Cloud security policy for public infrastructure

"Cloud computing Security: Technology and Applications," the 4th chapter of cloud Computing Application Security protection, this chapter will be based on the previous chapter of the cloud computing security system and its protection ideas, mainly from the cloud computing core architecture security, cloud computing network and system security protection, data and information security, As well as identity management and security audit four levels to systematically explain the application of cloud computing security protection scheme, combined with different cloud computing application characteristics, respectively, the cloud service provider's public infrastructure cloud and the enterprise user's private cloud to put forward security protection strategy application recommendations. This section describes the public infrastructure cloud security policy.

4.5 Cloud computing Application Security Policy deployment

The above content of this chapter mainly from the technical level system described the cloud computing application of security protection program, for different cloud computing applications, the focus of security policy deployment differs, and this section takes into two typical cloud computing applications-public infrastructure cloud services and enterprise private cloud-for example, Make recommendations for their security application strategy deployment.

4.5.1 Public infrastructure Cloud security policy

Cloud service provider's public infrastructure cloud is mainly based on the cloud computing platform's IT infrastructure to provide users with rental services, such as IDC. For this type of cloud service, on the one hand, it is still based on the traditional IT environment, the security risks and the traditional IT environment is not fundamentally different; On the other hand, the introduction of cloud service model, operation model and cloud computing technology brings more security risks to service providers than traditional IT environments.

For public infrastructure cloud services, the focus needs to address security issues such as cloud computing platform Security, user information security isolation in multi-tenant mode, user security management, and legal and regulatory compliance. Because the public cloud platform carries the massive user application, how to guarantee the cloud computing platform safe and efficient operation is vital. In a typical multi-tenant application environment of public cloud, it is directly related to whether the user's security privacy can be effectively protected. At the same time, legal and regulatory compliance is also very important content, as a cloud service provider to provide services to the outside, need to consider to meet the relevant legal and regulatory requirements.

For the cloud service provider, in the current cloud computing services are still in the evolution phase, the implementation of comprehensive security features and technical requirements is not overnight, the need to integrate specific business application development, step-by-step implementation of security deployment and management work. Its primary security deployment strategy can include the following.

(1) Basic security Protection: the establishment of public infrastructure cloud security system to ensure the basic security of cloud computing platform, mainly includes the construction of cloud computing platform infrastructure Network, host, management terminals and other infrastructure resources of the security protection system, the construction of cloud platform itself user management, identity identification and security audit system. For some key application systems or VIP customers, we can consider building disaster tolerance system to further enhance its ability to deal with emergent safety incidents.

(2) Data regulatory risk aversion: At present, the international community on the increasingly globalized cloud computing services in the Cross-border data storage, flow and delivery of the regulatory policy has not been agreed, in the event of a security incident, how to assess and compensate for the damage caused by more controversy, therefore, The cloud service provider needs to reasonably set up the jurisdiction and the SLA clause in the commercial contract, and to standardize the operation management system and the compliance of the business, in order to avoid the unnecessary operation risk.

(3) Security value-added services provided: in the construction of the infrastructure level of the security protection system on the basis of further improve the user's stickiness, to provide users with optional application, data and security value-added services to improve the commercial value of security services. At the same time, in order to improve the user's perception of security, security can be realized by means of security reports and security peripherals.

(Responsible editor: The good of the Legacy)