The solution of the security problem is the key factor of whether cloud service can get the user's approval, and cloud security is one of the main obstacles to the current cloud computing application. In addition to the possible system failures of large-scale computing resources, cloud computing security risks include the lack of uniform security standards, applicable regulations and privacy protection for users, data sovereignty, migration, transmission, security, disaster preparedness and so on.
Cloud security can be divided into two categories in nature, one is the user's data privacy protection, the other is the security of traditional Internet and hardware devices.
In data privacy protection, when the user information is stored on his or her own computer, anyone who needs the information is allowed to do so, and hacking triggers the law. However, when the user information is stored on the cloud, there is no clear legal requirement that the cloud service provider or other official agency should not be able to view the information, and how these privacy leaks will be penalized.
With the gradual improvement of it laws and regulations, cloud users can take cloud service provider as a bank to cooperate confidently, dare to save money in the bank, dare to store data in the cloud service provider.
In the area of technical security, the first is the security problem caused by multiple tenants. Different users are isolated from each other to avoid mutual influence. Cloud era, through some technology to prevent users intentionally or unconsciously "drop".
Secondly, the security risk problem brought by the third party platform is adopted. Providers of cloud services do not all have their own data centers, and once a third-party cloud platform is leased, there is a problem with the authority of the service provider manager.
Third, service continuity issues. Traditional Internet services also have a single point of failure, so there will be two-computer backup: The primary server to stop the service, the standby server in a short period of time to start and provide normal services.
In the traditional way, a group of services to stop the work will only affect their own business and users, but in the cloud environment, the cloud service provider's service terminated, the impact is not a user, but a large user, the scope can be very large.
Cloud security technology can be considered from the following several dimensions to consider how to improve the application.
First, data security: Cloud environment, the user data directly in the cloud computing and storage, the ownership of data and management rights of separation, bringing the cloud environment data security problems. At present, the data security protection technologies in cloud include: enhanced encryption technology, key management, data isolation, data residue.
Second, virtualization Security: Virtualization technology to enhance the infrastructure, software platform, business system expansion capabilities, but also make the traditional physical security boundaries are gradually missing, the past based on security Domain/security boundary protection mechanism has been difficult to meet the virtual environment of multi-tenant application mode, the user's information security, The problem of data isolation is more urgent in the shared physical resource environment.
Due to the introduction of virtualization technology, the cloud environment involves both virtualization software security and Virtual server security. The security problems brought by virtualization are only just beginning, and the security mechanism in virtual environment still has a big gap compared with the safety measures in traditional physical environment. Therefore, users who want to migrate to cloud computing environments need to know more about the security responsibilities of users and cloud service providers, and a secure cloud computing environment needs to be maintained by users and cloud providers.
Third, terminal security: With the development of cloud computing, cloud terminals appear. At present, terminal security can be protected in four aspects, such as terminal security infrastructure, trusted technology of terminal hardware chip, operating system security mechanism and Terminal Application Security update mechanism.
Application security: Because of the flexibility, openness and public availability of the cloud environment, it poses a great challenge to the application security. Cloud service providers should fully consider the security risks that may arise when deploying applications. For users who use cloud services, they should increase security awareness and take necessary measures to ensure the safety of cloud terminals. For example, users can use encryption to ensure their confidentiality when communicating between an application that handles sensitive data and a server. Cloud users should establish a regular update mechanism to patch or update the application of cloud services in a timely fashion.
Summary, China's cloud computing industry development must be in data migration, backup, encryption and location control in-depth research, to ensure the use of cloud services, usability, stability, security and so on. The resolution of the security problem also includes the continuous improvement of cloud computing laws and regulations to enhance users ' confidence in using cloud computing. In addition to technical problems, the user's awareness of self-protection must also be strengthened. Although, now gradually have a variety of security measures to protect, even in the future will continue to introduce sound laws and regulations, but the final data security is largely still in the hands of users.