The hottest word in the IT industry in the 2011 is "cloud computing", and the biggest concern with cloud computing is security. Hosted by Bit network and IT expert network, the fourth session of China CIO's annual meeting on the theme of "roaming the cloud for intellectual application" was held on December 15, 2011, and experts from users, vendors and third parties discussed the information security, especially the topic of cloud security in the afternoon Information security forum.
While security is the biggest concern for users to choose cloud applications, cloud computing is actually more secure than we think. Because cloud computing allows partners to do their best work. such as cloud service providers can make a greater security investment in cloud computing to ensure the security of physical servers, managed servers, and virtual servers. In addition, the cloud service provider's security standards are compatible with all major physical security guidelines, with up-to-date firewalls and patches, and with appropriate disaster recovery strategies and redundant environments. This level of security is more than a data center within a private company, especially small and medium-sized enterprises that are unable to spend a lot of money on the security system.
In addition, cloud service providers can perform appropriate segregation of duties to prevent data leaks and theft, even if the root users of cloud service providers cannot even penetrate your data.
In addition, cloud service providers also have strong identity management and landing solutions to achieve an effective management certification and authorization system.
Fengfang, director of the China Center for Population and Development research, has shown optimism about the information security of the cloud computing environment. He believes that when taking effective precautions (you should have taken precautions against internal data centers), cloud is a good way to manage your infrastructure needs. Just make sure you choose a trusted provider and read the service level agreement (SLA) carefully.
Of course, after all, the application data is in the cloud, but not the user's intranet system, the user is outside the cloud, then the user still needs to take the necessary security measures to ensure the data security stored in the cloud: a safe transmission. Set up SSL connections for sensitive data, especially logins and database links. Second, the use of remote login password. Use public/private key, dual-factor authentication, or other strong authentication techniques. Do not allow remote root login (root login) to your server, as hackers, trojans and tools commonly used by brute force robotic hounds will continue to sniff the cloud provider's remote root login address space. Encrypt sensitive data sent to the cloud. SSL will focus on the integrity of the data during transmission, but also encrypt the data stored in the cloud server. Review the journal regularly. Use log analysis software and conduct manual audits at the same time. The combination of automated technology and manual audit policy is a good example of layering.
Virtualization is the most critical technology for private clouds. The virtualization breaks through the network boundary constructs in the traditional environment the security protection, in the cloud environment has completely broken the traditional network boundary. The original way to control each other's traffic through network equipment is not fully secure. Because the traffic between virtual machines is not regulated by firewalls, in addition, some virtual machine administrators have the same privileges as network administrators to modify the configuration on the network because they can configure their own virtual networks within the virtual management layer. While protecting security, it is not possible to reduce virtual confidentiality (virtual machine density directly affects operating costs).
Symantec Chief Information Security Technology Advisor Lin Yu-min that in virtualized environments, the protection of virtual machines must take a defense-in-depth strategy to protect security. He argues that moving from a physical environment to a private cloud requires consideration of the three levels of infrastructure management (including physical and virtual environments), infrastructure protection, and user authentication and authorization in a cloud environment. Symantec's private cloud security solution solves this problem by finding out which virtual machines are illegal or vulnerable in a private cloud environment; the other is to ensure the security of the whole virtual environment and the physical environment is the same; the third is to monitor the operation of the virtual machine. It is reported that the current Amazon EC2 platform for the use of Symantec's Sep program as a security protection measures.
From the discussion of experts, the security of cloud computing is not insurmountable, there are many technologies that can solve the related security problems. In this forum, in addition to the discussion of cloud security, there are also discussions on electronic authentication (NET silver security), system security, printer information security and other hot topics. The wonderful ideas are as follows:
China Electronic Certification Services Industry alliance Secretary General, Sadie Institute of Information security director awareded at this meeting to read the electronic certification Services Twelve-Five development planning, introduced the electronic certification work and policy objectives. According to awareded, the electronic authentication service industry mainly needs to solve three aspects of the problem: one is the authenticity of the signer, the other is signed the electronic contract is reliable, the third is the integrity of the data information in the transmission process. Including signer identity authentication, reliability certification, involving transmission, reception, preservation, extraction, identification of various links, covering the electronic certification of special equipment to provide, coupled with product development, professional team building and other aspects, electronic certification is a comprehensive high-tech services.
Liu Zhibin, a database security expert at the China Women's College of Computer Science, believes that the protection of computer system security can have the following points to consider: first, the application system seven points technology three management, need to check the default password, program backdoor, sneak password and other potential threats exist; Should be defined in the management of the Administrator's rights and responsibilities, the database administrator's operation log, to be regularly checked; third, backup and recovery is the eternal topic; Four, timely dozen patches; five, pay attention to the system health examination.
Rongvin IT Training center CIO Qi that in the face of information security problems, need to take the initiative to form a multi-level protection system. According to the network layered model, the server application layer mainly faces the security problem is inaccessible and the Trojan, the solution is to strengthen and code detection, the gateway layer will face the problem of freedom of access, the corresponding solution is to formulate relevant strategies and implementation of the network layer will appear the problem of abnormal traffic, can be active detection and early warning; Terminal layer will face virus infection problem, need to carry on regular health check-up. Through the layer of linkage to achieve unified management.
Design drawings, key technical information are the core of the enterprise data assets, file printing is one of the important ways of data leakage. Because the current printing equipment is becoming more and more networked, and the device has no access control can be used by anyone, once the file leaks can not be traced. Ricoh Global Services China Solutions Director Zhu introduced Ricoh output information security management system. According to the introduction, Ricoh output Information Security management system architecture has three main parts: first, user authentication, use the machine must swipe, at the same time this link can be set different user rights, and it also embodies the intelligent security printing function, because of sensitive information printed out after the people do not want to see, Send to print the file only when the card can be obtained after the information can be avoided by others to see; second, after the card is brushed, any operation of the user on the machine can be captured and recorded; three is the audit, for a large number of audit information storage, by setting some conditions for the query.
The discussion of this information security forum has made us more aware of the latest security issues and security solutions, as well as security concerns about technology development such as cloud computing, which will help push technology forward.
(Responsible editor: The good of the Legacy)