2013 Cloud computing risk is becoming more significant

Companies are moving into cloud computing, either for lower costs or for innovative drivers. Especially in China, the Government attaches importance to the development of cloud computing, policies, funds continue to promote the development of cloud computing industry. Recently, there is news that the Ministry of Industry is stepping up the development of cloud computing industries guidance, and is expected in 2013 after the formal introduction of the two sessions. Therefore, the 2013 for cloud computing, will be vigorously developed, accelerated the popularization of the year.

In this regard, Symantec China technical support director Li Gang believes that as the cloud development into depth, security risk issues will gradually reveal and become increasingly prominent in the 2013, but as the industry attaches increasing importance, cloud services and industrial environment will be more secure direction of evolution. Coincidentally, the analyst Gartner report predicts that the growth of cloud computing will be a driving force for 2013 's Security trends, and that the 2013 will be a significant year for the security development of cloud computing.

Shadow IT expands security risk

At the moment, the biggest concern and challenge of cloud computing is security. Many research reports point out that security is the first factor impeding the company's move towards cloud computing. At the same time for many Chinese enterprises, for the long-term self-built IT resources of thinking, the current cloud computing service model acceptance is not high, data security, leakage risk and other misgivings. This, in the opinion of Li Gang, can actually translate into how companies measure the value of their IT departments and business units.

"Business decision makers need to consider what the value and primary value of IT systems are, and secondly, what is the core value output provided by the enterprise itself." Li said that when it is an important embodiment of enterprise competitiveness, it is possible to deliver Non-core value components to cloud service providers through the cloud, thus concentrating more resources on competitive value.

Enterprises through the cloud computing service model so that they do not have to worry about the cost of building it facilities, and enhance the level of information, for manufacturers, suppliers, but also to create more market opportunities, is a winning choice. But given that cloud computing is still at an early stage of development, it will take some time for business thinking to change and market cultivation.

At the same time for the upcoming or already into the cloud enterprises, enterprises need to be aware of the cloud into the enterprise after the company's security control changes. With the increasing number of cloud services that businesses can choose from, and more convenient to use than traditional IT systems, and to the rapid response of business, some enterprise departments and individuals have abandoned traditional IT services that require long development and are switching to immediate use of external cloud services. This has also resulted in a number of shadow IT Services (Shadow it) that are not managed by IT departments. In the opinion of Li Gang, these shadow it is not integrated into the corporate IT governance compliance process, in the process of hosting enterprise data in the cloud server, compliance assessment, risk assessment will become very difficult.

Li Gang, for example, now many business people like to use Dropbox cloud storage services to easily access the file, but it is likely that some of the company's project sensitive data, design, intellectual property rights and other information from the company's control. This will be a big risk disclosure channel for the enterprise. According to a recent survey by a foreign storage management software company Nasuni about the use of Dropbox by companies, 5 of the 1300 business people surveyed use Dropbox to store business files in their jobs, and most of them bypass IT departments for private use, Senior executives are still the largest group of users.

In these cases, the enterprise can neither disallow the use of shadow IT services, because it is likely that competitors are also using such cloud services to improve productivity, but after the adoption, there are many potential pitfalls. "This requires a compromise solution that enables companies to expand their IT management and compliance methods to the cloud." "There is a corresponding solution to the demand for Symantec, which is essentially a cloud security gateway," Li said. Employees in the enterprise use cloud services, when connected externally through a corporate network, it is able to identify the cloud services used, then control the cloud services, and see if departments and employees use the cloud services to comply with the company's security strategy, whether there is information not approved to disclose and so on.

Lack of regulations and the popularization of elbow cloud service

In addition, the increase in the use of cloud service model is also dependent on the legal and regulatory environment to further strengthen. For companies, when the Non-core business is delivered to the cloud supplier, it is necessary to define the problems and responsibilities such as the service level, security, reliability and interruption of service, but it is different from the United States and other place, the information service has clear rules and regulations, at present our country related laws and regulations construction still groping stage.

"That's why the private cloud in China is growing faster than the public cloud," he said. Because the private cloud is actually an attempt to leverage the concept of the cloud within the enterprise to enhance it flexibility and reduce costs, public cloud services now have such a problem, which needs to measure the benefits of risk and return. "said Li Gang.

But Li Gang also said that there are many times in the absence of legislation, some new things are easily accepted by users, the most notable example is the early adopters, Consumer-to-consumer development process. "The beginning of E-commerce development did not have a lot of laws and regulations issued, when we found that E-commerce is particularly convenient, the industry quickly swelled up." For China's cloud computing services, the possibility is not ruled out, perhaps one day the explosion of growth, although the regulations may lag some. ”

Private Cloud: Server security is more important

In the opinion of Li Gang, it is not absolute that the level of security after the enterprise adopts cloud computing services. While public cloud services have expanded exposure to large enterprises, they may be converging for small businesses. Because small businesses may have limited access to secure resources, cloud service providers may have a higher level of security after using cloud services. In any case, the concerns of the enterprise with cloud services can in fact be attributed to the enterprise's awareness of the existence of risk and its inability to audit and prove security.

In addition, while companies have misgivings about accepting cloud service patterns, many have not overlooked the advantages of cloud computing, starting to build private clouds, reducing costs and strengthening their IT capabilities. Looking at the overall development of domestic cloud computing, the current situation of private cloud development is also present.

"From a security point of view, the private cloud construction is actually more focused on the business," he said. "said Li Gang. Traditional enterprise internal system construction is into a chimney-like, into the cloud environment, the risk will be more concentrated. But "a concentration of risk is not necessarily a bad thing." When the risk is concentrated, the business may be more easily regulated. ”

After all, he explains, cloud environments are not the same as traditional environments, and many companies use virtualization as an implementation technology for private clouds, and in virtualized environments, the protection of the system is completely different from the original physical environment. From the internal view of the enterprise, it is likely to be a mixed environment, that is, both the traditional physical environment and virtual environment to constitute the so-called private cloud.

In this case, new technologies are needed to implement protection. For example, the traditional protection of a data center, is to use the traditional security domain, the network to protect a data center, but now this kind of protection is not enough in the virtualized environment, and because the virtualized environment is easy to cross the traditional definition of domain, virtualized environment makes the concept of security domain blurred, blurred boundaries. "Then the enterprise needs to take into account the direct protection of the server that has not been taken seriously before." "Li Gang points out that the traditional server-side security is rarely implemented, the general industry attaches importance to network, terminal protection, and rely on data center network isolation, such as implementation of protection." But in a private cloud, where the boundaries are relatively blurry and easy to break through, protecting the server itself is critical.

Cloud computing creates new software delivery model

Cloud computing as an IT development background, for the enterprise is both an opportunity and a challenge, at the same time for equipment providers, technical service providers, cloud computing brings more change! This is no exception for Symantec.

Today, software vendors, including Symantec, using cloud computing, have their own new business models. The traditional software is provided to the user by the license, the user installs by the license authorization. The cloud model was born, many software, services can be submitted to the user through the cloud mode, exempt users to buy their own software, take the system, and then the building environment integrated into the existing environment of the complex implementation, and these software vendors in the cloud era has successfully turned to cloud service providers. Currently, Symantec has been able to provide global customers with 16 kinds of cloud services, including backup, archiving, network security, encryption, business continuity, authentication services. Symantec is also about to launch a cloud service Symantec.cloud in China to meet the needs of companies in terms of security, flexibility and efficiency.

At the same time, it will become an important trend for future IT security development to pay users with IT security services through cloud mode. Gartner predicts that by 2015, 10% of the IT Security enterprise features will be delivered through cloud computing, although the focus is still on communication, web security, and remote vulnerability assessments. However, more technology is expected to support the maturing development of cloud computing, such as data loss protection, encryption, authentication, and so on.

In fact, including but not limited to cloud service providers, in the cloud, Li said Symantec will play three roles: Symantec itself is a cloud service provider, and the second is to help users build the cloud; third, to help users safely and reliably use the cloud.

Dialogue: Symantec, Director of technical support, Greater China, Li Gang

Q: Cloud computing after several years to explore, gradually to the landing, 2013 cloud computing development will show what characteristics?

Li Gang: The application and popularization of cloud computing in the 2013 will accelerate further. Because cloud computing's return to business is still higher than the initial cost of investment, and China has a lot of upfront investment in cloud computing, including a huge amount of resources invested by the Government in building industrial parks and cloud bases, which in the 2013 will gradually show its drive and pull and reduce the threshold for cloud computing.

On the other hand, the risks posed by cloud computing will become increasingly significant from 2013 onwards. At present, the industry in this area of concern, awareness is not high enough, so in the early days there will be some cloud computing risk problems. As these risks are gradually revealed, the industry may be more focused on cloud computing and its risk issues, which could make future cloud computing services and the environment more secure.

Q: How should companies respond to the potential risks of cloud computing?

Li gang: First, businesses, users need to know that the risks are real and know where they are, and then use some new technology to manage these risks. In fact, the most critical question is whether companies can recognize the existence of risk and deploy these technologies and tools.

Q: What are some of the myths and areas of concern in the private cloud building process at present in domestic enterprises?

Li Gang: domestic enterprises in private cloud building, the idea should not be too rigidly adhere to some style and technology, in fact, many it new things appear, will have this phenomenon. For private cloud and virtualization, businesses sometimes create confusion, thinking that virtualization is the cloud, or that it must be virtualized as long as it is a cloud. In fact, there is no inevitable derivation of the relationship between the two, because the cloud model is more important is the process, the use of the way, is a service, such as the inclusion of on-demand extensions, not in what technology to achieve.

In addition, in the private cloud construction, we need to consider the security construction first, because it is a cloud model, breaking the traditional it construction in the border, security domain as the starting point of some security protection construction ideas. In addition, safety to be proactive, the security of this prevention and control means with the construction of the cloud at the same time, and in the private cloud mode, this also becomes feasible.

(Responsible editor: The good of the Legacy)