Cloud security issues need to be adjusted by developers

With the rapid development of cloud computing industry, more and more enterprises begin to migrate the business system into the cloud domain. This year, Hillstone, checkpoint and other security companies have announced to enter the cloud security field, and RSA, McAfee, NetQin, NSFocus and other companies also said that will continue to increase the cloud security program construction. So, cloud security development is about to enter the outbreak period. Hillstone Telecom chief technology expert Tan Yi forecasts the future development of cloud security: "It is estimated that in 2013-2014 years, cloud security will enter a real market eruption." ”

Nearly half (43%) of corporate IT decision-makers say they have had security lapses or security problems over the past 12 months, according to a global Cloud computing security Survey recently conducted by trend technology.

In the next three years, the development of cloud security will enter the outbreak

While cloud computing penetration is growing in most countries, many companies still don't know what cloud computing services are. In the survey, trend technology asked respondents to read the cloud computing Services list, and 93% of respondents said that at least one of the services in the list had been used. But 7% said the company didn't have any plans to adopt any cloud computing services. As you can see, there are still some users who are unable to identify the cloud services they are using.

As for protecting sensitive information in the cloud, businesses rely on encryption. 85% of respondents said their data stored in the cloud would be encrypted. And more than half of the respondents said they would give priority to cloud service providers that already provide cryptographic services for data storage devices before taking full advantage of cloud services. But even so, the current cryptographic key management technology used by cloud services is still not mature enough to have many weaknesses.

Most organizations use some form of API key to access cloud services. The protection of these API keys is important. In fact, in the 2011, the importance of API keys was gradually realized, and companies were more aware of their full protection of these keys. After all, the API key is directly related to sensitive information in the cloud. If an enterprise's API Key management is loose, then the enterprise is under these threats: 1. Unauthenticated user access secret information using key; 2. Unauthorized access to the cost-support appropriation service may result in large credit card bills.

As we all know, many cloud services are accessed through a simple Rest Web service interface. Usually we call them APIs because they are similar to the concept of the heavyweight API in C + + or VB. But it's easier for users to use these APIs on Web pages or mobile phones. In short, API keys are used to access cloud services. Gartner's Darryl Plummer that cloud technology should combine services. Companies want to connect their local-run applications to cloud services, connecting cloud services to cloud services. All of these connections should be secure, and their performance should be monitored.

Obviously, API key controls are tools that touch the important content of cloud services, but these keys are often sent by mail or stored in a file server for most people to use. For example, if an enterprise is using SaaS products, such as Gmail, they usually get the API keys back from Google. This API key is valid only for the enterprise and allows employees to log in and access the company's mailbox.

Industry experts say security is the most discussed issue as early as a few years ago when the concept of cloud computing began to rise, and security is still the most vexing problem for developers.

IBM Distinguished Engineer Mac Devine says the transition from a dedicated facility to a shared environment in cloud computing means that developers must establish enough security in their applications that developers should not assume that public cloud providers can secure data.