Cloud computing challenges and contributions to the field of information security

Security issues in cloud computing have been the focus of attention. According to the latest statistics of Internet Data Center (IDC), the biggest problem that government enterprise users face in the information technology solution market in 2012 is how to enhance information security. In the questionnaire survey, 46.7% of the participants thought that the information security problem is the most important. Another survey showed that 75% of participants were hesitant about security when considering whether to use cloud computing services. In short, users ' data are stored in a cloud that is far from the user's control and shared by cloud computing resources, making users ' concerns about data security and privacy a major obstacle to the popularity of cloud computing services.

Cloud computing as a new computing model, in addition to the traditional security includes: equipment security, data security, content security and behavior security, but also has the following characteristics: First, the physical computing resources to share the virtual machine security problem. Virtualization technology is the key technology to realize computing and storage resource sharing in cloud center, while virtualization security is the security of Virtual Machine Manager, on the other hand, virtual image is secure. Another feature of cloud computing information security is the contradiction between user privacy protection and the availability of cloud computing from the physical separation between the data owner and the data. These are problems that have not arisen under other computational models and need to be addressed by new scientific ideas and technologies.

But cloud computing, as the basic architecture of the next Generation Internet, brings not only the challenge to information security, but also provides some effective means for information security. The intensive and professional nature of cloud computing provides a wealth of resources and services that were not available in the Internet age. Therefore, security can also serve as a service to users, with a more flexible and flexible delivery form for information security protection provides a new way and way. The current information Security service is still running on the client computing device side, it takes up a lot of system resources, and if you migrate them to the cloud, you can save customers a great deal of money, and also enable customers to use newer, better, and more secure services at any time, that is, security as a service for the user, as a Service,secaas Security is service.

Secaas can realize the specialization, socialization and automation of the information Security Service, the Cloud Security Operation Service center of the Blue Shield shares can provide the user with the Professional Information Security Service platform, focus on the information security related threat processing, provide the corresponding information Security service. At present, the Blue Shield Cloud Security Operations Center provides Web site protection and accelerated services to the form of cloud defense online Delivery (http://www.cloudfence.cn), users can register directly on the platform, access to the need to protect the site can obtain the corresponding security services.

Cloud defense through the Advanced Secaas mode, to provide a one-stop security services to the site, to prevent such as XSS, SQL injection, 0 attacks, DDoS attacks and other Web site security issues. The value of the cloud line of defense is to let the Web site from the network attacks caused by the troubles, in the face of various traps, increased risk of network information flow, no longer need to use the traditional way to purchase complex and expensive traditional security equipment, you can obtain a reliable and perfect security protection capabilities from the cloud. Greatly reduces the user's security protection cost, has turned the security into one kind of on-line service resources. In order to provide users with customized, no delay in security protection, but also can enhance the speed of Web site access, reduce failure rate, and to provide users with intelligent Web site data analysis, to help users optimize the business plan, improve the conversion rate of the site. None of this requires users to deploy any hardware or software in their own business systems, and users of government enterprises can easily acquire advanced technology directly from the cloud.