With the rapid warming of China's cloud computing market, cloud security issues have become increasingly prominent, industry experts believe that from the perspective of building self-controllable cloud security system, from the national level to strengthen legislative construction, enhance China's independent innovation capability of cloud products and improve management level And management efficiency, so that the entire industry can enter a healthy and orderly development of the fast lane.
"Cloud era" information security faces three major challenges
First, the network attacks still exist, the relative concentration of the characteristics of cloud computing data may face a greater threat.
The concentration of resources and the convenience of remote operations make the "cyber age" cyber attack more threatening. Nie Hua, vice president of Dawn, said cyber attacks are still one of the major threats to our country. Cloud computing service provider Amazon Inc. A cloud computing center in the United States had "crashed into the air," directly affecting a large number of startup network companies and even affecting Indian companies hosting servers. The largest programmer community C SDN network 6 million user information was hacked, as well as the well-known community Tianya network suspected of 40 million user privacy was leaked, cloud security alarm sounded. "Cloud era" network security situation is not optimistic.
Li Deyi, a member of the Chinese Academy of Engineering, believes that cloud computing may have issues such as vulnerabilities, viruses, attacks and information disclosure in the software. Currently, common information security problems are still common in information systems.
Second, China's cloud product hardware and software research and development capabilities are not strong, the introduction of foreign equipment may be some threats.
Reporters visited around the learned, IB M, Hewlett-Packard, Microsoft and many other foreign companies have set up in China cloud computing platform to sell products, and cooperation with local governments. Liu Guangming, director of the National Supercomputer Center in Tianjin, fears that flooding the cloud computing market with foreign products in China is a dangerous sign.
Wang En-dong, director of the State Key Laboratory of High Performance Servers and Storage Technology, also believes that special attention should be paid to national security when choosing cloud product providers and service providers. He introduced that the EU intends to block the U.S. cloud computing service providers because it is the responsibility of U.S. companies to provide the U.S. government with all the data it holds, when needed, under the Patriot Act of the United States.
Ni Guangnan, an academician of the Chinese Academy of Engineering, said that in our country, there has not yet been a universal cloud computing infrastructure software product and various industry application solutions yet to meet the needs of large cities and large industries to develop information technology based on cloud computing. Controllable cloud computing industry chain, is to get rid of multinational companies control our important information system opportunities.
Thirdly, the openness of cloud services has further blurred the network boundary and put forward higher requirements on the supervision of cross-border and cross-border information security.
At present, the leading international cloud computing companies often use "cast nets" to build up backup networks and avoid the risk of force majeure. Only Google has at least 36 data centers worldwide, covering the United States, Europe, South America and Asia. Li Deyi said that there are physical security zones in traditional computer systems, such as internal proprietary networks, so that security boundaries can be clearly defined. However, the "cloud era" is different. The physical security boundaries are becoming increasingly undefined and the information supervision is more and more difficult. .
Most experts believe that the traditional protection mechanism based on the physical security boundary is difficult to be effectively applied in the cloud computing environment. Cross-border, cross-border information security regulation becomes more and more tricky.
Strengthening cloud security construction without delay
Among the development of China's cloud computing industry, the weak foundation, lack of legislation, moral hazard and frequent occurrence of geological disasters have become the main risk factors in the current security. In the key period of development, speeding up the pace of cloud security is more urgent.
First, the weak infrastructure is a prominent issue facing China's cloud security construction. Jiang Qiping, secretary general of the Information Research Center of the Chinese Academy of Social Sciences, introduced that at present about 84% of the countries in the world have completed the goal set by the World Summit on the Information Society in setting a national ICT plan by 2010, at least 82 countries have introduced the national Broadband strategy. At present, our country neither has a broadband national strategy nor a complete telecommunications law, lagging behind the international trend in the information age.
He also said that after entering the "cloud era," if China can not gain a firm foothold in the cloud computing infrastructure, it will lose the strategic frontier of information and all its citizens are at risk of being "immigrated" from the data as a whole. This will be China's Facing the biggest cloud security problem.
Second, the lack of relevant laws and regulations make China's cloud security is not strong foundation. At present, China's laws and regulations on cloud security is still blank. Ma Erchun, director of Dongsheng District Informatization Commission of Ordos, proposed that the data security of the "cloud era" must be defined by the law and clarified the responsibilities. During the visit, the reporter also learned that some cadres or cloud-center managers lacking laws and regulations are not responsible for their own affairs. In the event of moral hazard, the overall data disclosure is not sensational. Sugon Nan, general manager of Dawning Technology Support Center introduced the dawn in some places for the cloud computing center data test, there have been a large number of local government put a large amount of real public security data, so the need to focus on prevention and control of human factors risk.
Nie Hwa said that with regard to air superiority and sea control, "making power in the Internet" is equally important. The United States has promulgated the "International Strategy for Cyberspace," referring to cyber security and information security to the international strategic level and equating cyber attacks with military attacks. China urgently needs to base itself on independent innovation and build China's own cloud computing and cloud service industry chain.
In addition, some experts pointed out that our country is a country with frequent geological disasters. We can rationally layout cloud computing resources in the early stage of development and avoid the risks caused by force majeure by avoiding the seismic belt, the serious settlement area on the ground and the rivers prone to flooding.
Building self-controllable cloud security system
Based on the urgency of cloud security construction, experts suggest that through our efforts in three aspects, we should actively construct our own cloud security system that is controllable and controllable.
First, at the national level, the government should actively build a social soft environment for cloud security through such measures as accelerating legislation and exercising sound supervision.
China Electronics and Information Industry Development Institute of Software and Information Services Institute, An Hui believes that as soon as possible the implementation of cloud computing security legislation to force cloud service providers to take the necessary security measures. On the one hand, it may be considered that the relevant state ministries and agencies should take the lead in convening the main bodies of the cloud computing industry chain and formulating the security standards for cloud computing. On the other hand, legislation should be initiated to address the issue of data privacy protection and ownership of data and to provide corresponding liability for breach of contract .
Some domestic manufacturers put forward the "all-cloud audit" concept. They hope that in the legislation, it is necessary to carry out audits at all levels of the software application model so as to solve the problem of credible users of cloud computing. For the regulatory approach, experts suggest that from the perspective of industrial development, find a balance between "income" and "liberalization." The government departments can finely divide and supervise them, and adopt a classified supervision mode to classify and manage them.
The second is to enhance China's independent innovation capability of cloud products, expand their own industries.
An Hui believes that the key to strengthening cloud security is to strengthen key technologies and product development, the formation of a number of safe and controllable, with independent intellectual property rights of technology and products. He proposed the development of cloud computing software products, nurturing cloud computing related to the new format, research and development based on domestic hardware and software cloud computing overall solution. At the same time we must pay attention to and strengthen the protection of intellectual property. Niehwa and others said that while actively introducing the achievements of advanced foreign technologies, "cloud of government affairs," "medical cloud" and other higher requirements for information security cloud should be controlled by the government or state-owned enterprises.
There are experts who advise powerful Chinese enterprises to go abroad and participate in international competition. After the R & D capability of China's cloud-based hardware equipment is gradually improved, it will be planned and systematically replaced or the localization of key equipment will be realized on new products.
The third is to improve the overall management of cloud computing to prevent moral hazard caused by information security risks.
Because most people have a vague understanding of cloud computing, most experts suggest that the relevant personnel should first raise their awareness of secrecy in data testing, market transactions, reception visits and other activities, and establish a chain of confidentiality and security responsibility system. The opening of important data, the responsibility of mutual restraint.
Wang Rulin, deputy director of the China Mobile Commerce Expert Consultative Committee, suggested to sidestep the risk of malicious users' abuse of cloud services and comprehensively secure the cloud systems to ensure the smooth operation of cloud services. Li Deyi said that in the construction of cloud security companies should establish a sense of integrity, the same long-term development of business integrity and recognition.
Experts also suggested that cloud security associations or alliances could be vigorously promoted to establish and promote the self-discipline of the industry so as to create a colony of security brand advantages.