Prospect analysis of cloud computing industry in China in 2014

In the 2013, the scale of cloud computing in China is expanding, the annual growth rate is far beyond the international level, the innovation ability is significantly enhanced and the construction speed of industrial chain is accelerated. 2014 China's cloud computing will be from the development stage into a rapid growth stage, the new industrial pattern will be formed.

Cloud computing can use virtual machines to do business centralized management, so most companies choose cloud computing in the original intention is to save operating costs. While the cloud is developing, the security environment around it is constantly changing. This security focus for the cloud has shifted from the original endpoint security to the delivered application, data, and user experience. This requires us to enjoy the information provided by the cloud integrity, open, good user experience and other advantages, but also to ensure data security. Without security, the value of cloud applications is not only greatly compromised, but it can lead to disaster.

Cloud computing depends on the elimination of data security risks, so how to let cloud computing or cloud technology away from the hidden dangers of data security, to deal with a variety of complex environment must establish a systematic and effective protection system.

Data protection is the core

People's concerns about information security are often considered in terms of equipment and links, as well as protection and interdiction. In fact, the content or the data itself security protection is the core. This is especially true in cloud computing environments, where security can be truly achieved by securing the data itself.

Basic control is the key

Nearly 60 security base controls that protect the most important assets are key to all information security, including the cloud environment. must be validated to ensure that cloud technology complies with security controls for your system, business, and operations.

Security responsibilities should be clarified

Many users will think that the cloud service provider should be responsible for the data, while the supplier is apt to blame the customer's own measures are not effective. According to the survey, more than One-third of customers still expect their software, the service provider, to secure applications and data. In fact, means are important, how to effectively use the means is equally important. Only the supply and demand of both sides to assume their own responsibility for the security is an unassailable fundamental guarantee.

Evaluation must be done well

When migrating from the traditional internet to the cloud, the benefits of sharing and reducing costs also face a more complex ecological environment. Security vulnerabilities must be evaluated to ensure that all controls are in place and functioning properly. At the same time, research needs to be done before the cloud service provider is selected, and the service provider is required to disseminate the capabilities of the same type of control as physical security, logical security, encryption, change management and business continuity, and disaster recovery.

Encryption should be more common

The encryption here is not just terminal to terminal encryption, but also includes the ability to encrypt data within the enterprise before it is transferred to the cloud. Cloud vendors need to develop powerful cryptographic solutions that allow businesses to secure their data.

Anomaly detection should be as early as possible

Even confidentiality is not helpful if an attacker acquires account information. Therefore, cloud vendors must deploy good anomaly detection systems and share their information and audit records with customers. Using different tools to ensure that cloud vendors meet customer needs is a tiered approach.

Building a log is more important

It is important to maintain an audit of the management access log, that is, a certain amount of log information can be offered to all enterprises that need to be tracked for various analyses. But most small cloud services do not provide this information.

Risk control is planned

A formal risk mitigation plan, including risk documentation, response to these risks, education and training, should be developed. It is also important to look at flexible requirements to develop an elastic plan that, if you want to recover quickly in the event of a disaster or attack, be careful to ensure that the workload recovers at any time and minimizes the impact of business continuity.

Good use of security services

Independent security services consulting, trusteeship and other types of service providers have gradually developed, the use of these specialized institutions or service providers, the implementation of long-term protection and even proactive monitoring and protection, both to reduce their own pressure and fixed costs, but also more proactive.

Mixed mode is quite effective

With the provision of a mixed security service model, the cloud services and out-of-the-way services are mixed together, a variety of models at the same time, to help reduce stress, on the other hand, the combination of increased protection variables, so that protection more effective.

Cloud security is not a short-term problem, cloud computing want to continue and long-term development, data security issues must not be overlooked, the data source of security protection is the most important. Therefore, it is an effective choice to use the cloud technology to protect the core data with the specific and flexible encryption technology.