1 What is cloud computing security?
In the rapid development of the Internet today, the security of the network is an unavoidable problem, especially the various security threats to the business system of the potential harm gradually magnified today, any IT system construction is difficult to ignore the existence of security problems. And all kinds of "private cloud" or "public cloud" data center construction, safe, efficient business delivery is its success and necessary requirements of the foundation. Every moment, the construction process of the physical environment, the construction of cloud computing business system, the deployment of server storage resource pool and the operation of the system are all the potential manufacturers of security risks and the factors that affect the security delivery of the system. The 2011-year survey from Forrester Consulting (shown in Figure 1) shows that security concerns have become an important reference for users when they choose cloud computing services in the deployment process of cloud computing.
Figure 1 User focus survey during cloud computing deployment
As the main participants in the cloud computing industry chain, enterprise customers, cloud computing service providers, cloud computing equipment suppliers have their own understanding of cloud security: For service providers, how to build a secure cloud computing environment, how to provide customers with high security SLAs is the focus of their attention; for enterprise customers, The focus is on the security of the core data that is stored or used by its own business system, which, if leaked or lost, will damage the core competitiveness of the enterprise. It can be seen that, although the respective perspectives are different, but its essence is to focus on the security of the entire cloud computing business system, which is our definition of cloud security, then we will be based on this perspective of cloud computing security risk analysis.
2 security risks in a cloud computing environment
In the construction process of cloud computing, every construction link may lead to security problems, such as the security of physical computer room environment, the security of network, the security of application system, the security of data storage and the security of management platform. Without the safety of the physical environment, the security risks that may result from several other links can be attributed to the following aspects.
1 disclosure or loss of user data
This is the current cloud computing users are most concerned about security risks, but also the user data disclosure is an important way. User data in the cloud computing environment for transmission and storage, the user itself for their own data in the cloud security risk does not have the actual control ability, the data security completely relies on the service provider, if the service provider itself to the data security control existence omission, is likely to result in data disclosure or loss. There are several typical situations that may lead to security risks at this stage:
Because the server security flaw causes the user data loss which the hacker invasion causes;
The risk of user data being invaded due to the security vulnerabilities of virtualization software;
The data is not encrypted during transmission and leads to information leakage;
Encrypted data transmission But there is a lack of key management leads to the leakage of information;
There is no effective isolation between different users, which leads to the theft of data;
User data is stored in the cloud without a disaster recovery backup.
From this point of view, cloud computing service providers in the recommendation to users of cloud computing services, and enterprise users need to sign a service quality assurance agreement, and from the technical and management of two aspects of security to users to reduce user concerns about data security.
2 user application can not be safely delivered
Cloud computing service providers in the maintenance process, the entire cloud computing center of the server storage network and other resources for operational management. In this process, any operation dimension management link's problem, possibly to the user's application causes the damage, if because of the configuration negligence, causes the user the fictitious computation resources to be insufficient to run the business system normally, because the network security Configuration error causes the Internet connection impassability; Because the service provider to the public security risk such as DDoS attack protection is insufficient, causes the user external business delivery to have the failure and so on.
3 Internal personnel data theft
Enterprise's core data storage in the cloud computing environment, can not be separated from the administrator's operation and audit, if the management of the service provider internal omissions, will likely lead to internal personnel to steal user data, thereby causing damage to the interests of users. In this case, in addition to the technical means to enhance the data operation of the log audit, strict management system and irregular security checks are very necessary. Cloud computing service providers need to investigate the background of the staff and develop appropriate rules and regulations to avoid internal personnel "crime", and ensure that the system has sufficient security operation of the log audit ability, in order to ensure user data security, under the premise of the third party audit unit to meet the compliance audit requirements.