Cloud computing breaks it boundary data security for enterprise's first weight

With the popularity of cloud computing, "cloud security" has become a key word, by the enterprise users and manufacturers of concern. At the same time, research institutes have shown that one of the main reasons for blocking users from using cloud computing is the concern about cloud computing security. This issue of "communications World Weekly" invited Symantec China Regional Security product director Bu Xian, Ming Wanda President Wang Zhihai, McAfee China technical director Zheng and other experts to discuss related issues. Triggers policy, regulatory risk issues: What are the security issues that are often faced when an enterprise deploys a cloud or migrates to the cloud? Which is the most concern of the company? Bu Xian: Current Enterprise It has broken through three boundaries: one is to break through the application of the boundary, because of cloud computing and it changes, making the application of the development of the difficulty of reducing the application of more and more enterprises; The second is the boundary of the service changes, enterprises need any services can be provided through a third party, Cloud computing makes service delivery more convenient, but also makes the boundaries of enterprises expand; Third, the concept of the enterprise's IT assets has become more blurred, and now many of the infrastructure is not owned by enterprises, the company really has the information and data. The changes in application, service and asset boundaries make IT managers less control of safety products, and more and more security risks exposed by enterprises. The potential risks to the actual cloud environment include malware, hacker theft, and the loss of confidential information. The most troubling concern for companies is that data security cannot be protected, such as the risk of hackers stealing data from cloud providers, sharing sensitive data through the cloud in a lack of security protection, and the inability to recover cloud data as required by policy regulations. Wang Zhihai: When massive amounts of data are transferred to devices (clouds) that are beyond the reach of users, this so-called convenience is precisely the risk of data leaks for companies with sensitive information. At present, the security risks faced by cloud services are mainly in the following four aspects. First, the use of data "cloud" storage technology, cloud terminals can be through physical hardware to prevent data from the terminal leak, but because the data is stored in the terminal, still cannot solve the document authorization management, that is how to prevent employees to view the unauthorized files, the risk of internal disclosure of secrets still exist. Second, the cloud faces a variety of terminal access requirements, such as P C, notebook, Pad, smartphone and so on. How to ensure the legality of terminal identity and the security of documents stored in the device is a challenge. Third, cloud construction relies on the service capability and technical reliability of cloud service providers, but how to protect the data in the cloud security storage, how to ensure that the data stored in the cloud is not the operator "inside" is a question. Four is the legal and compliance risk, because the Cloud (server) is located in different regions, the use of the legal risk may face a great difference. Although the network has no boundary, but the server for cloud computing business is under legal jurisdiction after all, therefore, the improper application of cloud computing, may face extremely serious legal risk and infringement risk. Zheng: After the introduction of cloud computing, from the security point of view, the user's data center is mainly facingThe challenge: Flat and high-speed data center network design, gradually from the traditional Multi-layer data center network to the plane network architecture transition, the planar network architecture uses the data flow, the non interception, the shortest path structure to maximize the network performance; compared to the traditional data center, the flow between the data center within the cloud will increase greatly. , the new security problems caused by the virtualization of the internal system of the cloud data center, and the mobile trend of the client devices accessing the data center. In addition, the cloud data center and high-speed Internet export bandwidth may also be exploited by hackers as a springboard for attack, thereby giving users a new Internet boundary liability risk, which requires users to the cloud data center outgoing data traffic also to be rigorous intrusion analysis and filtering. Platform-focused issues with existing security products: what is the industry's common approach to dealing with these cloud-computing security issues today? What do you think of it? Bu Xian: Symantec can help users to build their own private cloud, but also to help users enjoy the security and convenience of cloud services, but also can be part of the product through the cloud service delivery. And will further improve the cloud environment information security: Before the confidential information is stored or shared to the cloud, the use of DLP and PGP encryption technology to automatically detect, block and encrypt these confidential information. At the same time, O3 cloud identity and access control of the third layer of protection, all cloud-related security events together to achieve information management and compliance, thus providing the enterprise with comprehensive cloud audit, forensics and regulatory compliance lay the foundation. Wang Zhihai: According to statistics, now on the market of existing cloud service provider's security products are mainly from the cloud computing platform itself, around the stability of the platform, user data security, integrity, confidentiality, network attack protection, including system redundancy, user security authentication, permission control, end-to-end data transmission encryption, System security protection and other technical means, but these security means does not involve the storage data level security. For enterprises, the cloud service provider can ensure the storage security and access security of the enterprise cloud data when the core data Unified archive is stored on the third party storage device (cloud). Breaking the tradition to establish a new cloud security mechanism: Now that cloud computing security is increasingly being taken seriously, what do you think is the future trend of cloud security? Bu Xian: Cloud problems need to be addressed through the cloud, and new security mechanisms will be triggered in the future. In the years to come, many government agencies and small and medium-sized enterprises may outsource their security to cloud services. This is both an opportunity and a challenge for security vendors. The question of whether cloud computing is more secure or less secure for IT systems and information assets is well worth exploring. From a certain point of view, it will be more secure, because the enterprise will rely on the services provided by the cloud service provider, it will also drive the IT department to adapt and mining the updated methods to protect the security of enterprise systems and information assets, that is, the formation of a new cloud security control mechanism. Wang Zhihai: At present, the cloud has been getting more and more extensive in the enterprise marketThe application of this new I T era of products to better forward evolution, the need for the entire industry chain members of the collective migration, no information and data security, cloud structure is doomed to build a castle in the sky. So in the future, information security vendors will be a key piece of cloud development puzzle. Zheng: In order to optimize the security structure of enterprise users, reduce the implementation of security measures difficult and maintenance complexity, reduce purchase costs and operating costs, is increasingly in some areas of the use of SaaS mode of security services, rather than continue to use security equipment or software. For example, based on the SaaS mode of mail Security, web security, endpoint security protection services, in the global application has been very mature.