The three-way cloud security line of the Sina SAE

With the development of cloud computing in China, more and more cloud computing products emerge. However, due to the sharing of public cloud computing resources and the essential idea of resource scheduling, the importance of security in public cloud computing is obvious. Users start to worry about whether the code is safe, the data is secure, and the transmission is secure. The platform provider should also guard against DDoS, prevent misuse of resources, and prevent the use of Web language vulnerability attacks.

at the QCON2012 Global Software Development Conference, Sina Cloud computing chief architect Conglei said, "Sina app Engin (SAE) from 09 to date, for cloud computing security issues, from code to data, from storage to transmission, from the language level interpreter to the system layer have done the corresponding protection and improvement. "Cloud security is an important direction in cloud computing, especially in public cloud computing, and is a topic that all users will be concerned about using cloud computing." There is widespread concern that its data is not in the cloud, and that the cloud computing services provider is leaking its data. Conglei that cloud computing security has four characteristics, first, the sharing of resources, because the cloud services provided by the service is a multi-tenant, a large number of users to share services, which will cause a person with problems and other people encounter problems. Second, the diversity of services, cloud computing development has spawned a lot of cloud services, such as cloud host, cloud space, cloud development, cloud testing and so on, the increase in service types will bring more risks. Third, the user is not aware of. Iv. unpredictability of scale. The SAE considers cloud security separately from the platform itself, user data, user code, and account four. In terms of the user's data security, it was previously isolated through a virtual machine, so that the SAE was too loaded, so it improved over the past 2010 years, protected by three layers, SQL, concurrent execution time, and slow query quotas. In addition, the SAE provides two authentication methods, Client namespace-binding and SHA256 REST signature. MySQL Cross application authorization can be lost in the user's password, reduce user losses, users can authorize their own database to some applications, if the account password is lost, there is no authorization to access the application. In terms of backup, SAE also provides MySQL backup mechanism, kvdb backup mechanism, taskqueue backup mechanism, counter/rank backup mechanism. In the application of firewalls, the SAE provides IP black-and-white list, access frequency control, inflow and outflow flow control three ways.

SAE Cloud Security

  In code security, the SAE provides PHP sandbox, Python sandbox, and Java sandbox. In addition, the SAE also provides the application of physical examination, to see whether the page performance bottlenecks, while checking for vulnerabilities, whether there are potential for attack. In terms of account security, the SAE supports dynamic password shields and defines different permissions based on the different roles of the team's projects. At the same time, in the cloud bean aspect, but also has the budget setting, protects the user money not to be misoperation and consumes the light, only then, the SAE also provides the large consumer protection, protects the user's account security.   for the safety of the enterprise, Conglei said, Sina has 7*24-hour operation team, team members are with ten years of operation and maintenance experience. SAE also provides SLA assurance and compensation strategy for the platform's own problems caused by the platform integrity of the failure, the SAE official will be paid for the platform of one-time compensation, to make up for the platform failure to the user site and application of the loss.