Since August 2006, when Google began to propose the concept of cloud computing (Cloud Computing), the concept of "cloud" has been hot for five years, has been popular in many areas, especially by the IT industry, the media and users of the hot. Whether software vendors, hardware manufacturers, mobile phone manufacturers or internet manufacturers are throwing their own "cloud computing" programs.
But it is often said that the advantages of "cloud", including access, on demand, at any time to expand, according to the advantages of the use of fees are repeatedly mentioned. But in the security, it is not so much, after all, in the industry, "usability" is much more important than security. And the safety of this thing, before the accident happened, is usually put in the final consideration.
Cloud computing services own security risks with the application of the deepening gradually exposed. John Pescatore, chief security analyst at Gartner Consulting, said the cloud computing approach did not initially consider security design. So, what is the security of cloud computing, and how should the security of cloud computing be improved, and what should users be aware of in the process of using cloud computing?
Before discussing the issue, make a clear definition of "cloud computing": "Narrow cloud computing refers to the delivery and usage patterns of IT infrastructure, which means acquiring the required resources through the network on an as-needed and extensible basis; broad cloud computing refers to the delivery and usage patterns of services, which means that the required services are obtained through the network in an on-demand, extensible manner. -—— Baidu Encyclopedia "
(Google set up data center in Belgium)
Google's "cloud computing" is to regard its own server cluster as a "cloud", ordinary users can use the browser to enjoy Google Docs, Google Music, Gmail and other services, these are the simplest of the typical cloud computing scenario. In fact, whether it is using Amazon S3 to provide services to the Dropbox, Microsoft's online documentation service live office, or Apple's latest cloud service icloud, all belong to the ordinary netizens "cloud services."
(Mr. Jobs made a speech about icloud at the press conference)
Take a closer look at these applications, you will find that regardless of music sharing, network directory synchronization or network file storage, your files, data, passwords and so on all things, are starting from the local hard drive to the server "cloud" transfer, "cloud" in the Internet users throughout the activities become more and more valuable. In the past, the local hard disk on the file lost, you will scratching want to get your head against the wall, now the first move is: hurriedly go over the mail record, see the original attachment is still in.
As mentioned above, "cloud" infiltration of life, it does bring a lot of convenience to users. But at the same time, so much valuable stuff in the clouds poses a lot of security problems:
1. Legal and tort risk.
Because the "cloud (server)" is located in a different geographical area, the legal risks that may be faced during use will vary greatly. For example, foreigners may face criminal charges when they store documents offending the royal family on servers in some reserved emperors, and in the Hong Kong Special Administrative Region of the HKSAR, the maximum sentence will be as high as 4 years for the installation of pirated software in commercial business.
Although the network has no boundary, but the server for the "cloud computing" business is actually under the jurisdiction of the laws of various countries, so the improper application of "cloud computing" will likely face extremely serious legal risk and infringement risk.
2. Privacy disclosure risk.
Whether online Office software, e-mail or SNS account, usually can be based on their data to understand the user's private information. For example, users who work on corporate documents through online office, if the service provider does not secure them securely, may disclose privacy through internal leaks and unauthorized viewing by other users, which can have a serious impact on the company's normal operation.
In early June 2011, Google announced that someone had hacked into the personal accounts of hundreds of Gmail users. These accounts belong to a significant group of High-profile people, including senior U.S. government officials, officials from South Korea and other Asian countries, and military-related personnel and journalists.
At home, such things are not uncommon, some websites will sell the user information for profit, but also because the company's management system is not strict, resulting in the company's internal staff to obtain information that should not have been, use this information to seek benefits. For example, in June 2011, the Office of the Privacy Commissioner for Hong Kong published a survey which revealed that five banks transferred their clients ' personal data to third parties in 2008-2009, including Wing Hang, Fubon, Citigroup and ICBC Asia.
3. Non-authorized access risk.
Not all "cloud computing" providers have strict security management processes, and sometimes intentions can obtain confidential information from users by means of technology or other means.
In December 2005, the New York Times quoted a number of former and current U.S. government officials as saying the U.S. National Security Agency, with the cooperation of U.S. telecom operators, has access to a "backdoor" access to domestic and international communications networks, secretly collecting large amounts of telecommunications data and many telephone conversation information, including monitoring international calls and " Al-Qaida "organizes international e-mails about suspects.
The US Department of Justice has sent a court order to Twitter asking Twitter to provide account information for several militants close to WikiLeaks. The main note is that the Ministry of Justice has issued a court summons that is not a traditional one, but rather a direct "order"--2703 (d) Order. Such court orders allow the police to forcibly extract specific records relating to ongoing criminal investigations from a Web site or network service provider.
(using tag tags, the FBI is trying to dig up more information about terrorists.)
4. Virus and hacker attacks
Under normal circumstances, "cloud" for millions of, tens of millions of or even hundreds of millions of users to provide uninterrupted service, once as a service center node security problems, it will greatly affect the normal life of netizens.
January 2010, the country's largest search engine Baidu encountered domain name hijacking attacks, services near paralysis, so that has been accustomed to "have a problem with Baidu" netizens helpless, anxiety extremely. and to investigate the cause of the matter, it is because of its domain name custodian mismanagement, hackers posing as Baidu's manager to send mail, so that the baidu.com domain name hijacked.
In addition to domain name hijacking, distributed Denial-of-service attacks (ddos,distributed denial of service), site statistics system attacks, Cross-site scripting attacks, and so on, are also common tools for attacking cloud providers and their users.
On the night of June 28, Sina suffered large-scale worm virus invasion, many celebrities root inexplicably send rubbish letters, many micro-blog began to constantly brush screen, forwarding junk links, at the same time attention to a person named "Hellosamy". In this way one hours to infect more than 30,000 microblogging users.
This is the latest case of a cross-site scripting worm attack to attack a large network. The same attack methods, can be applied to micro-blog sites, blog sites, social sharing sites, etc., can be at a very small price, to paralyse the user's numerous services and applications.
5. Cross-platform security issues
In addition to the four risks mentioned above, cloud computing has another security risk, which is the security implications for cross-platform applications. For example, Dropbox can be used on PCs, Android phones, iphones and ipads, even if the security settings on the PC side and on the server are flawless, hackers can remotely steal data and manipulate the user's phone by using Android vulnerabilities, mobile Trojans, and so on.
With the popularity of smartphones and tablets, the use of mobile networks for electronic payments, online shopping, network music storage and sharing applications in the outbreak of growth, mobile device security bottlenecks, has become the "cloud computing" the entire chain of the weakest link.
In summary, since "cloud" has become an indispensable part of people's network life, in the enjoyment of the convenience he brings, how to minimize the security risks it brings, has become an important issue for all netizens, manufacturers, relevant departments and institutions.