Cloud computing is the core of a new generation of it change, involving many industries such as the Internet, it and telecommunications, which have an increasingly wide impact on society. Cloud computing integrates decentralized resources (computing, storage, networks), leveraging core technologies such as virtualization and distributed computing, to provide users with more powerful, low-cost, convenient, rapid, flexible, personalized service capabilities. Cloud computing consists of four types of public cloud, private cloud, community cloud and mixed cloud, providing IaaS, PaaS, SaaS, three services and their derivative portfolio services.
But security is a key factor in the development of cloud computing.--IDC surveys show that cloud computing security issues are a primary concern for people to accept cloud services. As cloud computing employs more emerging core technologies, the security of cloud computing services is particularly compelling compared to traditional information services. There are even views that cloud security is the key to whether cloud computing services can be replicated.
Security is a major problem in cloud computing
But what is cloud security? How do you protect cloud computing security? We contacted another hot spot--food safety problem with cloud computing security, which was concerned by the public in our country in recent years, with "fish safety" as a control.
If you intend to make a meal at home to entertain guests, you will certainly have to protect the "fish safety"; Look, this is similar to our guarantee of "cloud security"! So how can "fish safety" be ensured in an age of security threats such as "food hygiene problems"? CSA: The key area of cloud computing Security Guide V3.0 The 13 domains for security issues in a variety of cloud services and deployment patterns are categorized as governance domains and operational domains, with a wide range of governance domains, strategies and strategies to address cloud computing environments, while operational domains focus on more tactical security considerations and implementation within the architecture. Next, we'll talk about how to do "Fish safety" in governance domains and run domains.
First, we need to buy a fish. To get a healthy fish, we need to from the regular fish stalls/supermarkets such channels to purchase, here is the first step of "fish safety", similar to cloud security governance and enterprise risk management, good development of information security governance process is effective governance and enterprise risk management premise; Ensure that all cloud deployment models have appropriate information security throughout the information supply chain (the provider, user, third party vendor) of the cloud computing service.
Then we check the food safety label, such as the QS logo, pollution-free agricultural products, such as signs, to see if this fish has quality assurance. The Food Safety label is the legal security guarantee that the fish supplier has made to us. This step is a cloud-safe contract and electronic evidence discovery that provides contractual security for cloud computing providers. This is the key to data migration in the cloud, protocols to related cloud services, and evidence discovery, which protect cloud security from the legal level and provide strong oversight.
The above two steps are not enough, we also have to confirm the food processing process of the operation safety is under supervision, similar to cloud security compliance and audit management. Compliance and audit management is the implementation of security policies and regulations to maintain the organization's own compliance, to migrate to the cloud users and service providers to provide guidance to complete the cloud security protection.
OK, we have found a healthy fish, then we need to keep the fish fresh and safe. A way to protect the underlying data security of cloud systems and applications against cloud-safe information management and data security domains, "Fish safety" This step requires new strategies and technical frameworks, preferably based on the fish safety cycle (data security lifecycle) to determine what kind of fresh-keeping techniques are used (security policy) ( Cloud Safety meter architecture) to make sure the fish is fresh.
Now it's time to take the fish home, to keep the fish safe in transit and to ensure that the fish can be transported in different locations. This is like interoperability and portability in cloud security. Cloud computing and data exchange and computing interaction requirements high, which requires high portability and interoperability assurance to enable environmental changes to maintain the consistency of security control, cloud service providers need to have universal, standard, open Interface and protocol.
Fish safety "governance domain"
The above is the "governance domain" of fish safety, and the following goes to the scope of "run Domain". To do a meal "fish feast" to entertain guests, simply speaking, cooking fish began. Culinary Requirements for kitchen basics such as kitchenware, electricity, gas, and for us to reflect the state of the kitchen environment at all times is an essential condition for any cooking process. This is equivalent to traditional security, business continuity, and disaster recovery in cloud security. Like traditional network security, this is an essential prerequisite for cloud services.
We also need to ensure that the kitchen is clean, which is the long-term stability of the next cooking work, cannot imagine how to make a meal in a messy, garbage-strewn kitchen. Analogous to cloud-safe data center run domains, it is necessary to properly evaluate the provider's data center architecture and operations to ensure that the system, data, network, management, deployment, and personnel are fully isolated from one another, helping to maintain long-term stability.
The kitchen light is not enough, we usually install smoke, timers, refrigerators. This is to provide us with adequate and accessible safety precautions during cooking, providing emergency relief. This is the cloud-safe incident response domain, which examines the characteristics of cloud computing and the various service deployment models for event handling, based on the NIST emergency handling guidelines, and establishes event response lifecycle management to adequately and efficiently handle security incidents in the cloud.
Finally, it is time to cook, we need to master the heat, to ensure the safety of fish "application security." Cloud computing has a broad impact on application lifecycle security across all levels of SaaS, PaaS, and IaaS for cloud services. Cloud Security Application Security domains protect applications that run in the cloud or are about to be developed (including ensuring that an application is migrated to or designed to run in the cloud) and decide what type of cloud platform to migrate to.
Whether a fish is good or not depends largely on the unique recipes you have. One of the important steps in fish safety is to keep this secret. Similarly, in cloud security, encryption and key management are used to address cloud users and providers to avoid data loss and theft. Because the cloud environment is shared by multiple "tenants," the effective isolation of data and applications, and the security protection in the internal transmission and rest state also depend on encryption and key management.
Besides, who cooks fish is a big problem. You can cook it yourself or designate a trusted friend to do it. You have to audit the chef, as in the cloud security identity, permissions and access management, to determine whether the chef's identity is true, whether he has the right to cook fish, and he entered the kitchen also need your approval. Anyway, after everything is ready, you want to visit the kitchen as a good cook rather than a hungry wildcat.
So far, the fish has been done, but a "fish feast" also needs a table good side dishes, combined with the "feast". As a cloud security virtualization domain, virtualization as one of the core technologies for cloud computing brings great benefits, but also brings a series of serious network security protection issues (operating system virtualization, multi-tenant, VM isolation, VM cohabitation, hypervisor vulnerability, etc.). We should pay special attention to the security issues related to system and hardware virtualization, so that we can achieve a complete cloud security.
Fish safe "Run domain"
Finally, all of the above fish safety control measures can be seen as a "Fish Safety assurance" service (see our cloud security as a service services). You can order this service directly, for example, find a professional hotel (our cloud security provider) directly for you to make a grand and safe "fish feast."
The article is coming to an end. We have likened the "fish safety" problem in a "fish feast" to a brief introduction to cloud security of cloud computing, and I hope you have a general understanding of cloud security. The rise of cloud computing in the present, as well as the "fish safety" work, do a good job of "cloud security" in the emerging environment of the big road!