Sun releases security code for cloud Computing Security Alliance

Sun Microsystems recently released its innovative, Open-source cloud computing security tool and announced its support for the latest security specification for the Cloud Computing Security Alliance (Cloud). The move is part of Sun's strategy to help customers and partners create an open, interoperable public cloud and private cloud.

Sun is committed to providing the best technology and practice to help users escort key data in the enterprise and cloud. The release of Sun's cloud-safe structured modules will provide users with high security, high-availability, and manageable enterprise-class cloud computing services in the public, private and mixed cloud environments. The built-in security capabilities of the Sun's Solaris operating system, including Solaris ZFS and Solaris Containers,sun Cloud computing Security tools, will secure data transfer, storage, and use in the cloud, and ensure interaction with leading cloud service providers, such as Amazon and eucalyptus.

While announcing the new cloud computing security tool Today, Sun also announced support for the security specification of the Cloud Computing Security Alliance (Cloud), "The key domain specification for cloud computing-v2.1 unacknowledged Areas of focus in Cloud Computing-version 2.1) ". Sun security experts have been actively engaged in the development of this security specification within the industry, and have been actively involved in the Cloud Computing security Alliance at the beginning of its inception. The new security framework provides a more concise and easier to operate cloud computing security deployment specification and contains the knowledge and experience gained in actual deployment.

The Cloud Security Alliance (CSA) released its second edition of the Security Application Guide for cloud computing Services in Thursday. The nonprofit alliance was formally established in April to promote best practices in cloud computing security. They released their first edition of the Guide at the 2009 RSA Conference, the most authoritative annual summit in the global Information security arena.

Jim Reavis, co-founder and executive director of the Cloud Security Alliance, said the new version of the key area of cloud computing's focus Guide-version 2.1, provides more specific information in some areas and offers more practical advice. The process, he says, will eventually evolve the industry's need to audit and certify cloud service providers.

"I am not saying that we will have to stand up for all the things in this industry, however, we have started to do something to move on that side." The key to curbing the use of cloud computing by large companies to do important things is that they do not have a comprehensive compliance regime. The whole environment has not been developed. ”

"Sun's advanced technology, full practice, and close collaboration with industry leaders, including the Cloud Computing Security Alliance, enable us to provide our customers and partners with a comprehensive data security framework for the cloud computing environment," said Tucker, Sun's cloud computing CTO. ”

Sun also released a new white paper "Using transparent security technology to win customer trust in cloud computing." This white paper provides a comprehensive overview of transparent security technologies and methods for building a secure cloud computing system, including security design, practices, and processes to help customers enhance confidence, protect critical security information and data, and improve overall system management performance.

"Security issues remain one of the main considerations for corporate customers turning to cloud computing," said Sun's distinguished engineer and chief Security architect Glenn Brunette, "Sun's new security tools will help address these fundamental issues and enable customers to enjoy the benefits of cloud computing, Manage risk and protect important assets at the same time. ”

Sun Inc. today unveiled a series of Open-source Cloud Security (Cloud) tools, including:

OpenSolaris VPC Gateway: When customers connect systems to Amazon virtual Private Cloud, they offer them more choice and flexibility. OpenSolaris VPC Gateway software helps customers quickly and easily create a multiple secure communication channel to a virtual private cloud without the need for proprietary network equipment.

Immutable service Containers (ISC): Provides the relevant deployment strategic infrastructure model to jointly develop highly secure services. Incorporating many of the security features of the OpenSolaris operating system, including Solaris ZFS, Solaris containers, and Solaris IP Filter and auditing, the ISC architecture employs a service partition, Enhanced integration technology to create virtual machines with significantly enhanced security and monitoring capabilities.

Security Enhanced Virtual Machine Images (vmis): Using many of the technologies developed for the immutable Service container project, Sun has created the Amazon elastic Compute Cloud (EC2) is designed with enhanced security vmis. These virtual machines take advantage of the industry's widely accepted and recommended recommended practices, including non-executable stacks, cryptographic swapping, and enabling auditing by default. In addition to simple OpenSolaris images, Sun also publishes integrated software stacks such as Solaris amp and security-enhanced image Drupal.

Cloud Safety Box: Simplifies managing encrypted content in the cloud. Using a simple Amazon S3-like interface, Cloud Safety box automatically compresses, encrypts, and splits content, which can be stored in Solaris, OpenSolaris, Linux, and Mac OS X, the contents of the cloud in any supported operating system.

Sun is building and deploying open and compatible public and private clouds with global customers and partners. Sun Open Cloud platform is powered by Sun's industry-leading software, hardware, and storage to provide a low-cost, scalable cloud infrastructure.

The CSA Guide, developed by dozens of contributors, outlines key issues and provides recommendations covering 13 areas, including incident response, encryption and key management, identity and access management, and regulatory and electronic searches. It is designed to help organizations figure out what problems should be presented to cloud service providers, the current recommendations and the easy mistakes that should be avoided.

Several agencies have started using first-edition guidelines to develop their long-term cloud strategy, Reavis said. He added that the new version "will give them more communication guidance with cloud service vendors". CSA has expanded its membership since its inception and now has 23 members, including heavyweight companies: Microsoft, Cisco Bae Inc. and has Co.

Reavis said the alliance has successfully promoted the topic of cloud security and pushed the information security industry into the "forward-looking field of new things", although those areas are not the usual practice required in the industry.

CSA has successfully built a global footprint for its next year's promotion program, Reavis said: "What we see is a large number of private clouds; so many governments and industries in the world are developing their cloud in their own direction." We can stand on the opposite side and try to get everyone to use the same cloud. ”

He also said that CSA plans to open next year to research on cloud security threats and to map the guidelines to control frameworks and standards (such as PCI Data security standards and ISO 27001), and it is also planning for some educational activities.