Perhaps one day, cloud security vendors and cloud service providers will convince corporate CIOs that they can move corporate security-sensitive data and key programs from private clouds to public-sector platforms, but unfortunately, that day is far from over.
The information security practitioners, consultants and analysts interviewed by the author said that cloud security vendors and cloud service providers have a long way to go in the application of enterprise informatization, and they need to provide a convenient and secure public cloud space for enterprise customers before the mixed deployment of public and private cloud.
The public cloud security problem has become the key to the global enterprise Informatization transformation
With regard to the issue of the enterprise IT department putting sensitive data storage into a publicly-owned SaaS platform, industry insiders said it would take about six months to two years to put a credible entity like Salesforce.
Therefore, the enterprise to the security question ponder, does not hesitate to attach on the public cloud platform. What has become the key to hindering the development of public clouds? A cloud-tracking poll of IT pros shows the following four key points:
1. How to ensure the security of multiple tenants using virtual network communication channels;
2. How to ensure the security of users using the public cloud through mobile terminals in mobile internet age;
3. Whether there is a mature extension of existing identity authentication and access control mechanism, in the enterprise users use the public cloud process, to provide a relatively consistent path;
4. When data needs to be modified, how to trust the encryption and tagging model to adequately protect the security of sensitive data stored in the public cloud.
These potential security issues constitute a cloud era of enterprise information technology debate. The technical aspects of security are complex facts, and public cloud providers are famous speakers who are unwilling to provide standards and cases for their basic security practices. For an enterprise user, cloud service providers need to have the basic services such as confidentiality, which is extremely necessary for user audit and inspection.
At the same time, all respondents said that the company engaged in public cloud security services to express confidence, according to the current cloud security enterprises in the private cloud occupy, the public cloud platform is expected to reach a certain level.
The trouble of Growing up
Jacob Waka, president and chief operating officer of the digital media company Digital. Braun said that the company is engaged in public cloud hosting security services and consultancy work, compared to the initial stage, they are now in some parts of the United States have been developed.
"The public cloud is like a gifted teenager moving into a new community, and his uniqueness makes others look incredible, and people are interested in and anticipating their future development because of this curiosity." Give him more time, most people will understand the popularity of genius. "Bleum said. Analysts, advisers and customers also say they are looking for the essay of public cloud security from these vendors.
Former Si Jie CTO and founder Simon.crosby also said that in the use of virtualization products, they began to seek to establish a secure mobile client. "The public cloud structure built today can actually withstand more serious attacks than any private network," he said. "Simon.crosby said.
But according to the Cloud Security Research Institute Survey, IDC security product Project users are not optimistic about this. When asked if the cloud provider's architecture could be more secure than its own private cloud, only one-third of respondents agreed. However, more than half of corporate users who have deployed public and mixed clouds agree that the services provided by suppliers are more secure than their own IT teams.
Richard Rees, an EMC company Virtual Cloud Consulting Services Manager, talked about the business workloads of some businesses that could greatly improve their security posture by pushing them into the public cloud. For example, in the IDC survey, 30% of the 250 SMEs surveyed used the most popular information security software on the cloud platform. Rees said: "In the public cloud, IT security administrators can more quickly and easily understand the digital signature, public/private key encryption, secure e-mail and other security parameters, this high level of protection is not previously achieved." ”
Reflections on the Landing of cloud security
The key to the public cloud business model is the dynamic environment, which can carry many different tasks and can move and optimize the underlying infrastructure at will. Users want to ensure that information is in place to protect their data from attack and that they want to form a very granular security management system by viewing information about the controls.
According to a 2011-year ISACA Survey, 45% of the people think that cloud computing risks outweigh its benefits.
But this level of detail is often beyond the scope of the business model of most public cloud providers. Public cloud providers are tight-lipped about security enforcement details. They do not want to disclose safe practices to avoid exposing their competitive advantage; In addition, they do not want to expose security risks to the media spotlight.
As a result, a properly managed and configured public cloud application can achieve good security. Security has become the focus of cloud computing in the development of Enterprise informatization. Security has also been said to be the inherent benefits of private cloud and the fundamental flaw of the public cloud. In fact, the facts are more ambiguous than those implied. Asserts that the public cloud environment has the enterprise information security flaw, does not seriously consider how alleviates these insecurity factors, appears is irresponsible.
Public cloud security is never a black-and-white simple problem, looking for public cloud security essay way, landing is to ask what action must be taken to achieve in time, budget conditions, as far as possible to ensure that the application in the public cloud platform environment to achieve the goal of safe operation.
(Responsible editor: Liu Fen)