Cloud computing security is not so fragile

Whenever there are security issues with Google's cloud products, there is always a deluge of discussion about whether cloud services are safe or not. is cloud services reliable and secure enough to handle complex, mission-critical applications? In my opinion, the answer is yes. Because of frequent backups and stringent security policies, cloud service providers tend to be stricter than others, and in fact, choosing one or more cloud services can reduce security risks while reducing costs for businesses.

I think carefully about the security review I've done for hundreds of companies in the last decade. In general, there are dozens of security vulnerabilities in a typical enterprise, many of which are at the highest risk, but it is strange that security managers in the enterprise don't make a fuss about my report, they know a lot more questions, and they just rarely take the initiative to solve the problem. I often find huge policy vulnerabilities, mission-critical server software has not been patched, crawling full of bug applications, mixed data recovery, and countless malicious software.

However, the cloud service providers I have reviewed are another scenario: they have a highly centralized and locked security environment. I don't have to submit 40 to 90 pages of lengthy reports, often 5 to 20 pages to explain the problems that arise. And I found that the larger the cloud provider, the fewer problems (refer to 51CTO related articles: A general introduction to the scale of cloud computing).

I'm not saying that every cloud vendor is perfect, or that cloud products don't lose data or crash. Some bad cloud service providers because of a weak link, the whole house collapsed, but in general, cloud providers in terms of security and usability than the general non-cloud enterprises. One of the biggest benefits of running the cloud is that

can update all users at once with a patch. In most enterprises today, for example, patching critical security vulnerabilities can take days to weeks from release patches to system updates. And cloud vendors can only do a patch to protect all customers.

In addition, I know that most non-cloud enterprises do some backup of mission-critical applications or transactions at night so that the data from the previous night can be recovered if there is a problem with the e-mail or Web server. But cloud service vendors usually back up every transaction immediately, and several major cloud providers are scheduling real-time backups of each byte of data on distributed backup arrays in different parts of the world.

Some people are worried about the huge shared cloud that will come up in the future, including myself, will there be a loophole that puts all customers at risk? Of course it's possible, but it's no different from what we've met today. For example, the Robertmorris worm of the 1988 basically ruined inte.rnet,2003 years of Slammer worm outbreaks infect most hosts in less than 10 minutes.

Most of the computer security problems we will face in the future have much in common with today's security threats, but we will take a series of efforts to control the problem. For example, a 24/7-day cloud service provider can respond quickly, minimize losses, solve problems, and reboot the system, which can be done faster than before.

I'm not saying that cloud vendors won't lose data or crash, they will, but the new problems will be better solved as cloud technology grows and matures. It's not that cloud vendors don't lose data or crash, they still do, but the new problems will be better solved with the growing and maturing of cloud technology.