May 16, 2013 the 14th session of China Information Security conference held in Beijing, the theme of this conference is "information security new opportunities-Big data, byod,sdn, cloud security." Hangzhou Arnhem Information Technology Co., Ltd. Security services director Liu Zhile explained the cloud environment security challenges and protection.
Liu Zhile: Distinguished experts, everyone leaders good morning, very honored to be here today with you to exchange Cloud environment security challenges and protection. Because now the whole talk of the cloud is very hot, I share today is only our company on this piece of view and research, I currently have an identity, I am now the director of security services, but also at home and abroad some security meetings delivered some speeches.
Cloud computing This piece itself this is just as an introduction, there are many guests have done the detailed elaboration, this chapter I will not say how much, mainly based on the Internet related services increase, to the past the traditional to do some virtualization, the main purpose is to divide the past the resources of the data, Then how do we form a more focused, better service through the cloud pattern.
In fact, cloud computing is currently the mainstream of Microsoft, IBM and so on, eventually we summed up, nothing more than that there are three models, Iaas,paas, and SaaS, these three ways. The main point of cloud computing is that in the future, for example, the step-by-step data center DC2 Huawei is proposing, simply say some clouds, what are some of the challenges we face in cloud security? In IaaS this is a massive base of facilities that are then virtualized. But there will be a problem, virtualization security will be generated, and then reference to security will also occur, so we are in the virtualization security mechanism and distributed system control, we have a challenge.
In the PAAs model, the application of IT security is countless, open interface, to the security of the interface and put forward some new requirements. So, after the platform security, and the security of the interface and the audit of code is a challenge to us at the PAAs stage. To the highest, currently the highest state, SaaS this phase, software and services, this time is actually facing the application layer, to provide you with a better application environment, so that the application of security is also a moment of existence, for his background data security also put forward a higher number of requirements, This is some of the challenges we face in SaaS.
When it comes to cloud computing, when it comes to big data, the concentration of cloud computing makes the data more concentrated than ever before and faces more challenges. So data security for us to put forward a higher number of requirements for key data how to prevent leakage, how to carry out a full range of protection, this is our big data in this era of a challenge.
For a few stages of all clouds, we have seen that application security always runs through every level, the concentration of data, the ubiquity of application security, and the challenges of virtualization security, the rapid response, and so on, which are the security challenges we've come up with in cloud computing. In response to these security challenges, as we have in the application of security and database security has many years of accumulation, we also early on the security of cloud computing has done some research. Our solutions are focused on implementing some of the visual, controllable, auditable, and auditing aspects of cloud security, and then providing our customers with a professional security product and service, as well as helping to reduce some of the risks that customers face and accelerate the spread of cloud computing.
We also designed a safe system, through the strategy system, organizational system, and then the technical system, there are some safe operating system to achieve the system. At the technical level, we pass the foundation of some support layer, through some basic support and control, then in the foundation of the network layer, through the network core security, and then the access layer at the edge of the boundary through the security and control, in the application layer through application system and optimization, in the data layer through the security and control of the border, Through all these technical means, come and go to achieve.
Finally, in the operational services layer, we have a number of operational dimensions, which is a model of our overall security strategy. For the application of security, we mainly through the prior, prior to the security threat before, through the application of scanning tools, database scanning tools, including source code audit, QA testing, security tools, your application system for a full range of security testing to carry out a combination of artificial infiltration technology, To discover some of the security risks that your system may have, to verify and analyze weaknesses that pose a threat to you, and then do some security reinforcement, and then compare them in advance to resolve your security risks.
How quickly we provide an emergency response to restore your confidentiality, integrity, and availability, and to prevent and mitigate the serious impact of security threat events, after the security incidents that have occurred.
Afterwards, we take the security incident threat Summary, obtains the control, then goes to your strategy to rectify and consummates, to your entire system carries on the omni-directional protection.
In the traditional application of security, we are through the security of the border, such as through the firewall, the application of firewalls to achieve. But for the cloud environment, this time is a challenge to us, because we all know that in the cloud environment, some of your hardware, you have no place to connect you, there is no place for you to put, you also have no way to protect. In this case, there are some access control problems between the virtual machines, how to ensure the security of these virtual machines, we actually put forward a concept of virtualization security. We are using traditional hardware protection products to achieve its virtualization, and then in the cloud environment and other virtual environment in the same time, but its role is the same as the past physical protection products, to achieve the application of virtual environment, to achieve protection.
We used to have a network layer and a gateway on the application layer and the operating system, for example, in the past. We are using a virtualized gateway to implement some of the security issues on the entire architecture, which is a schematic of our drawing. As for the data center of cloud computing, we are mainly how to make his risk concentration, because of the concentration of risk, how we react quickly, so that there is a good system. In the Cloud Computing CSA Safety Guide also said that this is necessary, so we have a cloud based on this, through this centralized security event management, to master your global security dynamics, and then achieve agile response.
For the data center of the leak, we through the database audit, database Vulnerability scanning, web vulnerability scanning, to achieve the past for the past products to prevent leakage. How to implement cloud computing and cloud security through cloud security services under the cloud environment. We are proposing several aspects, one is through cloud monitoring, cloud auditing, cloud protection, and security services. Some experts said that the future may be in the cloud of the big Data era, security is the service, so we also see this piece.
Cloud monitoring that is, through the cloud of this automated cloud deployment, and then the cloud application system is not a trojan, you have no loopholes, there is no tampering, your page is not someone else hanging some sensitive keywords. So our access through this is not effective, real-time usability. We have launched a security based on SaaS monitoring platform, through vulnerability scanning, tampering monitoring, Trojan monitoring usability, sensitive words to achieve your 7x24 hours, for your application system to provide centralized unified security monitoring.
Cloud protection, that is, under the cloud environment, we are using virtualization technology to implement the past, such as the application of protection against your various, such as the application layer above the injection and so on these high-risk vulnerabilities.
For cloud protection and traditional protection, we can manage can be more flexible than in the past, in fact, mainly through these ways, we have to achieve for you in several areas, such as your account management, identity authentication, your resource authorization, as well as access control, operational audit, etc., this is cloud protection. Cloud audits can misuse your internal users for legitimate rights, then there is a legitimate abuse of your partner, your database software itself is not a number of platform vulnerabilities or other aspects of the vulnerability, as well as your application, and your database is not a loophole, Through these to achieve a small strength of the audit, so through what we say what time, what people do what operation, how many times, how he did some irregularities and so on, through such words to achieve a full range of data audit.
Finally talk about security services, you have all the previous technology, product protection, and ultimately the need to pass an expert security services, through the combination of equipment and artificial mode to ultimately the security of your cloud environment, to obtain a more comprehensive protection. The security services under the cloud environment first include some detection of vulnerabilities, some scans of vulnerabilities, and some simulated penetration test attacks to find your entire vulnerability.
This is what I want to talk about, because the time is up to noon, we may also be more hungry, I speak today is also relatively fast. Thank you.