The significance of information security level protection in cloud computing

Cloud computing is another major technological change in the field of information after computers and the Internet. While the advent of cloud computing provides new opportunities for development, the security of cloud computing remains a serious challenge. Since 1994 the State Council promulgated the "People's Republic of China Information System security Regulations" (State Council [order 19,941,147th), Information system security level protection system gradually perfect mature. Has played a significant role in the traditional architecture of the information system. The advent of cloud computing has brought about a series of changes in system architecture, but no matter how it develops, it belongs to information system, which has the universal characteristics of information system. Cloud computing security management can still be implemented in accordance with the requirements of the level of protection.

Cloud computing security issues

There is currently no unified, defined definition of cloud computing. Wikipedia considers cloud computing to be a dynamically scalable virtualization resource that provides computing patterns to users through the Internet, without knowing how to manage the infrastructure that supports cloud computing. In fact, cloud computing is a concept, not a specific technology or standard. At the same time, cloud computing is also an operational model that provides IT resources, data, and applications as services across the network to users. In short, the essence of cloud computing is sharing and collaboration.

In recent years, major IT companies have put into the cloud computing, the major commercial platforms such as springing up to launch. However, the problems of these cloud platforms are also followed by constant exposure. 2007-2008 years, the Amazon cloud platform a wide range of failures, 2009, Microsoft Cloud Platform crashes, data loss, and in 2009, Google also has customer personal information leaked?? In the era of cloud computing, where resources and data are in the clouds, security issues are more important.

Due to the changes in the architecture, cloud computing security issues also have its unique characteristics:

① in the cloud computing environment, the network architecture is unified, the hardware resource is highly integrated, the traditional security boundary disappears; ② virtualization as the core technology of cloud computing, the design and deployment of security equipment to put forward higher requirements; ③ data centralized storage processing, need effective authentication, authentication management, access control, security audit and other security mechanisms; ④ Data and applications rely heavily on cloud computing centers, whose stability and reliability are more demanding than traditional systems.

The security problems in the cloud computing model are: Hackers invade cloud servers to steal data, cloud service provider employees steal sensitive data from customers, and other customers who use the same cloud service provider to accidentally acquire or steal sensitive data; Cloud resources are maliciously abused and used to spam or malicious hosts; Foreign governments can read data in the local cloud data center without the client's authorization, customers are not easy to audit the security control measures and access records of cloud service providers, and the cloud service provider's disaster preparedness management is not perfect, which leads to service interruption; Cloud service providers fail to continue to provide services; user account password stolen, Cloud service resources have been compromised.

Level protection still applies to cloud computing

From the management point of view, the hierarchical protection system is a comprehensive social systems engineering, the information system in accordance with the socialization of organizational principles of orderly management, is to enhance the level of security protection of the system is an important means. At this point, the cloud computing environment is the same as the traditional information system. The level protection involves the management part and still applies to cloud computing.

From the technical point of view, the level of protection system is a complex technical engineering, through a series of technical protection measures to achieve information systems security design technology requirements.

From the design requirements of grade protection technology, the original idea is to construct the computing environment, the regional boundary and the communication network under the support of the Security Management Center. In the cloud computing model, the area boundary within the private cloud has become blurred and disappeared, and the cloud computing environment and the cloud Communication network construction mechanism need to be set up again. The overall structure of the technical security of the level protection is from the information system itself, and cloud computing is also the information system, has the essential characteristics of information system, therefore, the cloud mode of information systems need to build cloud computing environment, cloud Communication network, cloud access boundary, as well as cloud Security Management Center, This is the same as the overall technical architecture design for hierarchical protection, except that the security architecture of such a cloud computing system needs to be done under "trustworthy" conditions.

The design requirements of the grade protection technology mainly include the contents of the four parts of "Security computing environment security Zone border Secure Communication network security Management Center", and standardize the technology, management and operation.

Cloud computing can be analyzed from the following five aspects of its main security risks and Countermeasures:

(1) application.

For application of system security vulnerabilities, it is necessary to comply with the Application Security Development specification and relevant rules and regulations, and regularly perform code-level security checks and system security tests. In accordance with the level of protection technology design requirements of the "Safe computing environment" related content implementation.

(2) data.

The best way to leak data is to use technical measures to isolate and encrypt sensitive data. In accordance with the level of protection technology design requirements of the "Safe Computing environment Security Zone boundary Security Communication Network" related content implementation.

(3) System aspects.

It is necessary to establish security baseline and protection mechanism for system security vulnerabilities, and monitor system security incidents in real time. In accordance with the level of protection technology design requirements of the "Safe computing environment" related content implementation.

(4) network.

For the network transport security problems that users care about, they can be solved by the transmission of content encryption. In accordance with the level of protection technology design requirements of the "security zone boundary", "secure communications network" related content implementation.

(5) Endpoint aspect.

For malicious code that may appear at the terminal location, it can be resolved by using terminal security protection software. In accordance with the level of protection technology design requirements of the "Safe computing environment" related content implementation.