Building a safe "cloud-tube-end"

Communications Industry newspaper reporter Shandan Lu Ziyue Igia in the entire "cloud-tube-end" architecture, the most vulnerable is the end.　　Some users think that the "cloud" is not safe and resist use, in fact, often the user's own security attention is not high, resulting in the account password is stolen, thus bringing about the corresponding security risks. "Communications Industry Newspaper" (NET): Cloud computing in people's lives brought convenience, but also brought a lot of information security challenges.　　What security issues do you think cloud computing faces? Lin Yu-min: Cloud computing faces the following 10 security issues: First, hackers invade cloud servers, steal data, and second, cloud service providers in-house employees steal sensitive data from customers, and third, use other customers of the same cloud service provider to accidentally acquire or steal sensitive data; four, cloud resources are malicious abuse, be used for spamming or as a malicious host; the data transmission of a particular sensitive data to a cloud data center abroad may violate local laws; the foreign government may, without the client's authorization, read the information in the local cloud data center;　　The customer is not easy to audit the cloud service provider's security control measures and access records; Eighth, the cloud service provider Equipment management is imperfect, resulting in service interruption; nineth, cloud service providers failed to continue to provide services; It should be noted that in the entire "cloud-tube-end" architecture, the most vulnerable is often the end.　　At present, for many users, they think that the "cloud" is not safe and resist the use of cloud services, in fact, often they are not highly focused on security, resulting in the account password theft, resulting in the corresponding security risks. Ramprasadkan: It is important to differentiate the data security risks of a general network from the data security risks of cloud computing.　　The main risk of cloud computing is the loss of access data (the cloud service provider's services may fall) and the lack of transparency about the quality of security implementation in the service provider data Center. Wuhang: Centralization of information resources makes security risk centralized, so cloud computing needs to take into account high-availability design, virtualization Security and entity security differences, traditional security solutions to meet the needs of virtualization, so need more flexible solutions,　　If the security gateway that can run on the Vmwareexsserver software form is used to protect the virtual machine; As with physical security, virtualization security also requires comprehensive multi-level protection, from application to host, from endpoint to Gateway, from hardware to software, from network layer to application layer.　　"Communications Industry Newspaper" (net): through the cloud to the user's data are centralized to a local storage, this will not increase the target of hacker attacks, so that the risk of storage is greater? Lin Yu-min: Concentration is not necessarily more risk of attack than fragmentation. On the contrary, in the context of cloud computing, the enterprise will focus on the user's data, and accordingly will establish a centralized protection mechanism. The traditional practice was that because of the large enterprisesThere are many branches in the industry, they need to put in every branch of the firewall and other security equipment, resulting in a bloated security equipment, not conducive to management, and thus the possibility of danger become greater. Now that the centralized protection mechanism is deployed, the security is simpler and more efficient, and the cost of security is greatly reduced.　　Thus there is time and capital to put in the establishment of more new defense mechanisms. Ramprasadkan: Technically, cloud storage has sophisticated isolation technologies that can provide isolation for even shared data stores. Importantly, the host application of the Enterprise Public cloud architecture This information pattern data cannot be accessed by external applications, which reduces the risk of hacker attack.　　All data is not stored in the same location, and cloud service providers store data in multiple areas to provide data security and reliability. "Communications Industry Newspaper" (net): users to their own information to cloud computing service providers, whether there is the risk: cloud service providers will be able to peek at all users of information? What do you think is necessary to build trust between users and cloud service providers?　　How does cloud service provider protect user's privacy security? Lin Yu-min: This is true.　　However, users will certainly choose the services of highly reputable cloud service providers, which generally pass the ISO27000 and SAS70TYPEII international security standards, and generally have a high level of security credibility and perfect security protection measures. In addition, users can verify the security of the cloud service provider through a variety of measures, such as ex post audit. At present, cloud service providers generally provide more secure data protection measures, such as using Google's Gmail Mail service, Google will provide users with two passwords, one of the password by the user to set up, is a static password, while, Google will also send the user a dynamic password, which is usually updated in a few 10 seconds, and is sent to the user's mobile phone.　　In this way, even if a hacker succeeds in attacking a user's PC, the user's data cannot be obtained because there is no password on the phone. "Communications Industry Newspaper" (NET): Cloud computing security has become a new topic in the field of information security. What new opportunities do you think cloud computing provides for the development of the Information security field?　　Where do you think you should study to improve the security of cloud computing? Ramprasadkan:it service providers will play an important role in cloud security services. The consolidation of multiple public cloud services and in-house self-built enterprise it (applications and infrastructure) requires management, risk reduction, and regulatory management. IT service providers can manage cloud security in all aspects of the client technology.　　Some examples of cloud services include dynamic Data leak detection, reporting and tracking, identity and access management, tagging of sensitive data, applications, and compromise detection of web sites. Today's sophisticated technology ensures the security of network data and other data. Cloud service providers in the number ofIt is important for the center to perform technical transparency (for customers), which performs including data backup, disaster recovery, where they save data, and the facilities available for auditing access to data. This transparency will give customers a certain degree of trust and security. In addition, regulators can designate policy frameworks and standardization.　　Cloud service providers should also be able to provide contract guarantees and are willing to undertake penalty terms for data loss and access by other agents. Wuhang: Virtual or cloud computing is the integration and centralization of resources and systems, this requires the virtualization of the security solution to the virtual environment of the traffic situation, attack situation, user access visualization and controllability; The virtualization technology reduces IT system implementation and change cycles by as much as hundreds of times times before,　　New business processes and specifications are required to respond; the concentration of resources brings higher requirements for hardware, device itself performance, and high availability technology. Lin Yu-min: Cloud Computing brings the security of the cloud, but also to the security of the development of a new opportunity, that is, "security cloud." For security vendors, the introduction of cloud computing can greatly enhance their ability to collect virus samples, reducing the corresponding time of the threat. Cloud computing in the field of security applications can greatly promote the traditional security industry changes, security vendors can also achieve the "Software + Services" marketing model.　　Symantec, for example, provides a "security cloud" service abroad that is favored and rented by many users. "Communications Industry Newspaper" (NET): Telecom operators have always stressed that their services are telecom-grade, compared to IT services more quality assurance.　　What advantages do you think telecom operators have in providing cloud services? Ramprasadkan: The IT Service advantage of telecom operators will be the ownership of the network, however, IT service providers understand enterprise applications and enterprise business process needs. The emerging cloud model will showcase a cooperative partnership model between Telecom and IT service providers.　　Telecom as an independent software carrier and IT service provider will create a new cloud ecosystem. Lin Yu-min: Telecom operators have incomparable advantages of network resources, which provides a great convenience for them to provide cloud services. In addition, telecom operators in the network operation for many years, accumulated a wealth of operational experience, training a group of high-quality technical personnel, which are very valuable resources.