Data security new demand encryption in cloud architecture to deal with traditional protection crisis
Source: Internet
Author: User
KeywordsSecurity data security tradition virtualization
The introduction of cloud computing makes the integration and sharing of resources increased, about cloud computing, the Internet can see the overwhelming introduction and elaboration, the word is now well-known, and slowly towards the public many areas, and we have been concerned about the data security issues, but more and more prominent. Peng Yu into security experts said that the cloud computing architecture under the mass data and traditional mode of data in different network environment, and its security protection system of course, there are very big differences. To a certain extent, the traditional protection in the cloud architecture has encountered bottlenecks, which also stems from the cloud era of new data security requirements, so we need to advance with the times, with targeted new protection programs.
(i) New virtualization security requirements-strict restrictions on access and establishment of control measures
The virtualization of cloud computing data centers is divided into software virtualization and hardware virtualization. Software virtualization refers to the ability to create, run, and revoke virtual servers by directly deploying the software on a physical machine. In this case, users have the conditions to operate multiple virtual servers at the same time, so there must be a strict restriction on any unauthorized user access to the virtualization software layer, such as the establishment of stringent control measures to limit physical and logical access control for hypervisor and other virtualization levels. The security of hardware virtualization can draw on the security of physical server, mainly from the entity machine selection, Virtual server security and day-to-day management of 3 aspects to develop a safety protection program. In addition, under the condition of high resource integration, the requirement of resource allocation and security isolation between data is higher, and security equipment should be adapted to the requirements of cloud computing data Center virtualization.
(ii) Mixed security boundary-need to encrypt protection against data source
One of the important ideas in the construction of the traditional data Center security protection system is the security isolation and access control based on the boundary, and emphasizes the zoning planning and layered protection. But in cloud computing data centers, where resources are highly integrated, infrastructure is unified, and security device deployment boundaries have become blurred and even disappearing.
The widening and blurring of the network boundaries makes it workers face huge amounts of data information that is under greater pressure to manage and consolidate than ever before. In particular, more and more personalized Internet mobile terminal devices, such as smartphones and notebooks, make data transmission and access increasingly complex, with personal data and enterprise data crossing. Traditional protection has appeared stretched, therefore, Peng Yu into security experts said, since the data boundary is mixed, then we have to change the security policy, from the source of data to carry out encryption protection, which may be the most direct and effective way to protect data security.
This is because the use of encryption software to encrypt sensitive data information, only authorized or decrypted in the case to open and access data, no one can illegally use. Regardless of the data in what environment is transmitted and stored, always in the encryption state, but also from the source blocked the leak path. And such encryption solution, is Peng Yu into software company Enterprise-class encryption software--PYC File Protection system can provide.
(iii) Security threat discovery and processing scope to become larger--data linkage Security defense system
In traditional data centers, the source of information about security threats is the security software deployed on the client and the hardware security products deployed in the network. Managers in the information can be in a very short period of time to deal with security threats, but this processing is a subregional, that is, can not do the entire data center of centralized prevention and centralized treatment, can not form the overall security protection. In the cloud Computing data center, the perception and processing of security threats will tend to be unified, the information sharing rate is very high, the security protection system is more macroscopic than the traditional data center system, the protection scope is bigger.
Security experts said that the data linkage security system has greatly improved the information security threat factors of discovery and processing scope, so that our defense of data security risks from passive to active, this is the cloud computing architecture under the large data security brings great opportunities. Taking advantage of this opportunity will help to promote the development of information security industry and bring new ideas of industrial development. and encryption software as the best solution for data protection, but also to adapt to the potential of data security, to improve the scope of protection and security level, to complement the traditional data protection system of the short board.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.