This May, Microsoft published a white paper about Microsoft's approach to cloud computing services and how Microsoft plans to secure these services. The white paper, written by Microsoft's Global Fund Services (GFS) department, which oversees the company's software services infrastructure, is a clear illustration of the dangers currently facing online services, including growing interdependence between customers and the companies they serve, and increasingly sophisticated attacks on Internet services.
Microsoft argues that the security method created by Microsoft's Trusted Computing program, introduced in 2002, will do just as well after some modifications to ensure the security of online services.
"If I adopt the traditional security principles, there will be no change in principles and methods," said Charlie McNerney, general manager of Microsoft's GFS division business and risk management. What has been enlarged is the number of controls we use.
McNerney and other cloud-computing providers have talked about their views in recent interviews for Microsoft's approach to securing cloud computing services and providing data centers for cloud computing. The five lessons they've talked about about the cloud computing that Microsoft is proposing to absorb are:
1. Discuss risk issues with customers. Many users are concerned about the security of cloud computing services. This question is worth worrying about. McNerney says it is an important conversation to identify who is responsible for the security of user data. When a problem arises, it should be clear how the failure and which party should assume responsibility in this environment. This is the biggest problem that large enterprises want to talk about.
But Microsoft has found that security is not just a concern for their biggest customers. Websites and emails are important to businesses of any size and must be protected.
' I didn't find anyone who could be trusted, ' said McNerney. The little people who run a business website will be as concerned about security as the big shots.
2. Pay attention to compliance. To ease customers ' concerns, Microsoft has spent a lot of time organizing the necessary controls to meet compliance requirements.
McNerney says Microsoft has reduced 26 different types of audits, reduced them to a list of 200 necessary controls and mapped them to Microsoft's data center environment and services. Standardization means that Microsoft does not have to have every client or auditor visit Microsoft's data center.
Large business customers understand these controls, but how many companies can I allow to get into the data center? If you think about how to do this, I have no way to get these customers into our facility.
Microsoft's alternative is to have a compliance framework that allows auditors to subscribe to a test menu and get the test results. Each company will understand these tests and results. There are opportunities and challenges.
3. Better standards are needed. To better serve customers, large cloud computing providers need to collaborate to achieve standardization of their platforms.
McNerney says Amazon has a point. Yahoo has a point. Google has a point. But all our methods are still different. The next step is that we have to work together to propose a framework. We will have to use this framework to make it a very efficient thing on the web.
For example, these companies need to agree on ways to handle common IDs. These standards do not yet address the problem of unified identity identification on the Internet.
Customers will expect cloud computing services to be a mutually compatible environment for them.
4. There is no significant difference between privacy and security. As Microsoft uses cloud computing in its services and computing centers, the distinction between security and privacy is almost gone, McNerney said.
The result, says McNerney, is that companies develop their own tools for managing security and privacy. There is no big difference between security and privacy ideas.
Most people approach security issues in one way and deal with privacy issues in another way. In cloud computing, both methods are mixed together.
5. Don't talk broadly about cloud computing security. Zscaler chief executive Jay Chaudhry, the Web security Service provider, says Microsoft will have a new set of considerations as the Windows Azure platform launches this fall.
Chaudhry argues that security considerations for each cloud computing service are different. While services such as Office applications, e-mail services, and access to databases may be well upgraded, other services, such as Exchange servers, require a lot of customized settings, which are difficult to secure.
Chaudhry says companies should look at specific aspects and address these issues appropriately. In the entire cloud computing world, nothing can be done alone. Database services, storage services, and security vulnerability assessment services have different security considerations. The same is true for the upcoming Azure platform service.
One of the most important changes in the development of the Internet in the future is the gradual shift of the personal computer architecture to cloud computing.
Cloud computing represents Google's consistent view that the use of computers is shifting from a PC-desktop system-centric to a network-centric one. In the past we put everything in the computer, the computer lost, all the information lost, and in this new network-centric model, this situation no longer occurs, because all services and applications are delivered through the wire. It's like putting all your data into a bank, the bank saves you money and offers an ATM, and you don't have to carry all your money. In this case, even if the phone is replaced, the contact's number will not be lost because it is already on the web-through the Internet, people can always get all the information on whatever terminal.
The allure of this model is that the state grid can carry loads that are unmatched by generators. Now, computer users use their own computer computing, research units using their own number of servers to calculate, but once they access Google's "cloud computing" center, they can be Google's thousands of servers in the database computing capacity to get the results they want, on the one hand, reduce costs, on the other hand improve performance.
In my opinion, the idea that Google is just a search engine company is outdated, and Google's goal is to replace a personal PC or enterprise data center to become a global computer. And to become a global computer, depends on the cloud computing, "simple but very strong" concept. As one of the driving factors in cloud computing, Google's investment or work is related to cloud computing.