Research on theory and countermeasure of cloud computing information security in China

Source: Internet
Author: User
Keywords Cloud computing information security cloud computing information security
Tags .mall access application based business change client cloud

1. Cloud computing Information Resource management model

1.1 origin, definition and characteristics of cloud computing

The idea of "cloud computing" has been around for a long time, as early as 1961 by John McCathy, a computer expert at MIT, McCarthy that computers will eventually become a global public resource. In 2006, Google formally put forward the "cloud" (Cloud Computing) terminology, and to the University of Washington to provide 40 PCs to form a small cloud, opened the cloud computing research and practice prologue. Subsequently, Amazon, Yahoo, Microsoft, IBM and other international well-known IT companies have joined the cloud computing research and promotion, cloud computing rapidly from a technical concept into a technological revolution, opened a new IT business "blue sea." Currently, the definition of the relative authority of cloud computing comes from the National Institute of Standards and Technology (NIST), the cloud is a model in which users can easily access a shared pool of configurable computing resources (such as networks, servers, storage, applications, and services) on demand over the network. At the same time to achieve management costs or service provider intervention to minimize. By definition, cloud computing will include the following five major features:

(1) on-demand self-service (On-demand self-service). Users are able to get the computing, storage, or application capabilities they need directly, without having to interact with the service provider for complex interactions.

(2) Extensive network access (broad receptacle access). Clients can access the network through various types of terminal platforms, such as laptops, mobile phones, PDAs, etc.

(3) resource sharing (resource pooling). Computer resources are concentrated to provide services to multiple customers, dynamically allocating or redistributing different physical and virtual resources according to customer needs.

(4) Scalability (rapid elasticity). The services provided by cloud computing are characterized by automatic, rapid expansion and contraction. For customers, this service is unlimited, flexible and dynamic. Thus, the fixed resource allocation mode in traditional mode is changed to maximize the efficiency of resource allocation.

(5) measurable (measured service). Scalability is one of the basic requirements of public resource service. The services provided by cloud computing are measurable, with clear pricing and billing policies, automatic control and reporting through services to achieve transparency in the use of resources.

1.2 The change of national information resource management mode under cloud computing

As a new mode of Internet application, cloud computing is changing traditional Internet application mode, from a desktop system-centric model to a network-centric model. It will not only change the way of information production, communication and development, but also gradually change the way of information control in the country, and then promote the reconstruction and flow of global power resources. The specific performance is:

New features of national information resource management in cloud computing environment:

(1) Enrichment of information content. Cloud computing minimizes the use cost and application threshold of network information resources, releases the potential of users to create and disseminate information content, and promotes the continuous enrichment of information resources in the whole society and the continuous expansion of information resource management objects.

(2) Aggregation of information organization. Cloud computing makes the heterogeneous information resources dispersed in different regions, systems and platforms to a small number of cloud computing service providers, which provides a possibility for the integrated application and deep development of massive information resources.

(3) The fuzziness of information environment. The network and virtualization technology of cloud computing has broken through the traditional mode of State, organization and region as the management boundary, and the users need not understand the storage location and running environment of information resources, and the information resource management environment under cloud computing presents the trend of "black-box" and "blur".

(4) Personalization of information development. Cloud computing "on-demand service" characteristics make information development must be user-centric, through the deep excavation of user needs and characteristics, providing users of various types of information services products, cloud computing environment, information development more personalized and interactive.

(5) Seamless information dissemination. Cloud computing with customization and push as the main characteristics of the information dissemination model, reducing the intermediary link of information dissemination, realize seamless docking of information and users, greatly improve the whole society information dissemination accuracy and real-time, give full play to the efficiency and effectiveness of information dissemination.

To sum up, the pervasive application of cloud computing will significantly improve the capacity of countries to produce and exchange information, and promote the expansion and blending of global information space, which will also create a new information security problem.

2. Cloud computing information Security development trend

2.1 The positive effects of cloud computing information security

The essence of information security is to protect information resources in information system or network from various types of threats, interference and destruction, to ensure the confidentiality of information, integrity, availability and other security attributes. The emergence of cloud computing technology brings opportunities and challenges to information security. The effect and mechanism of cloud computing on the positive effect of information security are as follows:

(1) Cloud computing can provide low-cost security

For individuals or small and medium-sized enterprises, the level of information security is often subject to information security of the cost of investment. The cloud computing service provider uses the specialized security strategy and the product safeguard massive user's information resources, may give full play to the scale superiority, reduces the user's security cost greatly, saves the whole society information security safeguard cost.

(2) cloud computing to promote the standardization of client security management

Cloud computing providers can develop various information security standardization services based on different business needs and information asset importance, including the standardization of security management. The weakening of client function can be more targeted to the implementation of client security management standards, improve client security control effect.

(3) Cloud computing information centralized storage to enhance the level of security monitoring

By storing in one or several data centers, the managers of the data center can manage the data uniformly, and deep people will excavate the variation process of the information content and define the content orientation of the information accurately. For example, you can dramatically increase the response of a security company to a new virus, while at the same time distributing patches or security policies to each branch node.

2.2 Negative effects of cloud computing information security

Everything has positive and negative two aspects, in recognition of cloud computing for information security brings positive effects, but also should pay attention to the threat of information security, especially because of the high concentration of information resources brought about by the security double-edged sword effect, the specific performance:

(1) The risk effect of information security is magnified unprecedentedly. As the computing resources such as information resources, infrastructure and service software are clustered to cloud computing service providers, information security presents the tendency of less threatening target but risk aggregation, the system fault will bring the polarization effect of information security and put forward higher requirements for the security of cloud computing service providers.

(2) The threat of information security appears to be becoming more and more recessive. Cloud computing causes the separation of information ownership and control, cloud computing makes people gradually lose control of their own information and the right to know, user information confidentiality, etc. facing the "black box effect" of the cloud computing, the application of law to a wide range of information management scenarios put forward new challenges.

(3) The state control of information security is weakened. The universality and diversification of information sources weaken the state's control over information and citizen's individual behavior. In addition, Cross-border cloud computing service providers support the Cross-border flow of information, enabling users to use multiple terminals in any location to obtain application services, increasing the overall national information security risks.

(4) The jurisdictional boundaries of administrative law are challenged. The flow of information in cloud computing is global, and each country has its own legal and regulatory requirements, and cloud service providers are clearly unable to match the regulations of all the countries involved, resulting in a new security risk arising from the value-oriented and targeted conflict of information security.

2.3 Cloud computing information security and national security

Information is an important resource and security element to maintain social activities, economic activity and productive activities, and the connotation of national security in the information age has changed greatly. Because of this, in the "Resolution on strengthening the ruling ability of the party" in the 16 session of the four-part plenary, information security has been one of the four major themes of political, economic and cultural security, and at this level, cloud computing information security not only involves individuals and enterprises, but also expands to the national security level.

(1) The impact of cloud computing information security on national political security.

In the network age, the scope of national sovereignty is extended from land, sea and space to cyberspace, and "information sovereignty" becomes an important content in the concept of national sovereignty, and its exercising ability is an important embodiment of the independence and integrity of a country's sovereignty. "Information sovereignty" is also an important field of national sovereignty struggle, especially the rise of cloud computing technology and organization mode, which brings great opportunity and challenge to the global game and balance management of "information sovereignty". At present, the developed countries, led by the United States, have been increasing the construction of cloud computing platform, and the control of cloud computing talents, technology, standards and information resources is more and more strong, "technology potential difference" and the resulting "information potential difference" may further aggravate. This development trend may lead to new international public political relations, and the political security in the information low potential countries will face the real threat from the cloud computing information power.

(2) The impact of cloud computing information security on national economic security.

In the context of economic globalization, the flow of information is no longer a simple transmission, it guides the capital, the market, determines the transaction. Cloud computing environment, along with the massive, discrete information into the cloud computing resource sharing pool, information because of aggregation and produce huge commercial value, when reaching a certain scale is bound to become a national economic security important guarantee object. Disclosure or runaway of important economic information will greatly threaten the normal operation of enterprises and national economy. The development of cloud computing will bring about a new round of global industry competition and integration, which poses a serious challenge to the security of information technology and related industries in China.

(3) The impact of cloud computing information security on national cultural security.

The network information spreads to the populace's psychology and the will influence is increasingly important. As President Hu Jintao pointed out, "the Internet has become the distribution center of ideological and cultural information and social media amplifier, we must fully understand the Internet as the representative of the social impact of emerging media." With the development of cloud computing, the boundary of country, organization, domain and virtual community is further blurred, the traditional closed and restrictive measures are difficult to carry out effective information flow control in cloud environment, enlarge the trans-boundary penetrating force and influence of global thought, and accelerate the spread and fusion of culture among nations. The information powerful country makes the information management rule, manipulates the information flow and the distribution, may cause the ideological and cultural exchange to lose the reciprocity and the interaction, thus forms the one-way cultural product inculcation and the cultural consciousness infiltration, will from the deep influence and the change pluralistic thought culture and the value guidance pattern, The national cultural security front, which is in the midst of technological and communication vulnerabilities, faces shocks.

3. Overseas cloud computing industry layout and information security planning

3.1 US cloud computing industry layout and information security plan

The United States is the "cloud computing" technology and application of the main catalyst, its cloud computing environment in the information security through industrial control and security, and so can be realized, and has a significant expansion characteristics. Specifically, first of all, with the help of government, enterprises and scientific research organizations, the United States is fully guided and promoted the layout of cloud computing industry. As early as 2003, the National Science Foundation invested $8.3 million in support of the "grid Virtualization and Cloud computing" project proposed by seven of the top institutions, and then applied cloud computing technology to key national institutions and cutting-edge industries such as NASA. In the 2006, Amazon introduced a simple storage service (S3) and a flexible Computing cloud (EC2), the industrialization of cloud computing services began to mature. In the 2008, IBM also formally launched the "Blue Cloud" program, the introduction of public and private cloud concept, and then released a cloud based collaboration platform. At the same time, companies such as IBM began to aggressively expand overseas markets, only in the Chinese market has invested in the establishment of the Wuxi Cloud Computing Center, the Yellow River Delta Cloud Computing Center, the Railway Innovation Center, such as cloud computing platform.

On the other hand, while strengthening the global layout of cloud computing, the United States is also increasing the strategic level of network information resource guarantee. On May 29, 2010, Obama unveiled a report called Cyber-space policy assessment-guaranteeing credible and robust information and communication infrastructure, stressing that America's economic boom in the 21st century will depend on cyberspace security. May 16, 2011, the United States Department of Justice, Department of Homeland Security and other six departments in the White House released the International Strategy of cyberspace. Ensuring the control and protection of cloud computing information resources is a central interest in the above information security strategy, and it even points out that the United States will use military means to fight back if cyberspace is seriously compromised.

3.2 EU countries ' cloud computing industry layout and information security planning

In recognition of the significant impact of cloud computing on global industrial development and information security, European Union countries are speeding up the layout of cloud computing industry and security. Maintaining independent development and strengthening safety norms is the main feature of EU countries. German investment, for example, remained at the forefront of 4g/lte and cloud computing research, and in January 2011 set up Europe's largest cloud computing center in Magdeburg, Germany, and launched a technology program for cloud computing via satellite.

At the same time, the European Network and Information Security Agency (ENISA) has actively developed a "cloud computing risk Assessment" specification, the agency's report, "cloud computing: Benefits, risks, and information security recommendations," makes clear that data security in the public cloud faces huge challenges, suggesting that users not be advised to put the most sensitive or core data on the cloud. In addition, due to the strict standards of user privacy protection in EU countries, the EU proposes the digital agenda plan for the Protection of information security in cloud computing environment, which stipulates the deletion time of the economic information in the pool of human resources. Germany's stricter rules: all cloud data must be kept in German territory. In order to restrain the immoral behavior of cloud companies and steal the business secrets of enterprises, EU Member States adopt legislative procedures to ensure the safety of economic information. In addition, in response to the US's expansionary cloud-computing strategy, the European Union began to study the blocking of cloud services provided by US companies in the European market because the European Union found that the United States could apply its patriotic act to all cloud computing services in Europe. Under the Patriot Act, U.S. companies that provide cloud computing services need to submit data from European users to relevant U.S. departments in certain circumstances. The European Union is already talking about banning U.S. companies from providing cloud computing services in Europe in an effort to force the US to adjust its regulations.

3.3 Japan, Korea, India and other countries of the cloud computing industry layout

The development of cloud computing industry in Japan emphasizes the mutual win of economic effect and social effect. August 16, 2010, the Japanese Ministry of Economy and Industry released the "cloud Computing and Japan Competitiveness Research" report, proposed to improve infrastructure, improve the system and encourage innovation and other three aspects of cloud computing development, and actively encourage in the medical, education, electricity and other areas of the full use of cloud computing technology, At the same time, it is necessary to perfect the rules and regulations of information use and dissemination on the basis of fully considering the anonymity of personal information and information security.

South Korea in December 2009 set up the "comprehensive Cloud recovery Plan", proposed 2014 years ago to become the world's top cloud computing power, the plan proposed through public sector investment and government-enterprise cooperation, such as the Korean cloud computing market Scale to expand to the current level of four times times, And to increase the share of the world market to 10%.

India has listed the cloud computing industry as one of its key development strategies for the next five years. The Indian government announced in March 2010 that it would build the world's first e-government system to provide public access to cloud computing technology. In addition, the Indian government actively through the "Government Cloud Computing Forum" to promote the development of cloud computing industry. Because India's infrastructure is not complete, its cloud computing market is still in the early stages of development, but the development of cloud computing in India has shown a good development trend, the individual, home users to small and medium-sized enterprises will become the main driving force of cloud computing market growth. But with security, reliability and other factors, most large enterprises in a short period of time remain conservative attitude to cloud computing.

To sum up, global countries around the development of cloud computing and security planning layout. America's "Expansionary" information security strategy, emphasizing the safeguarding and safeguarding of national security and interests through the "expansion of information territory" to the whole world, and the EU's "clustering" information security strategy, emphasizing that "all members coordinate and jointly safeguard the information security of the whole and members", Japan, Korea, India and other information technology powers to nurture their own cloud computing industry, and actively expand abroad.

4. China's cloud computing industry development and information security countermeasures

4.1 The current situation of industry development of cloud computing industry in China

At the beginning of 2008, China accelerated the pace of cloud computing development. Some provinces and cities and large enterprises have voted for the development of cloud computing industry. 2008, China's first "commercial cloud computing Center" settled in Wuxi, 2010 Beijing launched the Cloud computing "Xiangyun project." October 2010, NDRC and Ministry of Industry Research determined: Beijing, Shanghai, Shenzhen, Hangzhou, Wuxi for cloud computing pilot provinces and cities, pointed out that the development of pilot demonstration should be combined with regional industrial development advantages, combined with the construction of national innovative cities, and the existing data centers and other resources integration, based on the national planning layout, The development of Cloud Computing Center (platform) has further clarified the overall thinking and strategic layout of the National cloud computing. At the end of 2010, Shanghai launched the "Shanghai to promote the cloud computing Industry Development Action Plan (2010 a 2012)", to determine the key development of six major projects, and strive for three years to achieve the cloud industry base value of 5 billion yuan, the initial formation of influential cloud computing industry embryonic. However, overall, the domestic cloud computing industry is still mainly in the construction of infrastructure platform, in the public cloud computing operations (including the application of software deployment, on-demand pricing model, etc.) in the exploratory phase, and around the security of cloud computing in the national strategy, laws and regulations, technical standards and other aspects of research and practice is still very scarce, In the long run, we will restrict the healthy development of cloud computing industry.

Discussion on the countermeasures of Cloud computing information security in China 4.2

At present, the development and popularization of cloud computing industry in China is facing the overall layout stage, in order to occupy the commanding heights and safeguard national security in the new round of competition, the overall goal of cloud computing security in our country should be to actively participate in the construction of global cloud computing standards, technologies and platforms, to gain control over all aspects of cloud computing industry chain, and to cultivate domestic scale and The specialized information service provider, establishes the independent controllable national information security system. Specific paths include:

(1) Research and formulate the cloud computing security strategy at the national level, guide the Government Planning and industrial development, formulate the cloud computing information security plan in line with the international rules and have Chinese characteristics, and establish and perfect the comprehensive security system of information security risk early warning, precaution and emergency.

(2) to advance the construction of the legal norm of cloud computing information security as soon as possible. The first is to study and formulate countries, business organizations and individuals of the core data cloud management standards, to solve the cloud computing model of intellectual property rights, user privacy protection, business confidential information, such as a series of legal return; second, the establishment of the cloud computing service platform and the acceptance code of Operation service software, establish the Cloud Service Qualification license system, The establishment of cloud computing products technology quasi-human system; Thirdly, for the introduction and construction of cloud computing information system involving national politics, economy, national defense and social public security, we should establish administrative audit mechanism and guide the products and technology of independent brand.

(3) Improve technology core competitiveness, support and nurture the key technology of cloud computing of independent intellectual property, research and application of equipment. At present, because of the monopoly of the core technology by foreign enterprises, few domestic enterprises carry on the development of the basic technology such as operating system, chip and bottom hardware, and focus on the construction and application of cloud computing. Therefore, we should strive to cloud computing the entire industrial chain of technology autonomy, to gain control of the cloud computing platform, otherwise China's information security and even national security may be long-term controlled.

(4) Strengthen and perfect our country cloud computing information Security standard system construction. One is to actively study the domestic cloud computing application and standardization of demand, solve the cloud computing planning and design, system construction, service operation and quality assurance and other aspects of the problem; Secondly, the standardization work needs the joint participation of all parties in the industrial chain, including government, industry associations, experts and scholars, third party research institutions, Cloud computing related hardware and software and service providers, as well as end-users; Thirdly, we should actively participate in the standardization work of ISO/IEC JTC1 SC38 and SC7, and revise and perfect the standard in the practice of communication with international standards and industry development, and guide the orderly construction and operation of the industry with standard.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.