Public cloud Security: the first priority of landing

Public cloud, a hot word, a controversial technology, an immature market. These three seemingly contradictory status quo, originated in Google's efforts in the field of technology, began in the market for Amazon to open up, presented in the competition among major manufacturers.

As a model of providing free or low-cost information services via the Internet, the public cloud has sparked controversy from the outset. On each of its technical details, business operations and market prospects, the different positions of the parties, resulting in their judgments is also "the public said the public right, the woman said the woman rational", but the core issue, or around the "price" and "security" to unfold.

Public cloud: Price or security, who is the first?

For a new technology, landing is always the only way to achieve value, the public cloud is no exception. In the process of market advancement, with the increase of the competition role, the game between the various parties also goes into depth. In the field of public cloud, the escalating price war is just the appearance of market competition. This hidden business problems and market mentality, is the focus of attention.

In China, the price war between the public cloud service providers is in full swing, the services of Amazon, Google, IBM, Ali and other cloud services giants are becoming more active than before, but businesses seem to have generally failed to grasp the core issues.

For a product or service, the price only represents the reduction of user costs, and does not touch the core demands of user needs. Security is more fundamental than price. Security represents the future risk of product inclusion, is the biggest prerequisite for public cloud service providers to enter the market. There is a point of view, the public cloud between the price and security of the relationship between the two, low prices often lead to low quality, low quality will inevitably lead to frequent failures, fault frequency eventually lead to safety without, become the biggest problem of public cloud development.

For customers and users of public cloud, the security of data is always the most important measure in their mind. In the past, only stored in their own computers, see the touch of things, now through the public way, in the cloud to implement operations, who will consider whether the security of this issue. In the era of no cloud, PC data security problems caused by privacy, property loss incidents have been common, all kinds of "door" events left a scar on my heart, become indelible stereotypes of memory.

After the emergence of public cloud services, the market acceptance is not high, the long-term development of the industry also encountered obstacles, enterprise customers or end users are most concerned that the cloud service providers constantly, "no moral" to reduce prices, whether it also protects the safety of wind control? If not, will it bury a "time bomb"? Visible, Even in the era of technology evolution to the cloud, security issues have not been fully, pass, standardized solution, "security" has become the public cloud has not been universally recognized as the primary obstacle.

Public Cloud Security: Is it a problem?

When it comes to the security of the public cloud, the support side often sets the groundwork for the product propaganda, from the technical strength contrast, obtains the public cloud actually more safe conclusion, this includes the representative which provides the public cloud service enterprise, pushes the public cloud development the industry department and so on.

They generally say that the public cloud is often provided by large enterprises with technical strength they provide a reliable and secure data center, and the individual's level of security is not comparable to the fact that you keep money in a bank that is more secure than your own pocket, allowing more professional people to help you implement data storage or processing, Will have a higher safety factor. Eran Feigenbaum, head of Google's public cloud project Gae, has said that "the public cloud is now safe enough for companies to use it to keep data, without feeling that they are taking on some risk." ”

In this respect, the opposing party disagrees. They worry about the use of the way, based on business scenarios, the security of the public cloud has yet to be strengthened conclusions, the main representatives of the personal end users, the use of public cloud services enterprises, some industry experts.

Opposing point of view is that the public cloud is still no standard, the situation is common, many security loopholes did not cause the attention of the industry level, data theft risk is still large, users or enterprises can not put a large number of data into the public cloud.

Comparing the above two main viewpoints, we can find that the acceptance of public cloud at the whole market level remains to be discussed. The cause of this situation is mainly focused on security, to move the highway, need to clear the public cloud security issues.

Five issues of public cloud security

The security problem of public cloud, which follows the gene of Internet security, has the personality characteristic of the business level. Currently, the main focus is on the following five areas:

--Data problems usually, the higher the value of data, the stronger the sensitivity, the higher the openness, the higher the value of the data for the public cloud, the higher the data sensitivity of the business level, the greater the demand for safety and compliance of the enterprise customers.

But from the current technology level, there is no adequate way to ensure the security of data, although Amazon, Google, Microsoft, Huawei, Ali and other domestic and foreign cloud service manufacturers also according to their own customer needs, carried out some targeted exploration, but did not form a unified data protection and encryption mechanism.

--protection problems at present, the provider of cloud services, often in the security of the lack of direct control module, for possible attacks, part of the form of outsourcing to the third party to provide basic protection, resulting in the cloud protection function is not completely controllable. Security protection work is not an "either-or" problem, but a trade-off between benefits and quality.

Standard problem in the public cloud of a variety of products, and there is no interoperability of a standardized protocol, vendors are only with their respective partners for internal development. Once the demand changes, data migration, unexpected events and other conditions, the user's business interface will appear fault, triggering a chain reaction.

Transparency issues public cloud service providers often claim that their services are comprehensive, how advanced technology, process design how science, but the superficial rhetoric does not solve the customer's heart concerns. For commercial reasons, the service providers generally avoid their own short board, such as platform migration, disaster preparedness, business continuity and so on. The opacity of the public cloud business system has become a barrier to further development of the market.

--rule issues in the user's business, document, data generation process, because the industry has not yet refined the relevant responsibility of the legal text, just to sell fixed information products to determine the power and responsibility, based on the user's specific business operation process of security responsibilities, not too much elaborated, to provide the service provider to circumvent the opportunity. In view of this, it has been suggested that cloud providers should provide customers with some kind of certificate to prove that their cloud has met the legal and regulatory requirements for safe data preservation.

In the face of the above problems, in China's public cloud market, providing cloud services to enterprises, whether it is operator-led, the internet giants to build, some of the original IDC operators to improve, or multinational companies introduced from abroad, have been unable to come to a universal security solution. To this end, public cloud enterprise customers and end users, industry research experts have made a call to solve these problems.

It is noteworthy that in order to enhance the security and controllability of information technology products. Information security has now risen to the national strategic level, as the brain of the Internet, the importance of public cloud security is also related to national security. In such a large environment, whether it is to enhance the public cloud service security level, to carry out more assured landing promotion, or to promote the healthy development of the industry, will appear a rare opportunity to jump.

Summary

Looking to the future of the public cloud, we need to have the standard norms, the need for access mechanisms, the need for top-level promotion, but the aspects involved, can not only be a simple technical integration, but also more importantly, the quality of service, market rules of refinement. In any case, security issues as the public cloud market must address the first priority, need to get attention first.