Mobile cloud computing and big data are facing serious security challenges

All kinds of innovative solutions, driven by mobile, cloud computing, social technology and large data applications, are in the ascendant, but another round of security risks cannot be overlooked. The emergence of these technologies satisfies our need for it innovation on the one hand, but it also becomes a hotbed for the development of new cyber threats.

Mobile Security Embattled

The potential threat posed by mobile computing originates mainly from the objective reality of "low security or Low security" in mobile communication itself. According to the agency, the software used in such systems is not sufficiently "mature" and is easily lost or stolen because of its "portability". In fact, the increasing popularity of mobile devices has also made this area the main target of hacking technology, which adds to the severity of the security problem from another side, the agency added.

The most common security threat now stems from hackers ' placement of malicious content in Web browsers and other mobile software, known as Web-hung horses. Hackers can automatically download malicious programs by not being detected by computer users, intent on infiltrating network defenses and stealing sensitive data, often called "sneak attacks."

Phishing attacks specifically targeted at web browsers have become the top network threat in the present. It is not surprising that attackers are starting to turn their targets to more secure browser plug-ins, such as Java (Java vulnerabilities have become the main cross-platform security threat), Adobe Reader, and Adobe Flash, and so on, The sneak download attack is almost invariably preceded by an impact on a legitimate Web site, which is then embedded in the site with malicious links and malicious code.

Increasingly serious threats may also affect all types of confidential information by means of data destruction, including the various types of data emitted by mobile communication channels. As mobile devices become an emerging platform for payments and banking operations, the security problems that have never been seen before are also raging.

Attackers may also have a wave of powerful shocks to the immature security-control mechanisms of social networking technology. In this case, one of the most noteworthy emerging threats is the "misuse" of information already available in the public domain by hackers, which would be an important means of stealing social-networking accounts, a social engineering attack often said by the security community.

Hackers will increasingly use "false authentication" to confuse users, "to obtain false trust in the trusted facilities component." Faced with this situation, all kinds of trusted business systems must deploy the "real-name authentication system" as soon as possible, otherwise it will be difficult to break the trap set by the attackers.

Collecting and storing all kinds of private sensitive data is good, but once there is a problem, the consequences will be incalculable.

The trusted facility component should be implemented at all levels of the information system, from the application layer to the network layer, the trusted facility itself is generally protected by strong encryption technology and key management mechanism, and the protection measures represented by authentication mechanism, secure communication protocol and public key component are the core reasons for users to trust the system.

The existence of a trusted infrastructure is critical to information security, which is based on a multi-tiered security system and facilitates the validation of partners or systems through the establishment of mutual trust authentication mechanisms (including trusted connections, trusted transactions, and electronic signatures)

Be cautious about cloud and large data

In cloud computing, due to the "centralized" nature of its data, the potential impact of a hacker successfully exploiting a vulnerability into a cloud system is extremely serious. Cyber criminals can also use cloud computing resources to achieve personal goals, such as storing malware in such systems as a base for launching attacks. It was not long ago that Muslim hackers, backed by Iranian government, pioneered DDoS attacks using servers as a source of attack, rewriting the history of DDoS in stages.

Large data is a collection of inevitability information brought about by the cross use of social technology, cloud computing, mobile computing and the Internet, as well as a new security risk.

The development and utilization of large data can affect the privacy of data, while malicious individuals may use large data to create new types of attacks and attack vectors.

There are a number of serious challenges that have emerged from the current large data security. Generally speaking, these challenges mainly include data protection, data access control and data filtering. Because of the huge amount of information brought by large data than the current security information and event management (referred to as Siem) products processing capacity, we do not have a good way to protect large data.

(Responsible editor: The good of the Legacy)