Guo Jing and Zhou botong will take you on the road to public cloud security Cultivation

On the road to public cloud security cultivation, Guo Jing and Zhou botong take you to this article, Sun Wei, author of freebuf special expert

Security is a red line for public clouds. Today, let's talk about why public cloud security is better than private cloud in the context of seemingly numerous threats?

Old rule: Add a paragraph first.

Enchanting old drivers

To be eligible for driving, you must first have your own ownership and get your own ownership.

The average person can take a C photo and drive a private car to shake the market. Of course, the premise is that you can shake the number. But if you want to practice the stalls and sell watermelon at the door of the university dormitory in the summer evening, you have to take a B photo at this time. If you want to drive more than 1 million buses to and from work on the peak of your life one day, sorry, you have to take a photo of.

Of course, the difficulty of the three driving licenses in CBA increases progressively, so many times, when you are sitting in a bus, you will find that when the car turns around, passengers in the front row often send a burst of intense reminders that they have to hit and don't stop.

At this time, the big brother of the driver turned a deaf ear and looked cold. He put his hand on the steering wheel with a cool face, and turned his head around and rubbed the steering wheel for a round and a half, so he lost his head in an astonishing way, the passengers breathed a sigh of relief and turned to the driver's eldest brother with a red face and worship.

Why do we need to tell the stories of old drivers, because there are things behind the old drivers.

The probability of a traffic accident in a city's public transportation facilities is far smaller than that in a private car, and the driving age of a bus driver must be more than five years. Public transportation facilities, such as public transit and subway, must perform daily security checks, while trains, high-speed trains, and airplanes must perform security checks before and after every duty. Private cars do not forcibly stipulate that you will perform annual inspections upon expiration, maintenance on time is OK.

Why should we emphasize the comparison between public transportation and private cars?

In fact, this also highlights that public clouds are much stricter than private clouds in terms of security compliance.

When the security compliance requirements of the private cloud only need to meet the basic security requirements, the security compliance requirements of the public cloud may have reached the top requirements of various international security compliance. In other words, when the private cloud does not recognize the certificate, the public cloud is already performing the authentication.

This is exactly why the public cloud will be awarded the highest security compliance certification in China and abroad.

High standards and strict requirements. On the one hand, it is the mission to ensure the security of customers, and on the other hand, it is the responsibility of a large factory.

One of the reasons is that the public cloud has gone further in terms of security compliance capabilities.

Cypress trees in Lishan

I saw NHK's documentary "image Poem: Lishan" a while ago. This documentary tells me that Japan, with a highly developed industry, has preserved a land that is closely related to nature, A delicate and balanced ecosystem is maintained on this land.

There is a scene in the movie that is impressive. On the lush mountains, there are several long-standing Yellow cypress trees. Every time, the master of the yellow cypress tree will cut a piece of bark, the bark of the yellow cypress is very thick, and the inner surface is golden yellow. It can be used as a dye, and can also be used as a medicine, which has high economic value.

The biggest feature of the yellow cypress tree is its strong self-healing ability. After a period of growth, it can restore its bark, unlike Wolverine's ability to restore itself in sci-fi movies, the self-healing capability of the treasure tree is a kind of talent favored by the creator of nature.

In fact, in the security field, self-healing is also very important. When the system is under attack, it can respond in a timely manner, fix vulnerabilities quickly before the damage expands, and eliminate system vulnerabilities. This is the self-healing capability in the security field.

Without a doubt, the public cloud has encountered hundreds of times the security threats of the private cloud, providing a large number of training samples and Attack and Defense scenarios for its self-healing capabilities, the unique openness of the public cloud gives it a complete and rich Attack and Defense ecosystem.

Hacker groups, Senior hackers, script kiddies, and public cloud businesses are constantly challenged by these security threats. The public cloud itself is like a large Sonar System, which detects various known and unknown risks in the network ocean and constantly improves the profiles of various attacks and threats based on feedback, and quickly provide security feedback to eliminate the enormous dangers posed by these threats.

The self-healing capability greatly improves the security efficiency of the public cloud platform. For example, the inconspicuous security patches or protection rules for a service may benefit a large number of unrelated cloud customers. Also for example, the late April issue of The struts2 S2-032 vulnerability, in response to timely public cloud team will be in the first time to update the protection rules, making the cloud customers from its difficulties.

In terms of self-healing capabilities, the unique public cloud environment makes it grow faster. This is the second reason.

Master Guo Jing

Do you still remember the pillow story you read when you were a child? You have an apple and think about it next door. There is also an apple for your children's shoes. After the two of you exchange, each person has only one apple.

If you change apple into a story, you will have two stories.

If you change apple to a vulnerability, you will know two vulnerabilities, and there are a large number of customers on the public cloud. If each customer reports one vulnerability to you, the number of vulnerabilities known by the public cloud security team is too large to be scary, and then these vulnerabilities are fixed one by one, this security enhancement for public cloud platforms should not be simply 1 + 1.

This is actually the bonus of Security crowdfunding, just like Guo Jing, who has seven masters in the seven NOPs in the south of the Yangtze River, even if each of them teaches him a set of skills, what he learned is far from being comparable to the one brought by a master.

Today, on the public cloud, everyone is a master. All attacks against these customers will be reported to the public cloud itself. The same is true for vulnerabilities.

With the left-hand threat intelligence and right-hand Vulnerability Data, coupled with a fast-moving brain, the public cloud is like Zhou botnet, a tough old urchin with both sides and sides, enough to be invincible in the hacker's Jianghu.

Of course, security crowdfunding brings far more dividends than that. Currently, public clouds have invested more in security than private clouds. Whether it is team building, security budget, technical platform, or protection capabilities, these are the major benefits of public cloud security crowdfunding.

Security is always overestimated in the short term, but underestimated in the long term. The same is true for public clouds. In the short term, cloud-based business needs urgently make security overestimated. However, with the development and improvement of the public cloud security ecosystem, there are more invisible technical needs for public clouds than actual business needs, this also makes the security capability enhancement driven by technical needs far exceed market expectations.

In terms of security crowdfunding, the security ecosystem benefits of public clouds are greater than that of Private clouds. This is the third reason.

Tail

I have used two articles to express my point of view. In fact, I want to change the inherent concepts of everyone. The closed ones are not necessarily the safest, it is not safe to keep the money in your own (Article 1 can be viewed in the public account sunw3i ).

The openness and ecosystem of Public clouds have made great strides in security and have already stood out in comparison with Private clouds and traditional IDCs.

Public cloud is close at hand. Are you ready?

* Sun Wei, author of this article, is a special author of freebuf experts. The repost must indicate freebuf hackers and geeks (freebuf. com)

Guo Jing and Zhou botong will take you on the road to public cloud security Cultivation