For different cloud service patterns, security concerns are not the same; there are, of course, some of the 3 models that need to be focused on security, whether it be IaaS, PaaS, or SaaS, such as data security, encryption and key management, identity and access management, security incident management, Business continuity, and so on. IaaS Layer Security Policy: IaaS covers all infrastructure resource levels from the computer room equipment to the hardware platform. The security of IaaS layer includes physical and environmental security, host Security, network security, virtualization security, interface security. 1. Physical security: The protection of the cloud computing platform from earthquakes, floods, fires and other accidents, as well as damage caused by human behavior. 2. Host Security: should be required to identify, access control, security audit, residual information protection, intrusion prevention, malicious code control, resource control. 3. Network security: Network structure security, network access control, network security audit, boundary integrity check, network intrusion prevention, malicious code prevention, network equipment protection. 4. Virtualization security: Including two aspects of the problem: one is the security of virtual technology itself, the second is the introduction of virtualization new security issues. 5. Interface security: the need to take appropriate measures to ensure that the interface of strong user authentication, encryption and access control effectiveness, to avoid the use of interface internal and external attacks, to avoid the use of interfaces for the misuse of cloud services. PAAs Layer Security Policy: PAAs is above IaaS and adds a layer to integrate with application development framework, middleware capabilities, and database, message, and queue functions. PAAs allows developers to develop applications on the platform, and the programming languages and tools developed are provided by PAAs support. The security of the PAAs layer mainly includes the security of interface and operation. 1. Interface security: the need to take appropriate measures to ensure that the interface of strong user authentication, encryption and access control effectiveness, to avoid the use of interface internal and external attacks, to avoid the use of interfaces for the misuse of cloud services. 2. Operation Safety: Mainly includes the security audit of the user application, the monitoring of different applications, the isolation of different user systems, the security audit, etc. SaaS Layer Security Policy: SaaS is located on the underlying IaaS and PAAs, and SaaS provides a separate running environment for delivering a complete user experience, including content, presentation, application, and management capabilities. The security of the SaaS layer consists primarily of application security: to take security into account at the beginning of the design and development of the application, you should develop and follow the SDL (Security Development Lifecycle) specification and process that is appropriate for the SaaS model, and consider application security throughout the lifecycle. "Responsible editor: Blue Rain Tears TEL: (010) 68476606" Original: Parsing cloud service Three modes of security policy return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
