Cloud computing as a new IT service model has changed it consumption patterns. For small businesses, when entrepreneurs want to start a new business, they often want to manage it in a flexible and scalable way. It is not as important to set up an IT department as it is to market, invest in research and development, and protect the flow of money. Because small micro-enterprises have no IT infrastructure in-house, most of them choose the public cloud service providers to supply IT services, thus becoming the pioneer of public cloud service application. For small micro-enterprise IT managers, the security of public cloud services seems acceptable, even better than their internal IT security.
But the blurring of trust boundaries in the public cloud has made cloud security the chief concern for large enterprise CIOs to apply cloud computing. This concern stems from the lack of explicit expression of trust boundaries by many public cloud service providers (such as which security is provided by the cloud services provider and which are still required by the user), and these new trust boundaries are not supplemented by SLAs. Public cloud service providers are unable to provide sufficient transparency to the governance and implementation of the security management process, and to ensure that data in cloud computing is properly protected, only the security responsibilities that should be assumed in the shared liability security model can be lost back to the user.
In this situation, large enterprises are more inclined to build a secure and stable private cloud platform than to transfer the responsibility of the security operation to the public cloud service providers and rely on their SLA and the specific function of supporting the internal security management process of the enterprise. Self-built private cloud means that enterprises need to face a variety of information security threats: Account leakage, API security problems, malicious destruction of internal staff, illegal user access to the database, authorized users access to the rights, data leakage, normal network services hijacked, hacker network intrusion, and a series of security issues.
Mature Enterprise IT departments typically use a standard security management framework to address security issues such as ISO/IEC 27000 and the ITIL Service Management framework for the information technology Infrastructure Library. These industry-standard regulatory frameworks provide guidance for the planning and implementation of governance solutions, as well as the sustainable management of information asset protection. Based on these frameworks, the security management areas that need to be focused on private cloud platforms within an enterprise are as follows:
Availability Management (ITIL) access control (ISO/IEC 27002, ITIL) vulnerability Management (ISO/IEC 27002) Patch management (ITIL) configuration Management (ITIL) event response (ISO/IEC 27002) system usage and access monitoring (iso/ IEC 27002)
In each area of security management that requires attention, the enterprise IT department invests considerable effort to take on security risks and challenges. In this process, the level of support of cloud platform vendors will have a direct impact on the transparency and controllability of enterprise IT security management. At this time, the choice of operation experience, security system perfect cloud platform service provider is particularly important. Product Bingocloud as the first self-developed commercial IaaS platform, has been accompanied by the dozens of large enterprises in the IT cloud platform to grow, and in this process, together with the enterprise successfully deal with the various security challenges cloud platform. While enriching its own cloud platform security features, Bingocloud is also constantly enhancing the ability of the cloud platform to support the overall IT security framework within the enterprise. Not only to provide users with security and stability of the infrastructure cloud platform, but also for enterprise users overall IT security process construction to provide better support, never let users face the security challenges of the cloud platform alone.
Availability Management
As the cloud platform is widely used within the enterprise, companies will deploy more critical business applications to the cloud platform, which will increasingly depend on the continued availability of cloud services. Bingocloud provides cloud monitoring services (Cloudwatch), provides users with real-time view of various services in the cloud such as EC2 instance, EBS storage volume, ELB load balancer operation of the method, and provides a variety of monitoring indicators for users to use, users can also set the target " Thresholds. When the threshold is exceeded, the alert mechanism is triggered, and the alert mechanism not only supports common mail notifications, but also calls the automatic scaling service (auto scaling) to dynamically grow/reduce the number of application servers in order to flexibly respond to the burst traffic. Implement high availability of application load in Bingocloud.
Access control
In order to ensure the validity of access control, Bingocloud provides the two-dimension access control of network access control and user access control. Network access control is represented by cloud Platform firewall strategy, which performs host-based access control at the entrance of cloud platform and logically groups the instances within the cloud platform. Support policy implementation based on standard TCP/IP parameters, including source IP, source port, destination IP and destination port, etc. In addition, user access control in Bingocloud can play a key role, it is an important means to bind the user identity and cloud service resources, and realize the important business needs of fine-grained access control, user audit, compliance support and data protection. Protects the confidentiality and integrity of information in cloud computing through strong authentication, single sign-on (SSO), privileged management, and cloud computing resource logging and monitoring.
Security vulnerabilities, patches, and configuration management
Vulnerabilities such as unsafe applications, unsafe operating systems, and insecure network configurations provide an opportunity for hackers to invade the private cloud platform of an enterprise remotely, making it a nuisance for the enterprise's IT department. In order to avoid providing hackers with intrusive loopholes to ensure efficient and safe operation of the system, Bingocloud will tailor the underlying operating system, reduce unnecessary processes and services, and make the system occupy the least resource and have higher stability. In addition to safeguarding the security of the cloud platform itself, Bingocloud also provides its IaaS users with a safe, standardized image, which enhances and standardizes virtual machine mirroring based on the security requirements of different scenarios, and allows users to safely use them directly to obtain security instances. For different business resources, such as operating systems, application servers, databases, and Web servers, Bingocloud is installed and configured with minimal privileges and industry-recognized best practices.
Intrusion detection and event response
Intrusion and event management is a key function of managing and mitigating risk within the Enterprise Information security management domain. The intrusion detection system in traditional security is unable to detect the network communication in the virtual environment because of the network virtualization characteristics of cloud platform. In order to ensure the overall monitoring of the internal IT architecture, support the introduction of traditional security tools, Bingocloud network virtualization System application software Definition Network (SDN) technology, through the OpenFlow protocol can realize the virtual machine network traffic redirection, Provides the ability to introduce virtual network traffic into a Third-party security virtual gateway to implement NIDS deployments within virtualized environments to monitor security incidents within the cloud platform. Security incident responses cannot rely on a single security device and need to mobilize the IT capabilities of the entire datacenter. In order to meet the data demand of CERT for Security event collection, Bingocloud Management Center collects system log, security log and performance log of various components of cloud platform, and provides external interface support log to export the Third-party Security Management Analysis tool, which provides basis for enterprise security incident response and tracking.
Private cloud platforms within large enterprises enable users to highly control and regulate the physical and logical security of private cloud infrastructures, providing a high degree of controllability and transparency for enterprise security management and easier implementation of overall security standards, policies and compliance. But it also classifies the responsibility for security management and security maintenance within the enterprise's own IT department. High quality in the construction of private cloud platform for enterprises, not only for enterprise users to provide a powerful and commercially mature cloud platform products Bingocloud, but also for the enterprise IT departments to provide a wealth of cloud platform security functions and safe operation practices to meet the security management needs of enterprise cloud platform. In addition, Bingocloud provides a wide range of Third-party support capabilities to introduce traditional security tools to integrate the existing IT management framework in the enterprise. So from this point of view, the excellent cloud platform manufacturers are not only the manufacturers and sellers of cloud products, but accompany the company cloud growth, to face the challenges of close partners.