Cloud Security under Information Security

The buzzword in the IT industry in 2011 is "cloud computing." Currently, the security issue is the biggest concern of cloud computing applications. The 4th China CIO Annual Meeting on the theme of "Wisdom in the Cloud" was held on December 15, 2011 and was hosted by the Internet and IT experts. In the afternoon information security forum, information security issues were raised Discussion, from users, vendors and third-party experts to discuss this topic, especially the topic of cloud security.

The biggest concern for users choosing a cloud application is often security, but in reality cloud computing is more secure than we think. Because cloud computing combines the best of the partners themselves. To ensure the security of physical servers, hosting servers and virtual servers, cloud service providers can make greater security investments in cloud computing security. In addition, cloud service providers' security standards are compatible with all major physical security guidelines, with the latest firewalls and patches and proper disaster recovery policies and redundancy. Cloud service providers are significantly more secure than data centers within a private company, especially small and medium-sized businesses that can not afford to invest heavily in security systems.

In addition, cloud service providers have the ability to properly segregate duties to prevent data leakage and theft, even if the root user of the cloud service provider can not even penetrate your data.

In addition, cloud service providers also have a strong identity management and landing solutions, enabling effective management of authentication and authorization system.

Feng Fanghui, information director of China Population and Development Research Center, is optimistic about the information security in the cloud computing environment. He believes that the cloud is a good way to manage your infrastructure needs when effective precautions are taken (you should have taken precautions against your internal data center). Just be sure to select a trusted service provider and read the SLA carefully.

Of course, after all, the application data is in the cloud, rather than the user's intranet system, the user is in the cloud, then the user still needs to take the necessary security measures to ensure the data stored in the cloud. Security: First, secure data transmission . Set up SSL connections for sensitive data, especially login and database links. Second, the use of remote login password. Use public / private keys, two-factor authentication, or other strong authentication techniques. Do not allow remote root login to your server because hackers and Trojan horse robots often keep snooping to the cloud service provider's remote root login address space. Third, the sensitive data sent to the cloud is encrypted. SSL will pay attention to the integrity of the data during transmission, but also encrypt the data stored in the cloud server. Fourth, regular review of the log. Use log analysis software, while manual review. The combination of automation technology and manual audit policy is a good example of a tiered approach.

Virtualization is the most critical technology in the private cloud. Virtualization breaks the security barrier built by the network boundary in the traditional environment and completely breaks the traditional network boundary in the cloud environment. The original method of controlling each other's traffic through network devices can not completely guarantee the security. Because the traffic between virtual machines is not controlled by the firewall, in addition, some virtual machine administrators have the same privileges as the network administrator, you can modify the configuration on the network, because the virtual management layer can be configured Own virtual network. While protecting the security, the virtual machine density can not be reduced (the virtual machine density directly affects the operation cost).

Lin Yumin, Symantec's chief information security technology consultant, believes that in a virtualized environment, a defense-in-depth strategy must be adopted to protect virtual machines. He believes that from the physical environment to the private cloud environment, you need to consider the infrastructure management (including the physical environment and virtual environment), infrastructure protection and cloud environment user authentication and authorization of these three levels of problems. Symantec's private cloud security solution can solve this problem: one is to find out which virtual machines are illegitimate or vulnerable in a private cloud environment; the other is to ensure that the entire virtual environment and the physical environment are consistent in security ; Third, monitor the operation of the virtual machine above. It is reported that currently used on the Amazon EC2 platform is the Symantec SEP program as a security measure.

From the discussions of all experts, the security of cloud computing is not insurmountable. There are many technologies that can solve the related security problems. In this forum, in addition to cloud security discussions, there are also discussions on such hot topics as electronic authentication (Internet Banking Security), system security, and printer information security. Wonderful view is as follows:

At this conference, Liu Quan, the secretary-general of China Federation of Certification and Accreditation Service Industry and the director of CCID Research Institute, explained the 12th Five-Year Development Plan of E-Cert Services and introduced the work and policy goals of e-Cert. According to Liu Quan introduction, the electronic certification service industry mainly needs to solve the problems of three aspects: one is the authenticity of the signatory, the other is whether the signed electronic contract is reliable or not, and the third is the integrity of the data information in the transmission process. Including the signer identity authentication, reliability certification, involving all aspects of delivery, receiving, preservation, extraction, identification, including electronic certification of special equipment, coupled with product development, professional team building and other aspects of electronic certification is a Comprehensive high-tech services.

China Women's University Department of Computer Science database security expert Liu Zhibin that the protection of computer system security can have the following key points to consider: First, the application system seven points three-thirds of management, you need to check the default password, the program back door, snoop passwords The potential threat exists; Second, it should be clearly defined in the management of the administrator's rights and responsibilities of the database administrator's operation log, to be regularly checked; Third, the backup and recovery is an eternal topic; Fourth, timely patching; Fifth, pay attention System health examination.

Rong new IT training center CIO Zhang Qi believes that the face of information security issues, you need to take the initiative to form a multi-layer protection system. According to the network hierarchical model, the server application layer is mainly facing security problems can not be accessed and Trojans, the solution is the corresponding reinforcement and code detection; gateway layer will face the issue of freedom, the corresponding solution is to develop related strategies And implement; network layer will appear abnormal traffic problems, can take the initiative to find and alert; terminal layer will face the problem of virus infection, the need for regular health examination. Through the layers of linkage to achieve unified management.

Design drawings, key technical information are the core data assets of enterprises, document printing is one of the important ways of data leakage. As current printing devices become more and more networked, and devices can be used without access control, they can not be tracked in the event of file leaks. Ricoh Global Services China Solutions Zhu Xiaoming introduced the Ricoh output information security management system. According to reports, Ricoh output information security management system architecture has three main parts: First, the user authentication, the use of the machine must credit card, at the same time this section can set different user permissions, and which also reflects the intelligent safety printing function, because for Sensitive information is printed out and do not want others to see, sent to print the file only after the credit card can get access to avoid being seen by others; second brush after the card, the user on the machine can be captured any operation And records; Third, the audit, for a large number of audit information storage, by setting a number of conditions for inquiries.

This forum on information security has given us more knowledge of the latest security issues and security solutions and also cleared up security concerns about the development of technologies such as cloud computing so as to further advance the technology.