From the concept to the practice depth analysis operator and cloud security

Source: Internet
Author: User
Keywords Cloud Security
At present, more and more market data are dispelling doubts about the "cloud" concept, and a growing number of successful deployment cases show that cloud computing is no longer a disembodied vapor floating overhead. Cloud-Based security services (cloud-based) are emerging, with more and more enterprise users becoming beneficiaries of cloud security services.

Then, the domestic telecom operators in the cloud computing and cloud security, what unique insights and views, and what practice? This article according to operator experts in the CSA 2010 Cloud Security Alliance Summit Forum speech, from the idea to practice, in-depth analysis of operators and cloud computing, cloud security.

Special guest:

Sun Hongwei of China Mobile Research Institute

China Telecom Guangdong Research Institute Jinhua Min

1. Surging, what is cloud computing, what is cloud security?

Sun Hongwei: We define cloud computing as an IT system implementation technology that uses large, Low-cost computing units to connect over IP networks to provide a variety of computing services. Cloud computing systems should meet the following characteristics: (1) Large-scale: a cloud computing system by a number of nodes with a certain size of the IT system cluster; (2) Smooth expansion: The system cluster scale has flexible extensibility and elasticity; (3) resource sharing: provides one or more forms of resource pooling, including physical servers, Virtual server (virtual machine), transaction and file processing capabilities or task processes, as well as storage resources, which can be implemented in an abstract manner and can serve a wide variety of applications at the same time; (4) Dynamic allocation: The realization of automatic resource allocation management, including real-time monitoring and automatic scheduling, etc. (5) Cross-geographical: cloud computing system needs to integrate different geographical resources, provide various levels of management capabilities. The basic classification of cloud computing can be based on the types of services provided, such as SaaS, PAAs, and so on, depending on the characteristics of cloud service objects, such as shared cloud, private cloud, mixed cloud, and so on.

Jin Huamin: There are two internal and external reasons for the generation of cloud computing, first of all, the rapid development of Internet technology is the internal basis of cloud computing; second, the business model is the external demand of cloud computing development, the concept of many enterprises and organizations has changed, from traditional purchase IT infrastructure to information service, Pay on demand. Cloud computing is the technology that comes with this background, service, is also a business model, it is the traditional it field and communication technology progress, business model transformation together to promote the results; it is a pool of cluster computing capacity through the Internet to the internal and external users to provide self-service, on-demand service of the new Internet business, new technologies. The basic features of cloud computing are network-centric, service-providing, resource pooling, transparency, high scalability and high reliability.

Cloud security includes two aspects, one is security cloud computing, that is, cloud computing technology in the security field of specific applications, is a branch of cloud computing applications, can use cloud computing technology to improve the security system service efficiency, such as the cloud based anti-virus technology, horse detection technology, and the second is the application of cloud computing security, In other words, using network security technology to enhance the security of cloud computing applications, including how to ensure the availability of cloud computing services, data confidentiality and integrity, privacy protection, and so on, cloud application security is the basis for the sustainable development of cloud computing applications.

NSFocus: Cloud computing is a way of computing where resources are provided to users as "services" through the Internet, and users do not need to know, know or control the technical infrastructure that supports these services. Cloud computing is the development of parallel computing, distributed computing and Grid computing, or the commercial implementation of these scientific concepts; cloud computing is also virtualization, utility computing (Utility Computing), IaaS (infrastructure as a service), PaaS (Platform-as-service), SaaS (software as a service), HaaS (Hardware as a service) and other XaaS (all services) concepts and technology hybrid evolution results. When it comes to cloud computing and security, there are generally two aspects of meaning, one is the security of cloud computing itself, mainly how to build a security protection system to protect the security of the cloud computing platform itself; the other is cloud security, that is, using cloud computing technology to provide security as a resource and service, such as NSFocus Web site Security monitoring services, reputation services and so on.

2. The cloud era, the security challenges facing

Sun Hongwei: Cloud computing faces four major challenges. First, the most important is the application and data security issues, as long as the inclusion of user-sensitive data in the cloud, there will be data security risks, in the enterprise private cloud, the different departments of data on the cloud, there is also a problem of information security, especially financial data, human resources data, customer data and so on. The second major problem is interoperability, standardization, such as the poor interoperability of different clouds, and, for example, at the PAAs level, the interface may need to be developed if the interfaces provided by different developers are incompatible. The third is the quality of service assurance issues, such as Google services have been interrupted. The other is the challenge of management model, the focus of cloud computing, if the cloud centralized who to manage, who to transport the dimension, the division of responsibilities and other management patterns have been changed.

Jin Huamin: Cloud computing applications currently face a number of major security risks, the first is the user information abuse and risk disclosure. Second, under the environment of multi-tenant, users ' information security and information isolation have put forward new requirements. The third is the threat of service availability, where users ' data and business applications are in the cloud computing system, challenging service continuity, SLA and it processes, security policies, emergency response, and so forth. Four is the threat of hacker attacks, user information resources are highly concentrated, easy to become the target of hacker attacks, including the theft of cloud computing key applications, information, but also can steal the computing power of the cloud to use illegally. Finally, the risk of the law, because cloud computing application information mobility is large, regional weak, information services or user data may be distributed in different regions, or even different countries, in the Government information security supervision, industry norms and so on may have legal differences and disputes.

NSFocus technology: Cloud computing faces a wide range of security threats, very much, in short, there are more specific aspects of the main include the following four: (1) A large number of rapidly emerging web security vulnerabilities: compared with traditional operating systems, databases, C/S system security vulnerabilities, multiple customers, virtualization, dynamic, The characteristics of these Web2.0 and cloud services, such as the complexity of business logic services and user participation, represent a huge challenge to network security, even disaster. (2) Denial of Service attacks: Denial of service Attacks Dos and DDoS are not unique to cloud services, but in the technology environment of cloud services, key core data, services from the enterprise network, migrated to the Cloud service center, and more applications and integration services began to depend on the Internet, The consequences and disruption of denial of service will significantly outweigh the traditional enterprise network environment. (3) Internal data leakage and misuse: Enterprise's important data and business applications in the cloud service provider's IT system, how to ensure that the cloud provider's own internal security management, how to avoid the cloud computing environment in the potential risk of multiple customer coexistence, these are the cloud computing environment users of the most serious security concerns or challenges. (4) Potential contract disputes and lawsuits: cloud service contracts, SLAs and it processes, security policies, event handling, and analysis may be imperfect; In addition, the uncertainty of physical location and the complexity of international laws and regulations brought about by virtualization, have made potential contract disputes and legal lawsuits a major challenge in exploiting cloud services. In other terms, for telecom operators operating cloud security, there are two very real problems and challenges: how to enter into an appropriate and reasonable SLA agreement with the customer; the second is how to avoid the price war, which is not only a business model (business model) of the problem, Regardless of the type of billing model (pay per use or pay/month), there is a challenge to the forward payoff-users tend to be more inexpensive. How to persuade users to buy a better rather than cheaper service is something that telecom operators must think about.

3. From the concept to practice, the parties in action, build security

Sun Hongwei: "Bigcloud (Sutra)" program, in September 2008 completed a large-scale operation of the first phase of the project construction, configuration of 256 PC servers, the initial establishment of large-scale computing platform research and development and test environment; December 2009 completed large-scale laboratory two expansion project construction; May 2010, we released the results of the Great Cloud 1.0, released five applications (including: Parallel data mining tools, distributed mass Data Warehouse, flexible computing system, cloud storage systems, parallel computing execution Environment); At present, the platform has 1036 servers, 5,208 CPU cores, 10T of memory, 2.8P hard disk.

For cloud security, we think that we should consider from three perspectives: first, cloud computing providers should consider the guarantee of service quality, and the second is that users need to consider the issue of information protection; third, managers need to consider some regulatory issues, such as the development of security systems, policies, cloud computing security standards, The service provider should also be monitored and supervised. From a technical standpoint, we think that cloud security should be an end-to-end solution, mainly includes these aspects of security: first, virtualization security, such as virtual machine monitoring, virtual machine isolation, mirrored security storage, virtual machine security migration, the second is the operation of security, such as static code analysis, internal and external attack protection, program operation Security; three is interface security , such as avoid policy evasion, avoid malicious interface calls, interface call authentication, four is data security, such as data encryption, security access, content security, data backup and extinction.

Jin Huamin: For cloud security practices, China Telecom has established a large capacity DDoS attack defense service platform based on cloud computing architecture, which is based on cloud computing architecture, adopts the processing mechanism of "whole network unified dispatching, parallel processing and source cleaning", and improves the defense ability greatly on the basis of statistical multiplexing of resources. Become the first domestic telecom operators to market cloud security business, creating a telecommunications operator cloud security business precedent. In addition, China Telecom's fast-track business, mainly for DSL and LAN dial-up users, through the telecommunications side of the cluster deployment of multiple security gateway equipment, build a "security cloud platform" to achieve security resource pooling, through the unified resource scheduling, to provide customers with on-demand security access services, using cloud + end-to-end collaborative work mechanism, The dynamic real-time threat information centralized sampling, sharing and correlation analysis and strategy updating are carried out to achieve the goal of active defense.

NSFocus: As a professional safety manufacturer, NSFocus provides customers with a wide range of cloud security services, such as the credibility of the service through the mechanism of external access to the credibility of the Internet search services, to avoid users accessing unsafe Internet resources (in Cloud mode); NSFocus also provides Web site supervisors and owners with "Green League security Monitoring Services" through the Internet Security Monitoring platform, and once a security incident occurs, NSFocus will immediately notify the relevant personnel of immediate processing and response (from Cloud mode). Among them, the Internet reputation Service is based on years of security research formed by the knowledge accumulation, through the IP address, domain names and URLs and other resources of the content and behavior of the analysis and records, the Internet related resources to carry out threat analysis and credit rating. At present, NSFocus has reached strategic cooperation with the authoritative organization of International network Security (Stopbadware), as the data provider, together with Google, AOL, PayPal, Mozilla and other institutions to establish a more comprehensive, timely and accurate malicious Web site database, To achieve the global Internet users to share data, and jointly maintain the Internet good order.

4. Looking to the future, the good times of cloud security

Sun Hongwei: "Bigcloud" plan, is China Mobile to build cloud computing infrastructure implementation of key technology research program, there are two main purposes, one is to meet the needs of China Mobile IT support system, the second is to meet the needs of China Mobile to provide internet business and services.

Jin Huamin: Telecom for the development of cloud security business planning and imagination, is to achieve the cloud of security services, cloud security infrastructure and cloud security services in two aspects of the platform for the overall consideration and construction. The cloud security infrastructure can be managed and implemented through the SOC Operations management platform, meet two requirements, one is the network security operation and maintenance, the second is to provide cloud security services to customers; for the cloud security business platform, pay attention to the use of Third-party cloud security platform, such as the introduction of some security manufacturers to provide antivirus platform, etc. Full integration of internal and external resources, the use of resource pooling effect, enhance the overall information security infrastructure and service delivery capabilities.

NSFocus: In 2009, the Cloud Security Alliance CSA was announced at the RSA Conference to provide the best security solution for the cloud computing environment, and NSFocus, as the first member of the Asia-Pacific region to join the alliance, will work on cloud security and cloud computing. Provide technical support for cloud computing and cloud security services to help operators improve security capabilities.

5. Summary

The rapid development of Internet application enriches and facilitates people's production and life, and objectively provides a wide space for hackers to exert their fists. In the "cloud" era, the constant change and evolution of the means and manner of attack, the traditional enterprise security protection system is facing unprecedented serious challenges.

With the cloud computing in various areas of the attempt and landing, cloud based security services have been from the conceptual phase of the transition to the completion and promotion phase. The Chinese mobile "Bigcloud", China Telecom's DDoS attack defense business platform and the safe fast lane business, are both cloud computing and cloud security beneficial practices, opened up a new business model. And NSFocus, as a professional security vendors, on the one hand to provide security solutions for the cloud computing platform itself to provide security support and protection; On the one hand, the introduction of NSFocus cloud security services, such as Internet reputation Services, web site Security monitoring services, to provide customers with security services to ensure the safe operation of their business

In the "cloud" on the road, the parties should work together to promote the development of cloud Security service model and maturity, for the end customer to provide quality cloud security services, to achieve win.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.