How to ensure data security during cloud migration

Source: Internet
Author: User
Keywords Cloud computing security data security
Tags .mall application applications backup broke broke out business class

Amazon's cloud computing center in North Virginia State, in April 2011, has been hit by a number of websites that use the Amazon service's answer service Quora, news services Reddit, HootSuite and location tracking service Foursquare. The interruption lasted nearly 4 days. For this reason, Amazon has issued more than 5,700 letters of apology to users for the downtime event, and has provided 10-day service points for the affected users.

March 2011, Google mailbox explosion of large-scale user data leakage incident, about 150,000 Gmail users found their own in Sunday all the mail and chat records were deleted, some users found that their accounts were reset, Google said the user affected by the problem is about 0.08% of the total number of users.

In September 2010, Microsoft apologized to users for having at least three managed service outages in the western United States, and the incident was a worry for those who consider using Microsoft's main cloud computing Office 365, bundled with Office suite software.

In the June 2010, Intuit's online billing and development services went through a major crash, with offline products, including Intuit's own home page, paralysed for nearly two days.

In the March 2010, Terremark, which provided public cloud services using VMware, had seven-hour downtime, allowing many customers to begin questioning their enterprise-class Vcloud express service.

In January 2010, 68,000 salesforce.com users experienced at least 1 hours of downtime.

March 17, 2009, Microsoft's cloud computing platform Azure stopped running for about 22 hours.

Cloud Computing yesterday

The two years of speculation in the cloud is not the nature of the new things, as early as the 90 's in the last century, the idea of grid computing, consider the full use of idle CPU resources, build parallel distributed computing. (Only this "martyr" has now been acquired by a company that is a traditional middleware.) And in 1999, a scientific experiment to search for extraterrestrial civilizations using a global networked computer SETI@home successfully implemented the idea of grid computing and built a small cloud environment through a traditional IP network. When a user participates in a SETI@home project, the relevant information in their computer, such as the processor model, the size of the memory, etc., is SETI@home recorded to determine what computing tasks are best suited to the computer.

From the application point of view, online mail services, search engines, instant messaging, online movies and other widely known online software as a service software can be seen as a form of cloud services.

As a result, today's cloud computing is just a way to deploy core-critical, enterprise-class applications to achieve the benefits of centralized deployment, such as increasing resource utilization, saving energy and reducing emissions, and deploying the various SaaS application architectures that are not the core of individual users.

Traditional IT architecture cloud architecture migration and power system development is very similar. Since Edison invented the light bulb, it has been insisting on the use of direct current electricity transmission power (because the direct current transmission distance can not exceed 1 kilometers, this requires many small power supply system, and Edison's electric lighting company is to provide such power supply), this large range, Small-scale power systems are exactly what equipment suppliers would like to see, and the great Nikola's invention of alternating current can achieve large-scale centralized power supply, and the huge changes in the Pay-as-you-go model make it possible to use electricity in areas without economic power to build small-scale power systems.

But the two sides of everything are perfectly applicable. A centralized operation (or power supply) pattern poses more serious problems for both security and usability:

Security issues: Applying a public utility means opening an additional portal, which may make security policies that are easy to implement in traditional architectures to be risky in the cloud. The application of public computing and storage resources means that part of the data is submitted to a location that is not in the control of itself, and you cannot ensure that the information is copied and stolen without authorization.

Usability issues: Availability levels that are inherently manageable, including response time, service online time, and so on, may not necessarily be fully guaranteed in cloud services. While most cloud providers offer gorgeous service-level commitments (SLAs), it is feared that few users will be fully confident after the risk incident. In addition, the Chimney-style architecture (a stand-alone system relative to the cloud architecture) can achieve complete physical level of fault isolation, which is unimaginable in a cloud environment. In other words, your system may be affected by other system failures.

Public cloud

As early as the end of 2010, the author of the United States in the name of IT technology media techtarget, the domestic public cloud within 3 years of the main development object focused on the individual users and small and medium-sized enterprises in the Non-core applications, such as personal mail, online OA, data archiving backup.

Cloud environment migration requires a long process. In this process, enterprises need to analyze and classify their various systems, applications and data carefully. In general, core data for critical business should remain in the traditional chimney-style architecture and be equipped with highly available business continuity tools to ensure acceptable RTO (recovery-time objectives) and RPO (recovery-point objectives). For archiving or compliance class information, consider migrating incrementally to a mixed cloud deployment, with a secure gateway at the interface as a local cache of security protection and information, using a public cloud linear expansion, Pay-as-you-go model to transform investments that were originally on fixed IT equipment to predictable operating costs.

Of course, security remains the biggest challenge for the public cloud to accept, and in a cloud-tracking poll for IT pros, the technical difficulty in preventing cloud computing applications is how to ensure the security of cloud data and reduce latency during data transfer. Even if data placed within the company is at risk, the biggest risk in shared storage is data loss/leakage, and the greatest risk in a virtualized storage environment is access rights, data backup, and destruction. It is necessary to solve the problem of cloud storage security from data isolation, data encryption, third party real name authentication, flexible transfer, security clearance, full backup, time limit recovery, behavior audit and perimeter protection.

The current problem of data security is implemented through a storage virtual gateway (also known as a remote backup device, sqlremote Backup appliance) that provides encrypted backup services, as well as advanced features such as failover, dynamic expansion, load balancing, automatic thin configuration, In addition, a storage virtual gateway can serve as a buffer pool for storing frequently used data in a production environment, reducing the latency caused by accessing data from a cloud site. Currently, mainstream manufacturers of such products include CommVault, Symantec, EMC, ETIM, and Brocade.

In addition, for regulatory security, there is currently no consistent solution for all cloud service providers. Because in electronic evidence discovery, users and cloud providers must have a common understanding of each other's roles and responsibilities, including litigation retention, discovery search, expert testimony provider, etc. It is difficult for cloud service providers to provide real and reliable data at this stage to ensure that their information security systems respond to customer requirements, such as key information similar to metadata and log files. The data saved by the cloud service provider needs to be monitored at the same level as the data owner. Plan in advance the contract negotiation after the unexpected and unexpected relationship is terminated, and restore or dispose of the assets in an orderly manner.

Private Cloud

Many people think that private cloud is an effective way to solve all kinds of problems such as security in the process of landing cloud technology. The private cloud is similar to the public cloud, but it is a centralized management and backup of the traditional IT resources of the enterprise; The core of the private cloud is virtualization technology, which breaks down all physical machines and physical storage resources to improve the efficiency of the overall system.

Private cloud from the overall architecture and traditional IT environment does not have a substantial difference, so from a security perspective, the private cloud is also facing the traditional IT environment faced with various security issues, the past data security, network security and application security in the private cloud environment also exist. However, because its resources are centrally deployed, there is a certain advantage in managing and deploying security policies, much easier than in the past.

But the private cloud is also an additional risk due to the specificity of its architecture. How to protect the security of centralized data in a private cloud is a problem. For "thieves" who want to illegally acquire corporate data, centralized data storage allows the entire data to be captured as long as it is compromised, and centralized data storage enables enterprise system administrators to have extraordinary privileges, and administrators can easily retrieve and obtain any data they want, if they wish.

What is more, there are already some leading domestic and foreign manufacturers dedicated to this area of the solution. Such products are encrypted storage (and encryption algorithms can be replaced by Third-party algorithms), encrypted transmission--ensuring data security in stored procedures, multilevel authorization authentication--prevents system administrators from obtaining all data, log audits--recording all login, operation logs, The centralized storage of information data for a full range of encryption protection.

Such solutions also need to take into account the overall system performance and stability requirements in the cloud environment during deployment. It is generally possible to support scale out (scale-out) expansion patterns at least, and to exhibit stable performance curves in high concurrency environments.

Compared with the traditional chimney-type architecture, the virtual computing resources in the private cloud also face a greater security risk. In the traditional IT architecture, a server or cluster will only run a limited number of systems, in other words, even if the entire server or the entire cluster outage at the same time, the impact is a limited number of applications, and the enterprise IT system of other applications can still operate normally. But in the cloud environment is completely different, a server's physical failure may cause its many applications to load the failover, and if the corresponding migration strategy problems, causing "brain division" phenomenon, it is very easy to greatly affect the whole cloud environment application.

In the cloud environment, generally from the following aspects of cloud computing environment in the virtual machine security issues:

Security policies for each virtual host

Running a virtual security gateway in a virtual infrastructure

Enhanced traffic monitoring for illegal and malicious virtual machines

Cloud environment migration requires a long process

From the above we can conclude that cloud environmental migration requires a long process. To rank the entire IT system and business environment, consider whether to adopt a private cloud, a mixed cloud, or a public cloud, both in terms of importance and availability. And by deploying security policies to ensure security on both the host and the data side, this security level requires far more than traditional it architectures. For users, the idea of wanting to deploy some sort of system and then see a new, cloud-based IT environment the next day is no different.

At the same time, whether using a public cloud, a private cloud, or a hybrid cloud deployment. How to unify the monitoring of computing, storage and security policies, and to manage all kinds of resources through flexible scheduling method can greatly reduce the risk of migrating to cloud environment. At present, some domestic and foreign front-line manufacturers have begun to provide this unified user interface.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.