help enterprises get the opportunity to a technology. As a result, companies need to take the latest technology from their competitors, rather than wait until they have been used. So security is the biggest obstacle to the spread of cloud computing.

Reports from a number of professional research institutes, including Forrester and Gartner, show that the biggest concern for users with cloud computing is the security of cloud computing. However, the drum concern for cloud computing security is largely an instinctive security concern for new technologies, so before we decide whether cloud computing security really poses such a threat, we need to figure out what security issues are specific to cloud computing security.

To answer this question, we need to understand the similarities and differences between cloud computing security and traditional IT security. In fact, there are many similarities between the two, their ultimate goal is to protect the integrity of the data, protected objects are computing resources, storage resources and network resources, and its use of the technology is very similar, such as the traditional encryption and decryption technology, the same security infrastructure, ids/dpi and other basic protection methods.

Compared with traditional IT security, cloud-specific security problems are mainly three aspects.

The first is the problem of technology and management under the environment of virtualization. Traditional protection mechanism based on physical security boundary is difficult to effectively protect user application and information security based on shared virtualization environment. In addition, the cloud computing system is so large, and mainly through the virtual machine to calculate, in the event of failure, how to quickly locate the problem is also a major challenge.

Second, cloud computing, a new service model, separates the ownership, management, and use of resources, so users lose direct control of their physical resources and face some security issues (mainly trust issues) that collaborate with the cloud service providers, such as whether the user will face a cloud-servicing exit barrier, Incomplete and unsafe data deletion can cause harm to users, and how to define the different responsibilities of users and service providers is a big problem.

Third, the security problems caused by cloud computing platforms. Cloud computing platform has gathered a large number of user applications and data resources, more easily attract hacker attacks, and failure once occurred, the impact of more scope, the consequences more serious. In addition, its openness to the security of the interface also put forward some requirements. In addition, the cloud computing platform integrates a number of tenants, how the information resources between the tenants of the security isolation, the service specialization caused by multiple layers of subcontracting caused by security issues.

These three issues in general include the challenges of cloud computing security technology, how service providers and users collaborate on management challenges, and the challenges of government information security regulation, privacy protection, and forensic forensics, which are spread across geographies, multi-tenant, virtualization, and more. These problems may seem complicated, but they can all be resolved.

In terms of technology, virtualization security, data security and privacy protection are the key technologies, and a complete security protection system is built.

Virtualization security technology is now relatively mature, including trend technology and VMware cooperation for the virtualization architecture of agentless security protection technology, Check point of the virtualized environment of traffic monitoring and so on. For the security isolation of virtual machines, virtual machine mirroring security management, communication security in virtualized environments, and the unified management and visualization of virtualization and physical security devices, there are related solutions.

Data security and privacy protection in fact, traditional IT security has a relatively mature security technology, such as data isolation, data encryption and decryption, identity authentication and rights management, to protect user information availability, confidentiality and integrity.

In the security protection system, it is necessary to construct the logical security boundary and secure the virtual environment, including the underlying architecture security (through perfecting, standardizing server virtualization security, network virtualization security, storage security, high availability requirement, and virtualization security management related configuration requirements). , infrastructure security (to improve the scheduling and distribution mechanisms for the underlying resources, to prevent users from excessive consumption of underlying resources, the introduction of sandbox isolation technology to achieve mutual isolation between different applications, operational management security (through dynamic security environment to improve his security), information security level (through data isolation, encrypted transmission , encrypted storage provides end-to-end protection for the user.

For the cooperation between users and service providers, the narrow sense can be used to provide users with regular security policies from the configuration, regular security reports, active security alerts, security audits and other security services to enhance the user's sense of security. In the broadest sense, the relevant cloud security standards and evaluation systems need to be perfected, and the security standards and evaluation system can help users reach agreement on the relevant service level agreements with the service provider. In this regard, many third-party organizations such as the Cloud Security Alliance (Cloud), IEEE, IETF, etc. will further advance these efforts.

The promulgation of relevant systems, such as information supervision and privacy protection of government agencies, will safeguard the healthy and sustainable development of the industry, and act as a deterrent and disciplinary role in the attempt to violate the operation. Of course, throughout the development of it technology, government policies are often lagging behind social practice, so this is not the biggest obstacle to cloud computing.

After the above analysis of cloud computing security problems and solutions, we found that the security of cloud computing is not as insurmountable as we imagine. As the RSA Executive Director, Asser Covillo, of EMC's information security division, says, users don't have to be overly skeptical about cloud computing's security technologies, and there are actually a lot more security technologies than we think we can use to secure cloud computing. Cloud security is widely used in the era of gradually approaching, cloud computing security is no longer a building in the cloud application of a mountain, but a piece of stone can be moved together.