What is
cloud security
Cloud security refers to the general term for security software, hardware, users, institutions, and security cloud platforms based on cloud computing business model applications. Cloud Security monitors the behavior of software in the network through a large number of mesh clients, obtains the latest information about Trojan horses and malicious programs in the Internet, and sends it to the Server side for automatic analysis and processing, and then distributes the virus and Trojan horse solutions to Every client.
The emergence and principle of
cloud security
Before the popularization of the Internet, computer security problems were basically limited to the stand-alone category. Traditional security vendors also mainly made stand-alone anti-virus software. The method to deal with viruses was to rely on the "antivirus engine + signature" "after-the-fact" model. The method currently used in the anti-virus industry is: after a virus is found, the engineer of the anti-virus company analyzes the virus sample, and then uploads the virus code for the sample to the virus database, and the user obtains antivirus by regularly or manually updating the virus database. Software upgrade protection. However, with this traditional antivirus method, it is troublesome to update the virus code. It also consumes memory and bandwidth for users to upgrade antivirus software every day. Many people are disgusted with this. In addition, a large number of virus variants are being developed day by day, making standard sample collection, signature creation and deployment no longer fully functional.
In addition, one of the biggest problems facing the continued use of the signature protection mechanism is that there is a time difference in protection. Generally speaking, it usually takes 24 to 72 hours from the appearance of a virus to the identification, analysis, and addition of the virus signature library to the final transmission to the user's computer. While individual users and institutional users are waiting to update the virus database, their terminal computers will be exposed to security threats and will be vulnerable to attacks.
The virus was originally designed to spread as quickly as possible, so it is easy to find. With the emergence of cyber threats, malware has evolved from an outbreak mode to a covert "sleeping" infection, making traditional protection techniques more difficult to detect. For small-scale, specific spreading viruses (this is the latest trend in the development of computer viruses), anti-virus software companies may not obtain virus samples, so they cannot provide feature codes. Then, for these viruses, anti-virus software cannot detect them. Even if the anti-virus software company provides feature codes, it is after the virus has spread for a period of time, during which time users are not protected.
From the perspective of security defense agencies, if they still follow the previous anti-virus model, security agencies rely on their own deployment of a limited area and a limited number of malware collection capabilities, and cannot before a small-scale outbreak of malware becomes a large-scale destruction. Collect, analyze, and propose processing measures in a timely manner, so as to lag far behind the attackers. The network collaboration model based on "cloud security" can turn every client computer into a security agency's intelligent malware monitoring station, using its active defense technology to detect and submit "suspicious malware" in a timely manner, thus forming a global network With the huge malware monitoring network in various fields, the total amount of security information and response speed of security agencies have been greatly improved, so that the accuracy of solutions based on "signature comparison" or "behavior pattern analysis" can be greatly improved improve.
The security achieved by “cloud computing”, or “cloud security”, comes from its new computing model of “cloud network-thin client”. As shown in Figure 1, a large number of various computing resources are placed in the network, The capabilities of distributed processing, parallel processing, and grid computing are shared with customers through network interfaces. In terms of implementation, a huge server (ie "cloud") is responsible for large-scale centralized information collection, processing, calculation, storage, analysis, detection, and The monitoring work even directly blocks most of the flow of attacks in the cloud, and only allows the client to undertake the simple task of submitting "potential malware" and performing the final "cleanup, isolation or release". Client-side protection software will no longer need to be designed to be large and comprehensive, and will no longer occupy too many valuable computing and storage resources of the system. Of course, the use of network resources is a must. From the customer's point of view, this new method of "providing a strong backing" greatly simplifies the workload of the client, so that the original weak ordinary client bid farewell to the original weak situation of unequal security information, and will update the powerful intrusion detection in real time. And analysis capabilities are "pushed" to every client computer.
After introducing the "cloud computing" architecture, the anti-virus industry has truly changed from anti-virus to anti-virus. Put the virus code in the "cloud" of the server, the server cluster can automatically check and kill the virus code that enters the user terminal, so that the user terminal becomes very easy, no need to upgrade every day, and no longer need to take up memory due to antivirus software And bandwidth. It is not necessary to wait until the user is poisoned to solve the problem, it is important to prevent the problem. Anti-virus vendors such as Trend, Panda, Rising, and Symantec are currently deploying their own cloud computer architecture to form "cloud" server clusters ranging from hundreds to tens of thousands. In the future, users only need to install a certain anti-virus software that is connected to the "cloud". When surfing the Internet, the server will determine which web page behaviors are malicious, or even Trojan horse programs, based on the massive virus database already stored, and automatically User cleared.
So once a new virus appears, and the server "cloud" database does not have the virus code before, cloud computing no longer depends on the engineers of a certain company to work overtime to analyze, but based on dozens of preset items The measurement standard evaluates a new behavior of a web page. If a code behavior is found to be abnormal, the channel of feedback is immediately cut off, and the user terminal is not allowed to enter the user terminal.
The essence of
cloud security
People often compare cloud computing services to water supply services provided by water companies. It turns out that every family and unit digs wells and repairs water towers by themselves, and is responsible for water safety issues, such as avoiding pollution and preventing others from stealing water. From this analogy, we have a glimpse of the essence of cloud computing: cloud computing is just a change in service mode! It is a service mode to develop your own program to serve your unit and individual; to entrust a professional software company to develop software to meet its own needs Demand is also a way; to enjoy the services provided in the cloud anytime and anywhere, without caring about the location and implementation of the cloud, is by far the most advanced service method.
From this analogy, we can also see the essence of cloud security: Just like the tap water we use every day, what safety issues should we care about? First, we care about whether the water provided by the water company is safe, and the water company will inevitably promise water. Quality, and take corresponding measures to ensure the safety of water. Second, users themselves must improve the safety of water use. There are many types of tap water, including hot water for bathing, reclaimed water for cleaning, and drinking water. Water and so on. For example, if you can't drink the middle water, you need to boil the water before you use it, and you can't drink it directly. These safety issues are all solved by the user. Also, the third security issue about the cloud is that users worry that others will charge their water bills to their bills and worry that the water company will overcharge them.
Like tap water supply, the security issues of cloud computing can be roughly divided into the following aspects: First, cloud computing service providers, is their network safe, and is there anyone else breaking in to steal our account? Is the provided storage safe? Will it cause data leakage? These are issues that need to be solved by cloud computing service providers and promised to customers. Just as a water company must produce water in accordance with relevant national departmental regulations, the behavior and technology of service providers that restrict cloud computing must also require the country to issue corresponding regulations. In the second aspect, customers should also pay attention when using the services provided by cloud computing: balance the security of the cloud computing service provider and the security of their own data. Do not put too important data in the cloud, but hide it. In your own safe; or encrypt it and then put it in the cloud, only you can decrypt the data, and firmly hold the initiative of security in your own hands, without relying on the promises of service providers and their measures . In the third aspect, customers should keep their accounts well to prevent others from stealing your account to use services in the cloud and let you pay the bill.
It is not difficult to see that the technologies and services used in cloud computing can also be used by hackers to send spam or launch more advanced malicious program attacks such as downloads, data upload statistics, and malicious code monitoring. Therefore, the security technology of cloud computing is the same as traditional security technology: Cloud computing service providers need to use firewalls to ensure that they are not accessed illegally; use antivirus software to ensure that their internal machines are not infected; use intrusion detection and defense equipment to prevent hackers Intrusion; users use data encryption, file content filtering, etc. to prevent sensitive data from being stored in the relatively insecure cloud.
What is different from traditional security is that with the change of service methods, in the era of cloud computing, the deployment location of security equipment and security measures is different. The subject of security responsibility has changed. In the age of digging a well and drinking by yourself, the safety of water was the responsibility of yourself. In the era of tap water, the water company made a commitment to the safety of water. Customers only had to pay attention to safety issues during the use of water. Originally, users had to guarantee the security of the service themselves, but now the cloud computing service provider guarantees the security of the service.
