The era of cloud computing meets the new challenge of network security

Hello everyone, I am very honored to be able to participate in the Cloud Computing forum today, there are already two guests talking about some aspects of cloud computing, I am impressed is the Suzhou Telecom Peng always about cloud computing his analysis, is I hear the most simple about cloud computing understanding and his practice content. Basically the same as he said, but not tall, is real, can solve some problems.

The problem of cloud computing is also very hot now, and this heat is also very long time. I am also often asked by some leaders, cloud computing is so hot, cloud computing security How to do? This question is very difficult to answer, for some leaders I often say that the current state of the cloud is not too many ways. Because now the cloud computing its standards are not unified, each home has a platform, have the practice of the family, in this lack of uniformity above how do you do it. Universal Solutions Currently, the industry has not seen, Venus in this piece can bring you what, in the cloud computing environment as a traditional network vendors, how do we do it. Sometimes I answer the leadership such a question, I often tell him in the current situation, the lack of standard unity of the situation, we can do is in some background management, from the management of security, from the management of the benefit, and this piece of cloud computing architecture is consistent.

We quickly understand the Venus Chen Company, as it inside the refinement of a market, security aspects may not be very understanding, I spend a minute to give you a moment to add some understanding. Venus is also a relatively long time to set up the company, established in 96, so far has been 18 years, the company in the 18 process to obtain some results, after the company began a number of integrated work. At present, there are about 2000 people on the scale, formed four research and development base, customer-oriented words we can provide a package of solutions. Especially since 07, we have completed the top events in Asia.

Next we move on to today's issue of understanding cloud computing security. For the cloud, including just Peng's ppt inside also mentioned, everyone mentioned cloud computing, I managed to this data center to his side, we think of the first problem is not how much efficiency, but my data security is not safe, in my intranet things I manage. But now I have to move the whole system out, then my data is not easy to get to him, this question how to protect, this is the first time when you talk about cloud computing security issues. Is the cloud security problem just a data security? Not so, according to some of CSA statistics and reports, from 2010 to 2013 two reports, about cloud security concerns more, 1 to 3 is a data leakage problem. In addition, there will be some unsafe APIs, your application on the Internet is not subject to attack, these are the problems faced by cloud security.

For this piece if we do not have a good idea or solution, often there will be a problem, the application went up, but your security problems have come out. What is the cause of these security problems? Because of the high concentration and easy availability of cloud computing, there is a good chance that you will suffer malicious use and anyone can use it. Cloud computing technology in the rapid development, architecture, standards, or models are changing, will bring some insecurity and instability factors. Cloud computing through different levels of outsourcing to achieve results, save our manpower, but your security issues, controllability issues again.

Security countermeasures, we talked about the threat, but also to see the countermeasures, at present, there is no very good countermeasures. In the current situation, all of the solutions to cloud security are the basic elements from the cloud, we piece of decomposition, what each piece can do. For example, for the virtualization infrastructure, I do virtualization security. Application layer aspects of the problem, this is a need to focus attention, before the guests also said, we now put the application of the cloud above to go very simple and convenient, put the system can be. But your application is not suitable for the cloud platform to run it. The most important one is the admin domain, many people do not pay attention to this piece, the existing equipment comprehensive utilization to improve its performance, you need to pay special attention to things. You may be investing in cloud computing, but your investment in management will give you a higher annual benefit. There is the client domain, which is a big challenge to the industry.

In response to these security measures, we focus on the background data center of this piece, we also put forward a number of solutions to the idea, to take a look at the discussion. We will mainly focus on management, for cloud computing or the security of the cloud center, we have made about five. The first is that traditional physical structures need to be protected. Second, for the emerging virtual system for the security of the system, you have no corresponding solution. The third is to improve VWB security and availability, the fourth one strengthens operation and maintenance management and audit mechanism, this is to do private cloud time, or use a third party cloud time to consider a problem, my data is my own, put to your side after how you guarantee my data you do not take away, what method. If I were my own private cloud, would that be a problem? In fact, the same problem, how do you ensure internal control, the fifth to strengthen resources and security control.

How do we solve these problems, the traditional network security is necessary, firewall, intrusion detection, these are indispensable. Virtualization security, this is the most direct problem in cloud computing, for this piece requires a number of proprietary technologies, such as virtualization Security Gateway, virtualization IDs, virtualization audit, virtualization scan. This virtualization has yet to see a more standardized thing, because the current standards are not yet unified. For some internal problems, your application on the security after the implementation of how to deal with, this is our traditional internal application focus less than the place, only on the Internet to apply the focus of attention, this piece how do you solve it? For this piece we propose a solution, that is, monitoring plus verification and authentication analysis.

For data hosting to a third party, we doubt that your data will be taken away, then what should we do? He can do some supervision, strict supervision of the outsourcing personnel, management personnel operations, so that effectively eliminate the use of equipment for the maintenance of access to data resulting in the violation of the case. Your manager can't do anything, the manager decided, this operator, maintenance personnel can only do this, to the database you can not touch.

Finally, we simply look at information security Unified management of the big platform of things, data center centralized more than 70% of servers, equipment, application systems, how to carry out effective and efficient day-to-day management, which is our headache, for the cloud center personnel, for future users to build private cloud you will inevitably encounter this problem. Our current domestic high-end industries, such as electricity, finance this piece of the request, how to monitor, how to ensure that my computer inside let it fully run, there is such a unified regulatory platform. Through such a regulatory platform to your network all involved in the application, host, database, network equipment, security equipment all in a platform for processing, is doing some data mining processing, the correlation data mining, tell you some of the aspects you should pay attention to. It has a different interface for different people, and the operator may be concerned about how to solve the problem, and he will tell you what the cause is. Top leaders are concerned about macro trends, whether they are safe, and that middle-class people pay more attention to this point if it is caused by 6 points or 7 points.

This is most of the functional modules that are managed behind each module, so it is not a security product and it is a managed solution. For example, network management, I can be a number of topology equipment monitoring, I can conduct real-time analysis, I can conduct a comprehensive analysis afterwards. After all, it is the whole network of unified security control, the equivalent of a city's road monitoring Center, which is its biggest role, it is the system if used in the cloud computing center large-scale equipment concentration place, to the efficiency of the staff, the promotion of efficiency is very helpful.

1. Large Data cloud Security strategy analysis

2. Apple icloud application PC version experience

3. What is cloud service