Defending the cloud: A security perspective in the cloud computing era

Source: Internet
Author: User
Keywords Cloud
Tags .net application applications based business business model change cleaning

In the 80 's, the desktop computer, the Internet revolution, with technological advances as a leader to stimulate the people's potential demand, creating more market and business model, the achievements of Microsoft, Oracle, Sun and Yahoo and other companies. Today, the Internet of things, cloud computing, triple-net convergence has become the most commonly mentioned three keywords, these three hot areas from the technical level and business aspects of the industry brought new changes.

Following the PC and Internet revolution, cloud computing was seen as the third it wave in the 2010, becoming an important part of China's strategic emerging industries. It will bring the fundamental change of life, mode of production and business model, which is the focus of the whole society.

With the great success of Google, Amazon and Salesforce, there has been a growing lack of scepticism about cloud computing, and the next key direction for IT development has been largely recognised. Cloud computing is so efficient, it is changing the entire IT industry, but the corresponding security issues have entered the user's perspective.




The business value of cloud computing

The commercial value of cloud computing is proving fast, and Amazon has been offering a contract-and-pay computing service as early as 2006, and all users need just a credit card and a few mouse clicks to choose the software they want.

Some analysts say cloud computing means a drastic change in the way companies compute their computing patterns. Gartner predicts that by 2013, the value of cloud computing will reach $150.1 billion trillion.

The IDC report showed that server sales in the world's third quarter of 2009 rose by 13.2%. 2009-2014 Virtual Server Annual composite growth rate (CAGR) reached 14%. In some mature markets, the adoption of virtualization technology in data centers has become a mainstream trend; In addition, emerging market companies are increasingly focusing on data center efficiencies as they rapidly increase server investment. As a result, IDC predicts a strong growth trend in server virtualization that will continue into 2014. At the same time, as more and more enterprises adopt virtual servers, enterprises will seek security solutions that protect virtualized hosts, virtualization regulators (hypervisor), and effectively defend against malware and hacker attacks.

Qualys's chief executive, the founding member of the He Yun Security Alliance, Philippe Courtot, not only understand the potential of cloud computing, but also understand the challenges posed by implementation. Today, cloud computing has gained tremendous momentum in the enterprise by providing a variety of vendors with a higher level of service and a platform for key business applications. The concept of cloud computing is simple, which means that a large number of computing resources, including hardware, business-critical data and applications, reside outside the enterprise and can easily be accessed through a Web browser in the cloud. This provides a number of benefits from lower hardware, software, and service costs to savings in electricity costs so that employees can be widely used from remote applications through a variety of devices.

Another trend that cloud computing brings is a change in the business model of the information security enterprise itself. The general view in the industry is that cloud computing is not only a protected object, but also a carrier of new security services, and the security services based on cloud computing will completely subvert the inherent security protection thinking.

Security is the core issue of cloud computing

As data centers continue to consolidate, and the emergence of virtualization, VDI, and cloud computing applications, more and more computing efficiency and data are concentrated in data centers and servers. Whether the enterprise chooses a physical or virtual server, the servers and data that store the data in the Enterprise data center or in the cloud, which is used to store the core business data, need to be secured.

In an IDC survey of "What do you think the challenges and problems of cloud computing model" is, security is at the top of the 74.6% ratio, and the security issue is the biggest concern for cloud computing.

"The growing popularity of cloud computing has enabled more and more cloud computing providers to enter the market," said Chen Yihua, chief executive of trend technology. With more and more companies storing data in cloud computing environments, information security issues are the biggest headaches for most IT professionals. In fact, data security is already one of the major concerns of the institutions that consider using the cloud infrastructure. ”

In the development of cloud computing industry, the focus of government users focus on data security, cloud computing standard construction and industrial ecosystem building and so on, the enterprise in the deployment of cloud computing services, more focus on cloud security, cloud service provider's operating experience and existing success stories, and other factors; consumers in the purchase of cloud services, Particular attention has been paid to the cloud provider's reputation, user numbers, and consistency experience.

Sadie Consultants believe that the rapid development of China's cloud computing industry there are many obstacles such as lack of user awareness, lack of standards, data sovereignty disputes, availability stability concerns, user lock-in, service quality is difficult to standardize and so on. Among them, the standard and safety of the pair of "wings" and the relevant laws and regulations are the most core, but also the most urgent need to solve the core issues.

Whether or not the security problem can be solved is the key factor of whether the cloud service can be recognized by users. In addition to the possible large-scale computing resources of the system failure, cloud computing security risks include the lack of unified security standards, applicable regulations and in the user's privacy protection, data sovereignty, migration, transmission security, disaster preparedness and other problems. The development of cloud computing industry in China must carry on in-depth research in data encryption, migration, backup and position control to ensure the usability, usability, stability and security of cloud services. The resolution of the security problem also includes the continuous improvement of the relevant laws and regulations of cloud computing, for example, in the data privacy protection, data sovereignty, service agreement security, the qualification of services providers and other aspects of the formulation of the development of cloud computing industry will lay a solid foundation to enhance users to use cloud computing confidence, so that they are willing to pay for cloud computing. Only in this way, there will be more cloud applications to achieve profits on the cloud, so as to develop more applications to achieve a virtuous cycle of industry and sustainable development.

Tom Fisher, vice president of Cloud computing services at SuccessFactors, said: "The SuccessFactors data center stores important business execution information for more than 3,000 customers and more than 6 million users, making security the core issue of successful relational operations." ”

Invest in cloud computing security

Google's Gmail service was interrupted for 4 hours in February 2009. The failure may have been due to routine maintenance at a European data center, overloading another European data center and spreading to other data centers, ultimately disrupting the global service of Google's Gmail mail. In mid-March 2009, Microsoft's Azure stopped running for about 22 hours. Amazon's S3 service was disconnected for 6 hours in 2008.

Cloud computing services own security risks with the application of the deepening gradually exposed. While cloud computing can give business and individual users a lot of benefits, there are a lot of security issues when users start using cloud computing services.

When using cloud computing, the first consideration is how to solve the security problems of cloud computing, which have been gradually materialized, with targeted solutions for VMware Virtual machine protection, remote access, and terminal data protection, while running professional cloud services through large enterprises achieve reliability, availability, and security of cloud computing services.

The security of cloud computing is mainly achieved by relying on security policies and the higher level of technical and government rules and regulations of the service provider. For the small and medium-sized enterprises that distribute IT systems, security becomes the biggest hidden danger because of the unsound means of data information protection. Achieve IT security with minimal cost by deploying data and systems in a cloud with more security technology.

Information security has become the highlight of the entire IT market, the manufacturers or in order to improve the product line to obtain new markets, or to promote the existing business of the collaborative development of gradually enter the field.

Microsoft, Cisco, Oracle, EMC, Novell have developed their own products and started to enter the market. And some traditional security vendors, such as IBM, CA, Symantec, McAfee, trend technology has also made further development, the trend of oligopoly of security firms to aggravate the information security industry into a new era.

The confusion and choice of users

With the development of information technology, various types of cloud computing and cloud service platforms have become more and more widely seen in recent years, such as mail, search, maps, online transactions, social networking sites and so on. These cloud computing and cloud services are increasingly being used as a result of their own advantages such as convenience, scalability, cost savings, and so on.

But at the same time, these "clouds" are also beginning to become the target of hackers or various malicious organizations and individuals for some kind of benefit. For example, the use of large-scale botnet denial-of-service attack (DDoS), the use of operating system or application service protocol vulnerabilities in the vulnerability attacks, or for the "cloud" of user privacy information in malicious attacks, theft, illegal use, and so on, a wide range of means. In addition, the composition of the "cloud" of various systems and applications are still facing the traditional stand-alone or intranet environment in the face of the various viruses, Trojans and other malicious software threats.

When users try to choose a cloud security product, they cannot find any criteria that can be relied upon. Although even in the domestic market, "cloud security" of the label can be seen everywhere, including rising, trend technology, Kaspersky, McAfee, Symantec, Panda, Jinshan, 360 security guards and other domestic and foreign security manufacturers have launched a cloud security solutions, but, What kind of solution to protect the cloud wave of corporate security, the real answer is always let people like falling into the fog.

Ironically, in understanding the concept of "cloud security," hackers seem to have a clearer logic and act quickly. We can see that hackers take advantage of the distributed computing power in the cloud, you can break user passwords more efficiently by controlling "botnets" to achieve malicious attacks, as evidenced by several large-scale network-breaking events in recent years, as well as the growth of more than 10 times-fold distributed denial of service attacks. Cloud security "The pursuit of the concept of protection, is becoming the" murder weapon "of the hacker.

Although we cannot arbitrarily assume that hackers have progressed faster than technicians in the use of technology. But we have to acknowledge the fact that security is becoming the most important obstacle and challenge for enterprise users to move towards the "cloud" era. Therefore, the technology and the concept of cloud security urgently needs the comprehensive promotion and the change.

Can cloud security jump out of the simple tool theory

"The confusion of cloud security is actually an opportunity for the security industry to move to the next turning point." Chen Yihua to reporters, "a new generation of cloud security should jump out of the simple ' tool theory ', with the adoption of a novel technology and new models to achieve real cloud security." ”

Chen Yihua refers to the "tool theory", in simple terms, is the current number of antivirus manufacturers hype and attention focus: how to make full use of the cloud architecture, faster and more acutely access to the virus and malicious program information, thereby protecting the client. The focus of this protective mode, more is the "cloud" as a tool to strengthen the enterprise's protection capabilities.

While this "cloud security" remains important, the new challenges and principal contradictions must be seen, namely that many cyber-criminals no longer attack users ' computers but directly attack data centers and the cloud itself. This makes the traditional stand-alone version or LAN based information security methods can not be competent cloud security computing environment protection, the user's worry and confusion.

For example, in the "cloud" era, the virtualization of enterprise IT resources increasingly popular, and in the virtual server mix environment, security and reinforcement standards are different, a lower standard virtual machine will become all the sharing of virtual resource security vulnerabilities. As the data center continues to expand, hackers can penetrate such a low protected virtual machine, the resulting proliferation rate and harm will be greatly increased.

In addition, such as "cloud" enterprise data loss and leakage, virtualization caused by the technical loopholes "sharing", user accounts, services and identity, etc., are the current "cloud security" real "pain point."

In other words, "cloud" itself is the biggest security risk. In the face of this problem, trend technology in 2010 under the original Cloud Computing technology Architecture Security services, proposed a new cloud Security 3.0 concept, to provide new cloud-oriented security services. That is, from the security from cloudcomputing (Protection from cloud computing) to security for cloudcomputing (to protect cloud computing).

Of course, if we want to solve the problem of "cloud security", it is obviously not enough to rely on the power of one manufacturer. Because the nature of security is a confrontation, looking for a "short plate" is much easier than adding all the planks. Therefore, this requires the industry to unite to form a complete protection system to jointly protect the security of cloud computing. You know, "cloud" is not only our tool, but also may become the hacker's "sharp weapon". It is the fundamental way to further develop the "cloud security" to face up to the weakness of our "cloud security" and to constantly upgrade the new protection technology, instead of speculating the market with simple labels and concepts.

We have heard it many times in the past: "The sensitive data of our enterprise will never be put into the cloud." "Of course, this is mostly about public clouds, not private clouds. The data submitted to the cloud must meet the requirements of the audit according to relevant laws and regulations such as the Sarbanes-Oxley Act and the health Insurance carry and Responsibility Act.

Michael Armbrust of the Department of Electrical Engineering and computer science at the University of California, Berkeley, said: "We believe that there is no problem in creating a cloud environment that is as secure as the existing various internal IT environments, using encrypted storage, virtual LANs, network middleware (e.g. firewalls, packet filters) flexibly. Technology can quickly solve some of the problems that have been encountered. ”

In fact, global network security companies are concerned about the security of cloud computing, the trend technology is the first to put forward the concept of cloud security enterprises, as a leading technology companies, it began to use cloud computing technology and resources to protect users, and in the past two years, the introduction of cloud Security 1.0 and 2.0 content.

VMware has been the largest cloud services solution enterprise, not only in the hardware configuration, development framework and application types to maintain a relatively open, and, through the collaboration with trend technology, to provide users with the most secure virtualization architecture, interfaces and certification procedures. This benefits from the trend Technology Cloud Security 3.0 solution provides users with dual protection solutions: Cloud shields and cloud safe.

Oscar, Global executive vice president of trend technology and general manager of Greater China, said: "The emergence of cloud Security 3.0, not only is a technology upgrade, but also for the cloud computing environment, a subversion, to a more complete solution to protect the cloud infrastructure." ”

And the national technology security manufacturer's representative NSFocus, in its own cloud security program also includes the application for abnormal traffic cleaning security cloud, this model has been in a number of operators backbone network and metropolitan area Network has been widely deployed. This time it launched the detection of malicious Web site Security cloud will be with the exception of traffic cleaning security cloud combination, from the application and content security level to enhance the user's security experience.

Unlike the previous focus on traditional divide-and-conquer network security, NSFocus Technology Cloud Security program based on NSFocus in intrusion prevention, vulnerability scanning, horse prevention, traffic cleaning and other aspects of the years of research capacity, combined with strong computing power, providing a wide range of network environment to eradicate the security problem of a new idea, Users will have a new security experience.

Link

Withstand the risks of virtualization

Unlike traditional it architectures, in cloud computing, the power structure dominated by machine control and authority is moved slowly from enterprise to service provider. The cloud process from traditional architectures to virtual architectures can be divided into three phases:

The first phase is server consolidation. The traditional way is to build the computer room first, which takes a long time. Merging servers is the first step in virtualization. Server integration can reduce some space to achieve energy-saving emission reduction, so that enterprises more "green." However, the increase in server consolidation may affect business continuity and may not necessarily be done immediately, so virtualization of the second stage of the desktop appears. The third stage is the shift of the cloud, which is at a higher level considering cost and competitiveness.

There are some risks in the process of virtualization as a whole. The first is that systems and data are not controllable. The traditional machine has fixed time and space, and the space-time transfer of the system and data becomes uncontrollable, which is the biggest difference between the cloud and the tradition. The second risk is that virtual machines will attack each other. In the virtualization layer, the virtual machine itself is an operating system, as long as the operating system is vulnerable. The third risk is that multiple virtual machines are difficult to control when they coexist. Used to be a firewall for a machine, patching is easy. And some of the virtual machines will sleep, which brings great trouble and risk to security control.

In doing security precautions, the traditional practice is a virtual machine inside an anti-virus software, the results of multiple virtual machine scanning will be the system resources all "eat", this is the traditional fortress-style defense. And after the connection with the public cloud, the fortress disappeared. How to redesign this security architecture is a big challenge. and data destruction is difficult. Because the service providers will help back up, a picture on the internet can be deleted after the deletion is still able to be found, privacy is not a good guarantee. Under such circumstances, does the service provider of the public cloud have to undertake certain responsibility?

How to guard against risks at all stages of the above? This needs to be fully considered in the cloud design.

First, a good cloud has to be fully flexible, and the best way to do that is to protect it from physical machines to cloud computing. The integration of protection systems is, in fact, a new security concept. The general virtual security system itself is a virtual machine, when it enters the physical machine and system integration is good, all traffic first through the virtual machines and then "feed" to others, install a security system can achieve and install 10 sets of the same effect.

Second, to have a comprehensive, through encryption to unlock the way to protect data. For many people, the confidentiality of information is very important, the data holders and key owners must be separated, so the problem is not much.

Third, the implementation of modularity, licensing and application of one or more protective modules.

IV, with openness, the ability to integrate and leverage VMware's program interfaces, products, and technologies. Virtual platform for integration, the use of less resources.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.