Users who have just come in contact with the concept of cloud computing, the first reaction is always-is it safe? After some understanding of cloud computing, users always say that security is like the shortest piece of wood on cloud computing bucket, the reason why cloud computing this bucket of water is not satisfied, is safe this plank is too short.
Is security really the shortest piece of wood on the cloud computing bucket? Only in the context of cloud computing can security be truly provided to the user as a service. The security architecture of cloud computing is deeply defensive of the security risks that may arise.
A recent cloud-computing survey confirmed the user's concern, with 50% per cent of respondents thinking that the "security of data or cloud infrastructure" was the main factor impeding the popularity of cloud computing services, the first of all CIOs ' concerns. CIOs generally believe that, although the security of cloud computing has received unprecedented attention, but the information security environment has not been effectively improved, the opposite of insecurity increased.
The security risks of cloud computing
There are two reasons to question the security of cloud computing: first, companies in the past are more accustomed to building security defenses based on network boundaries, but one feature of cloud computing is the elimination of network boundaries. This is where CIOs are most worried: there is no security in the case of a border, let alone in an environment without borders.
Second, cloud computing is another feature of virtualization computing, the past forensics technology has not been keeping pace with the development of network technology, in the cloud computing environment, multiple operating systems and applications running on the same physical machine, so how to ensure the virtual environment of service security?
Wan is the elder of Chinese hackers, the "Eagle", the founder of the Chinese Hawks Alliance. After the 2000 "Sino-American Hacking War", WAN issued a statement: no longer engaged in organised attacks. WAN, now IBM's chief security advisor, believes that, even without cloud computing, there is never a 100% security: "If you copy ISO27000 's 133 control points, 11 controls, I'm afraid that no enterprise's information system is safe, so there is no absolute security." Security is to continuously reduce the information risk, and finally reduce the residual risk to a manageable, acceptable level. Many companies spend a lot of money to build a security system that hackers may see as vulnerable. Residual risk remains unacceptable. ”
The question arises, what is controllable residual risk? What is the level of risk that the CIO can accept? It starts with the security environment we're in. Before the user is a discrete security attack, the early hackers for interest, for a bit of fame, to conduct cyber attacks, but now information security has been too much with the economic threat entangled, hackers have been fully industrialized. 2010 China's computer virus industry revenue has been tens of billions of dollars, and China's security industry should not be more than 6 billion yuan, offensive and defensive relationship completely upside down. It seems impossible for an enterprise to rely on its own power to use discrete security solutions to deal with an already industrialized and unlimited security threat.
But cloud computing provides us with the possibility to improve the pattern. Cloud computing brings together the security resources that previous users could not achieve with their own investments, and the user changed the situation of individual struggle against a black team with a red team. Wan said: "Today's cloud computing security should consider who is in control systems, who is accessing, where information is stored." Past security is high cost, high-risk security, today users to the cloud computing, they want to lower cost, better security protection. ”
Security Architecture for cloud computing
Wan's view is that cloud computing is more secure, so what is the security architecture of cloud computing? Gartner lists the 7 major security risks of cloud computing, which is the 7 standard for building a cloud security architecture: Privileged user access, scalability, data location, data isolation, data recovery, research support, and long-term survivability. It is not hard to see that these 7 standards have been very different from the past definition of border security, which is more like the "deep defense" in the past. To summarize, the ideal cloud computing security architecture has four areas that require special attention:
First, users need to understand the current state of cloud computing. "Cloud computing will bring unprecedented opportunities for the security industry as a whole to improve the security status of both corporate and individual users," Wan said. The past is to rely on discrete security means to solve the unlimited security threats, cloud computing is the first resource convergence, its convergence in computing, storage, network resources, but also brings together the security resources. "In other words, after pooling the security resources, cloud computing can achieve an effective accident reporting mechanism, through third-party to achieve external audit and security certification." "The bottom line of residual risk is that, after a security incident, it can be traced back, and cloud computing is fully capable of providing relevant certification." ”
Second, cloud computing needs strict identity authentication. In the past, users have access to the relevant information through their username and password, but because cloud computing has no boundaries, special emphasis is placed on user identity authentication in the cloud's security architecture. This also includes the monitoring of privileged users.
Third, data security issues. In fact, in the technology architecture of cloud computing, the management of data is superior to the traditional discrete system architecture. Data protection is now available in almost all cloud computing solutions, and this is a far cry from the security model that was originally based on a single application.
Its four, the application of cloud computing security. At present, 80% of hacker attacks are targeted at the application tier. As mentioned above, cloud computing's underlying security system is superior to the average data center, so users can devote more effort to applying security, such as virtual mirroring, application management, and code detection mechanisms.
In addition, the security architecture in the cloud computing environment should include a secure operating environment, as well as the physical security of the cloud computing center.
To sum up, the security architecture under cloud computing is a combination of past security solutions that include both products and management and services. In other words, the security solution of the past is fully satisfied with the application of cloud computing architecture. But in the application, user identification has been strengthened, these aspects will lead to a new solution, but also it vendors competition focus.
Only in the context of cloud computing can security be truly provided to the user as a service. The industry has already seen the business opportunities, The independent "security cloud" concept, integrated security solutions and services for users of cloud computing to provide security services.