Computer security was an easy job decades ago, and computers in that era were placed in a tightly guarded room. The head of the engine room will take your punch card in front of the window, and as long as the card that holds the code is not folded, damaged or truncated, it will be read by the Hollerith reader and executed on the computer. Only one program can be executed at a time. Of course, if your program is wrong, it will be a few hours or a few days after the supervisor returned to request debugging. (in the age of the punch card rule, FWIW, careful design, architecture and desk checks are routine; Imagine the time each compiler has to run days.) )
Then the calculations entered a period of frenzied development, from time-sharing to minicomputer to personal computers, and now mobile devices. Debugging code on your own computer is a messy process that happens as quickly as people can. No need to wait for the supervisor's blessing or the slowest compiler in the world. You don't need to understand how the computer and technology stacks work, when it's cheap to just run the code and see the results. Even running other people's programs is easy. At this point security began to plummet, with the dissolution of the border safe from trivial to the near impossible to achieve.
Now that we have cloud computing, the boundaries are completely gone, and at the same time we've gone through the code of submission to the supervisor-and now to Google, Amazon, Microsoft, or something else.
What the hell happened? Is it rare that we get only the safety side effects? What about the pros and cons of cloud computing security?
Brief Computer History
When computers occupy the entire room and run only one program at a time, they easily get the security they want because the price is expensive. Only highly trained personnel are allowed to touch machines, and they tend to be geniuses in this field. The calculation cycle is expensive and sparse, but the boundaries are obvious and can be easily locked--simply to lock a door is enough.
Subsequent time-sharing systems and "dumb terminals", such as ADM5 and VT100, are cabled to the host (running VMS or Ultrix). Multiple users can run their programs on the same machine to share the way of the time slice. Machines and their computing cycles are still very expensive and very small and bulky. However, the price of the calculation cycle has slipped year in, the terminal is moving towards the world with their slow pace.
Similarly, computer security has fled the original room. Because the terminal is always in the main line distance (usually concentrated in the terminal room), the user needs user name and password (be mandatory authentication) to use the machine, how much security is still controllable. In fact, not many people used computers at that time.
Then, the core machine also fled the original room, joined the ranks of the terminal, began to become more and more cheap. However, storage is still expensive and bulky. A multiuser host needs an "account" to allocate a fixed disk space. At the end of the 80, 20 trillion of storage looked pretty huge. Storage is concentrated in the size of a disk farm, managed as it was before the mainframe. The calculation cycle is free, but disk space is expensive. Border security is controlled by its parts.
The deadly blow to simple border security, like Cerberus (a hell watchdog with three heads in Western mythology), has three aspects: PCs, users, and the Internet. Early PCs like Apple][+ and IBM PC Junior have no disk space. They use floppy disks or tapes for long-term storage, and a lot of floppy disks to save records. The hard drive is expensive and has the size of a dishwasher. The situation soon changed. In 1986, IBM at launched the brick size of the 20Mb hard drive. Disk space began to shrink, eventually becoming as cheap as the computing cycle--essentially free.
Today's cycles and storage are free, but we face basic management problems. Even though cycles and disk storage may be free, it is still expensive and difficult for professionals to manage machines-especially if you are considering security issues.
View: Cloud computing is good for security
Does every SME in the world need computers to save? Yes. But does every SME have the expertise to manage the computers they need? The answer is no. (especially when it comes to security, it is particularly tricky and requires practical expertise.) Now you have it: cloud computing is always cheap, for almost all small and medium-sized enterprises have a good operation and maintenance personnel and timely demand.
The fact is that the systems management and security operators of Google, Amazon, Salesforce.com, and Microsoft have more than a few, but several times the level of the operational expertise of standard SMEs. Imagine choosing a world-class operations team to support your business operation, or hiring some local second-rate it guys, who are likely to graduate from community colleges.
The same conclusion is that large enterprises do not apply because their in-house IT staff is also world-class and highly expert. The most important part is that the enterprise security maintenance machine is flexible and efficient, but as I wrote earlier, the situation of SMEs is different.
Ever wondered who would have millions of infected machines (regularly joined by computer criminals)? The most likely answer is your relative or your favorite local business. Cloud security can solve these. As more and more consumers and small businesses move their computing into the cloud, our days are getting better, and by adopting cloud services, SMEs and consumers can quickly and automatically improve their own network security (with modern tools and security-intrusive monitors), Fast from the brink of collapse to patching up a patched system.
In my opinion, cloud computing will improve the existing computer security, mainly to reduce the security operation of small and medium-sized enterprises.
View: Cloud computing is bad for security
The problem is the application we need. When we write generic applications to cater to the tastes of different small and medium-sized enterprises, we introduce the Achilles ' heel of cloud security. Easy to place, building secure applications for cloud computing is as difficult as building security applications anywhere. Sadly, the fact that cloud providers either don't know or is lying.
The problem is that cloud providers are a brain-coded solution to the troubled application security. We all know that security is a property, not something. Well, we all know that except for the cloud supplier. Cloud providers still believe in magical encryption schemes. This security method does not make the application more secure, when we use encryption when we are in a link between hosts, or when we add data while resting. Continue to blindly believe that the result of the encryption method is insanity.
The good news is that great strides have been made in software security. The bad news is that we may outsource security to cloud providers, but there is no indication that we can do the same for application security.
My bottom line is:
What is the bottom line for building cloud applications? Get some professional help. It's true. No matter what you do, don't trust the Magic encryption scheme that cloud vendors peddle, which can magically solve all your problems.
Stopping cloud computing is like letting the world go back to the mainframe era, which is futile (well, don't wait ...). That's not what I meant to say! )。 Cloud computing is cheap, and renting operators is really a great solution. The calculation cycle and storage are basically free, so why buy these things again?
So when your company uses cloud computing (not if, but when), don't forget how difficult software security is. Don't buy cloud vendor nonsense about the so-called magic encryption technology! Really thinking about how to properly handle software security on cloud computing is just like the machine that used to manage the execution of your code.