Doubts about the security of cloud computing services

Into the 2011, not talking about "the cloud" of it meetings was almost gone, manufacturers are scrambling to launch the "cloud" concept and program, the user is gearing up to project construction; we discuss the "cloud services" model of the industrial chain, the imagination of the "cloud economy" of the grand Blueprint; from flexible computing services to public rental services, from "Private cloud" to " Public cloud, from "cloud security" to "Safe cloud" ...

I'm not going to discuss all kinds of cloud operating patterns and technologies here, just to make it clear: "Cloud services" is a service model that shares IT resources, which we often call it leasing services, infrastructure (IaaS), service Platform (PaaS), Software (SaaS), All require the user to be willing to put the business into the "cloud" to achieve (or no other choice), and also need a certain number of user support (business is easy to use), otherwise the cloud service manufacturer's construction is a loss, and may even be like "Iridium Star" program, technology and goals good enough, but the number of users, finally reduced to be sold the end.

Are users willing to choose cloud services? What are the users thinking?

"Differences of opinion"

Some people think: The Cloud service model is suitable for the public service, such as network search, online games, travel information and so on. The internet is a "cloud" service for most users, and Google's vast search capabilities benefit every user, with little difference in service patterns and cloud services. Some people think that: the network of many large enterprises is very large, in order to reduce the enterprise internal departments of repeated investment, can fully apply the technology of cloud computing to the internal network, which is the concept of "private cloud" we heard.

There is also a point of view: believe that personal information processing, enterprise business processing will use the public cloud service model, hate can not be the future of the Internet to retain only a few it giants to build the "cloud building" [Unified portal access, unified resource management, unified service model, unified security Management ... Some of the world's universal meaning of it, people all over the world have only a simple terminal, submit your request, information transmission, processing, storage is "cloud" thing, users as long as the access to the cloud, you can achieve their desired.

I do not agree with the latter point of view, the processing of personal information, corporate information network has its own private requirements, not suitable for public network processing, some privacy information is only suitable for their own terminals to save, between private and public there should always be a door. The so-called private "cloud" can be connected to the Internet, but I don't think they can be fused into a "cloud". I think, the beginning of the Internet development, someone want to make it private, completely controllable, but to the development of the present, the Internet is still public, full of individuality, the charm of the internet lies in his openness and equality.

"Five Big Questions"

The service model of cloud computing represents a kind of technology direction, especially the advantages of unified management, resource utilization and green energy saving brought by virtual technology can not be neglected. I am here from the user's point of view, summed up the use of cloud service model of some of the worries and doubts, and we explore together, hoping to find answers or inspiration. In fact, if the cloud service model advocates can give a satisfactory answer to these doubts, I think users of the cloud service model will be assured to use, with users, should and should not be discussed without the problem ...

1, Virtual machine security issues: virtual machine security?

The core technology of cloud computing is virtual technology, virtual technology is virtual out of the user's "dedicated" computer on the physical computer network, different users run their own business software on their virtual machines, they think that every guest in the hotel has his own room. But if a user is malicious, he through his virtual machine, upgrade to the backend system, obviously can "spy" to other users on the cloud service platform, a bit like the next door users walked into your room, how do you do? It seems that this is not a polite question so simple. Moreover, this breakthrough virtual machine "boundary" the "right" technology has emerged, the question of whether a virtual machine can effectively isolate a user's "private space" seems to have to be answered; even if the hacker does not invade, the cloud service provider is free to browse through the user's data, such as a hotel attendant can walk in and out of your room (while you are away), There is always no "home" feeling it.

If there are doubts about the security of virtual machines, how can users dare to give their business to cloud service providers?

2. Private information question: Who Moved my wallet?

Cloud Services provides more than just watching video, playing games, and cloud storage services can store personal data for users; The cloud service platform can handle daily office approval, personnel files, contract orders and financial statements for small and medium-sized enterprises. Flexible Computing services can provide scientific computing power to research institutions ... Users put their information into the cloud, the enterprise business processing into the cloud, cloud service providers are to deal with, storage of these "private" information services, the security of such information is still only dependent on the personal self-discipline of cloud services? Note that the staff of the cloud service providers, the enterprise good self-discipline not only need strict system, but also need to put in place management, more to have the deterrent of error punishment.

At present, many government, telecommunications, banks, shopping malls and other service providers, speculation about the user's personal information is not uncommon, if the company chose Cloud Services, the company's secrets will not face the same embarrassment? Personal information can be falsified, sold to advertisers, corporate information may involve commercial competition, intellectual property.

Who took a look at you, you should not care about, but who "inadvertently" in the move your wallet, whether you also as did not see it?

3, "triad" question: Who is helping hackers attack me?

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/

This question is very interesting, but there are many practical cases. Cloud services can provide strong computing power, which is beyond doubt. Cloud services are a public service, and the user's identity is inevitably censored, and some attackers exploit this vulnerability. General hackers to launch DDoS attacks, the need to buy a large number of "broiler", because the individual broiler attack ability is weak, now hackers can rent cloud services paid services, the ability to quickly improve the attack. The virtual machines provided by the cloud services are charged according to the processing power and bandwidth required by the user, and do not care what software the user runs in the virtual machine, because this is the user's personal problem. The hacker rents the high processing ability the virtual machine to launch the DDoS attack, does not have the unusual to the cloud service itself, even if the cloud services provider discovers, estimates also is too late. And, because the target of the attack may be anywhere in the world, cloud service providers looking at the money, whether willing to "actively" with the treatment?

There is also a very interesting topic, we all know that the intruder to decipher the user's password requires a strong computer processing capacity, because the lack of processing capacity, so that a lot of security protection can be used normally. With cloud services, intruders can use this powerful, inexpensive tool to break the benefits of a password, and rent a cloud service costs, should not be comparable to it. We have to ask: cloud service providers can distinguish users in the virtual machine is to decipher the password, or "scientific calculation"?

How do you manage cloud service operations if cloud services become an accomplice to the "network Underworld"?

4, the quality of service issues: User access to business services enhanced it?

Cloud service providers are most proud of the saying is that cloud services can avoid duplication of building computer systems, save costs, reduce maintenance investment, while centralized construction of computer room facilities, high degree of specialization, backup and disaster disaster are in place, the user's business security factor is naturally high.

The hardware to reach the telecommunications level is beyond doubt, management standards can also be improved to understand, but the software on the large system after the reliability is declining?

As we all know, the reliability of the system with the complexity of the system should be the first rise after the rapid decline of the curve, the system is complex, considering many factors, all kinds of unexpected loopholes are unavoidable; we have a lot of examples in reality, Microsoft so many people have done so many years, and often want to play patches, Who would have said that his cloud services platform software had just been released for a few years and would be mature (with more complexity than personal operating system software)? Microsoft's operating system affects individuals, and cloud services affect a group of people, and your neighbor's virtual machine crashes, can it not affect your virtual machine? The cloud is huge, concrete complexity to what extent, our current cloud management platform can manage to how big cloud, have not a credible argument. The impression that cloud gives person seems to be nihility, uncertain, and the service that the user needs is stable, stable.

If the choice of cloud services, greatly affect the efficiency of the operation of the enterprise, save money than the construction of their own computer network system, will someone willing to choose cloud services?

5, cloud Security problem: Without the network boundary, the world can Datong?

The traditional computer security idea is to first clear the network, the service boundary, to isolate the attacker from the user, the firewall is each user and the internet between the "wall", like the city's family have a security door, the door is their own home, outside the door is a disturbance of society, closed the door is their own quiet, their own private space, Free access to other people's private space is not permitted by national law.

Cloud service model, the use of virtual technology to provide users with business processing services, users do not know where their data exist, business software "running" on that server, even the face of dynamic virtual technology to make thousands of servers cloud, that is, cloud service providers themselves are also difficult to understand the user's data stored in that enclosure, See only the user's traffic and output results. This means that the user's "private, virtual network" no longer have boundaries, the traditional border security protection ideas are greatly challenged, the new security model needs further discussion and practice.

The world will not become datong because of the cloud services, now the network has intruders, using the cloud service model, the intruder also exists.

Most of the current cloud services use user identification technology, but only rely on this technology to solve some of the security problems, even if the service provider and the user's two-way authentication, but also around the current identity technology existing deficiencies. We all know that high cost certification technology is difficult to popularize, low-cost authentication technology easy to decipher.

There is also an old problem: The simplest and easiest denial of service attack can disrupt the business of the user, how does the cloud provider block the attacker's denial of service attacks and ensure that real users are free to enter their virtual machines?