At present,
cloud host is a typical application of cloud computing. But if you want to carry out the cloud host business, you must first solve the security problem, because security is the first consideration when customers choose cloud computing applications, and it is also the basis for cloud computing to achieve healthy and sustainable development. In recent years, the security incidents of mainstream cloud computing service providers in the industry have exposed many hidden dangers in service availability, content security and privacy protection of cloud computing applications. So how to do a good job of security operation by using
cloud host?
Firstly, the security risk of cloud host is analyzed
As a new computing mode, cloud computing operation is different from traditional IT business, facing new security risks, mainly including technical risk and management risk.
1. Technical safety risk
From the technical point of view, the cloud host system is similar to the traditional IT system. The security problems existing in the various levels of the traditional IT system still exist in the cloud host environment, such as the physical security of the system, the security of the host, network and other infrastructure, application security, etc. As a new computing model, cloud computing introduces new security risks, mainly including the following points.
(1) Resource virtualization sharing risk
In cloud host, the hardware platform is shared by multiple applications through virtualization. Because the traditional security policy is mainly applicable to physical devices, such as physical hosts, network devices, disk arrays, etc., but can not manage each cloud host and virtual network, the traditional protection mechanism based on physical security boundary is difficult to effectively protect user application and information security in shared virtualization environment.
(2) Platform security risk
Due to the high concentration of users and information resources, cloud computing applications are more likely to become the target of various denial of service attacks, and the consequences and destructiveness caused by denial of service attacks will obviously exceed the traditional enterprise network application environment. Therefore, the security protection of cloud computing platform is more difficult.
(3) Data security risk
In the process of using cloud host service, it is inevitable for users to move data from their hosts to the cloud through the Internet, and log in to the cloud for data management. In this process, if we don't take enough security measures, we will face the security risk of data leakage and tampering.
2.
Cloud host security operation scheme
As a typical IAAs service, cloud computing users need to be responsible for all security issues above the virtual infrastructure architecture they purchase, such as the security of their own operating systems and applications. As a service provider, we only need to focus on the reliability, physical security, network security, virtualization security and so on.
3. Managing security risks
The management capability of cloud computing service providers will directly affect the security of user applications and data. The cloud host system mainly faces the following security risks:
(1) Personnel management risk
The dereliction of duty of the internal personnel of cloud computing service providers, especially the administrators with senior permissions, may bring great threat to the user data security, such as unauthorized replication of cloud host image, resulting in the disclosure of user data or privacy.
(2) Risk of unclear security interface
Because the user does not directly control the cloud host system, the protection of the system depends on the cloud computing service provider, but the cloud computing service provider is not clear about the upper application of the user, so both sides need to reach an agreement on the security interface to avoid operational risks.
(3) Service continuity risk
Users' data and business applications are in the cloud computing system, and their business processes will depend on the services provided by cloud computing service providers. This challenges the service providers' cloud platform service continuity, SLA and it processes, security policies, event processing and analysis capabilities. At the same time, when system failure occurs, how to ensure the rapid recovery of user data has become an important issue.
(4) Legal compliance risk
Cloud computing has weak regional application and high information mobility. Information services or user data may be distributed in different regions or even countries. There may be legal differences and disputes in government information security supervision. Cloud computing service providers need to reasonably regulate the compliance of operation management system and business provision based on the requirements of laws and regulations, and reasonably set the service content in the jurisdiction of commercial contract to avoid unnecessary legal risks.
Through the above analysis, cloud host business should start from the perspective of traditional security management, based on the mature security theory and system, combined with the characteristics of cloud computing system and application, extend the existing mature security technology and mechanism to cloud computing application and security management, so as to meet the security protection needs of cloud host, so as to provide better and better cloud host service for customers And security.
