China-US cloud security status and existing problems

Note

Cloud computing giants are waging war on the cloud: Microsoft and Amazon have begun to lay out China's cloud computing market, and domestic internet giants Alibaba, Baidu and Tencent are betting on cloud computing. With the development of cloud computing industry, the problem of information security is becoming more and more prominent, and it has become a major challenge faced by all countries in the world.

China-US cloud security status

Whether cloud computing or large data, is the Amazon, Google, Intel, Microsoft, Hewlett-Packard, IBM and other High-tech enterprises to promote the development of science and technology, this is undoubtedly with the United States in the field of information technology, management, law, security and many other aspects of the strong foundation has been established closely related.

In terms of data security and personal privacy, the United States has established a systematic system of safeguards, including legislation, management and technology. In the standardization of Technology and Services, the United States has also established a security system for cloud safety. The National Institute of Standards and Technology (NIST) sp800 and sp500 files in the basic concepts of cloud computing, technical roadmap, standard roadmap, and so on, have become the blueprint for research in the world, while in the standard blueprint the cloud computing use cases, the interoperability standards, Portability standards and cloud computing security standards have also led to innovation and application in this area.

China's internet users in the world's first, the amount of data produced every day is also in the forefront of the world. However, there are still many problems in the development of cloud computing in China.

First, the application is not in-depth. At present, China has not really entered the era of large data, large data in China is still in an initial stage of application. The external environment is difficult to support the storage of large amounts of data development, utilization, sharing, enterprise investment, government support on more levels to show the experimental enthusiasm, most enterprises in the data use alone, information island phenomenon is more serious, throughout the collection, collation, analysis, application of the entire process of the industrial chain has not yet formed.

Secondly, information security incidents frequently. China Internet Network Information Center (CNNIC) published "China's internet users of the situation research report" shows that 2012 456 million Internet users encountered information security incidents, accounting for 84.8% of the total number of users, economic losses amounted to 19.4 billion yuan.

Again, the safety technology prevention and control capacity is insufficient. At present, the domestic enterprises rely too much on foreign large data analysis technology and platform, not only difficult to evade the information leakage risk, and may lose the industry innovation ability. In the large data age, information flow is asymmetric and unequal due to the different technical capabilities of countries in collecting, processing and controlling data. In terms of economic and trade information and personal information, China is a typical flow abroad, and foreign network companies can collect, transmit and use China's data and information at a cost of nearly 0.

Problems faced by China and the US in the field of cloud security

From the perspective of data protection and privacy protection, China and the United States face two outstanding problems in the area of cloud security: mutual trust and the security of Cross-border data flows.

The American Brookings Institution and the China Institute of International Relations, a year ago, said in a report on cybersecurity and Sino-US relations that there is a lack of mutual trust between China and the US in the area of cyber security. Such warnings should have allowed both sides to take concrete action to improve the situation. In other words, the two governments must find common ground in this respect, build mutual trust, not blame each other or take action to worsen the situation.

The biggest challenge in Cross-border data flows is to ensure that data is secure, otherwise endangering national security, civil rights and business interests. The 12 "Government network security Recommendation Guidelines", published by the U.S. Information Technology Industry Council, Digital Europe and Japan Electronics and Information Technology Industry association in 2012, put forward the objectives of transparency, standardization, risk control, voluntary participation, safety assurance, innovation and technology neutrality, These are undoubtedly valuable contributions and references to the establishment of international rules in the era of internet globalization, but they cannot be the basis for comparing and blaming the policies of different regions. We should be aware that different countries and regions in the data security and privacy protection of the law, policy, technology, industry self-discipline and other aspects of the differences. In the process of Cross-border data protection, how to respect and protect the legitimate rights and interests of relevant subjects, especially personal privacy, is an urgent problem to be solved on the basis of coping with and solving different national management policies.

Suggestions on data security and privacy protection in China and America

Data security, privacy protection and transnational transmission and utilization of data have become an urgent problem to be solved at present. On the issue of protecting data and personal privacy, China and the United States will face a common network security risk, have common strategic interests, and the goal is consistent. China, in terms of protecting data and personal privacy, needs to have in-depth exchanges with its American peers, whether it is a rule system or a technology development capability.

First, strengthen the building of their own capabilities in data and privacy protection. The protection of data and privacy requires perfect rules and technical support system, including relevant legislation, the improvement of management system, speeding up the development and application of information security technology, improving data and privacy protection standards of safety and security. In addition, the data subject's joint participation and protection, especially the citizen's personal privacy protection awareness. The State should strengthen the information and education of data security and privacy protection, improve the quality and self-protection ability of citizens, prevent the infringement of personal privacy, respect the rights of others, and do not violate the privacy and data of others.

Second, building a trusting environment. Mutual trust is the basis of communication and cooperation between the two countries, and mutual trust in the field of cyber security will directly affect the strategic cooperation and core interests of the two countries. The two sides should strengthen communication and understanding, strengthen mutual trust, pay attention to each other's cutting-edge research results, network security technology dynamics and the latest legislation and management measures, from the basic theory such as information, information privacy, network attacks, such as the definition of key terms, set out to clarify the data security and privacy protection of the bilateral rules of the basis. On the basis of building mutual trust, we should reach a consensus on data security and privacy protection to prevent mistrust, suspicion or accusations caused by cultural and ideological factors.

Third, construct effective communication and dialogue mechanism. The internet has made the global link a whole, cloud computing and large data will be more network boundaries into hanging wire. Therefore, the establishment of a large data era of international and bilateral communication mechanisms is extremely urgent. China and the United States should establish effective communication and dialogue mechanisms on data security and privacy protection, and communicate and cooperate with each other on legislation, administration of justice, law enforcement, supervision and enforcement, self-discipline norms, technical standards and the training of netizens ' safety awareness, and jointly establish effective network security protection mechanism. To establish a channel of communication and dialogue between government and civil society at two levels, to exchange and consult on related issues such as data security and privacy protection, and to encourage and support the formation of research forums.

Four, equal protection of the rights of the data subject. The Cross-border movement of data makes the protection of the data and privacy of enterprises or citizens of other countries an unavoidable issue, especially the ability to provide equal protection for the data of different national users has become a problem that transnational enterprises and governments need to address. The principle of equal protection is the standard that should be followed by legislation, judicature and law enforcement, which has been accepted and adopted by many countries. While safeguarding the legitimate rights and interests of its citizens and enterprises, the rights and interests of citizens and enterprises in other countries should be protected equally.

To respect the interests of each other and to jointly deal with network security. In the process of communication and cooperation in data security and privacy protection, both the official and the private level, whether in terms of technical issues or rules of communication and cooperation, should respect each other's core and important interests, which is the basis of communication, but also the prerequisite for continuing and deepening cooperation. The two sides should establish an effective information sharing and cooperation mechanism, strengthen the supervision and management of data security and personal privacy behavior, and jointly combat violations of data security and personal privacy. In the face of the intricate data security and privacy protection situation, mutual trust, cooperation, and win should be the path of our big data age.