The advent of cloud computing has changed the business model of the past, enabling people to enjoy the infrastructure resources needed at a more affordable price, like water, electricity and coal. However, how many people are willing to accept this service model for their users? According to the survey, enterprise users have been able to accept the private cloud, but when they convert these enterprise users to individual users, they begin to become hesitant to face the public cloud.
Undoubtedly, cloud security has become the biggest "stumbling block" to cloud computing, how to break this bottleneck? Wu Xiyuan, president of Symantec China, recently received an interview with the media, explaining his views and suggestions on cloud security.
Wu Xiyuan that, compared with the traditional security proposition, cloud security is not only a technology can be solved, but the need for many factors of linkage, is a systematic project.
At the same time, cloud computing has brought new propositions and service patterns to security, the birth of a "security cloud". At present, a number of security vendors, including Symantec, have put forward a "security cloud" to provide users with secure cloud services.
Cloud computing once again suffers from security criticism
A few days ago, Sony playstationnetwork a user data leak incident, making the company more than 100 million users of personal data is threatened. The events in Sony have also led the entire cloud computing industry to rethink the industry's prospects, while corporate users are increasingly paying attention to the corresponding security measures when using cloud services.
Professor Eric of Dartmouth College in the United States, which specializes in computer security consulting services for large enterprises? Johnson said: "No one can be really safe, Sony is only the tip of the iceberg." ”
It is conceivable that, as more and more companies start to use or provide cloud services, events like Sony are inevitable, so the role of security in the cloud computing industry is becoming increasingly important.
"Cloud computing is imperative and will not be scratched by security issues," said Wu Xiyuan, president of Symantec's Greater China region. At the same time, cloud security is different from traditional security, is a system engineering, with many links to improve, the cloud security fence will be more solid. ”
Do system engineering well
In the traditional security proposition, the emphasis is on border security, through the firewall, anti-virus software and intrusion detection and other security tools to protect the border.
However, villains, outsmart. "In the context of cloud computing, we find that the biggest security threat is not from the outside but from the inside," Wu Xiyuan said. Because only the internal people really understand the secret information is hidden in the end, it is easier to leak confidential information. ”
Therefore, cloud security requires comprehensive security protection. "The prevention of information leakage is more important than the protection of border security." This can be seen from our company's related security software shipments. Wu Xiyuan said that in the past two years, Symantec's Information security protection products DLP achieved twice times even more growth.
At the same time, it should be noted that in the cloud-tube-side cloud computing architecture, users are often worried about "cloud" security and refuse to use cloud services. As everyone knows, the security threat is more in the "End".
"Many users do not attach much importance to security, such as their random input account passwords, and other confidential information, or the Internet when you encounter a pop-up box prompts security warning, they will also choose to ignore." These actions have hidden security concerns. "Wu Xiyuan said.
In the 2010, attackers launched targeted attacks on various listed multinationals, government agencies and a staggering number of small businesses. Many facts suggest that attackers will study key victims within each company and then use customized social engineering attacks to invade the victim's network. As a result of their clear objectives, many such attacks will be successful even if the affected enterprises have basic security measures.
Wu Xiyuan It seems that technology is only for cloud computing to establish the first security fence, and cloud security is a systematic project, but also need to improve the laws and regulations and the support of a mature audit system.
First of all, in terms of laws and regulations, users can regulate the use of cloud services behavior. For example, how to make sure that the user clears all the data when they unsubscribe from the cloud, and that, for example, the user's account is compromised by the user or the cloud service provider, which requires the appropriate laws and regulations to constrain it.
Second, as far as auditing is concerned, the user wants to audit the cloud service provider before selecting it to gain trust in it, and after selecting the service provider, the user also wants to be audited on demand to ensure the security of the cloud service. So, for cloud computing, the audit system is also indispensable.
"From the above analysis can be seen, cloud security is a systematic project, the need for a number of links, there is a lot of space to improve." Wu Xiyuan again stressed that cloud security is not just a technical issue.
Changing the Security Service model
Cloud computing poses a challenge to security while also giving security a new development proposition-the security cloud.
For security vendors, the introduction of cloud computing can greatly enhance their ability to collect virus samples and reduce the corresponding time of threat. In this respect, Wu Xiyuan the same: "Cloud computing has changed the security vendors to sell only product license marketing model, making the service model possible, through the cloud to the security services to the end user." "At the same time, Symantec delivers next-generation security and enterprise storage management solutions for businesses through Amazon EC2 services."
Online backup can not be ignored
"For cloud computing, storage and security are equally important," says Wu Xiyuan. First, the data center has a lot of data, if there is no response to the management software, it will cause the data center to continue to expand storage equipment, become more and more bloated. Second, backup to prevent data loss. ”
"Symantec wants to be a security enterprise that gives users a source of confidence, which is what we advocate," he said. Symantec will fully protect the security of cloud computing and provide users with a better environment for cloud services. "Wu Xiyuan said.
LV, a professor at Beijing University of Posts and telecommunications, once said that cloud computing: "Some people worry about their personal information in the ' cloud ' unsafe, very simple, money is hidden in the home, sewing in the clothes safety, or in the bank security? ' Cloud ' powerful information management capabilities will go far beyond personal servers. As well as adapting to banks and various bank cards, people quickly adapt to cloud computing and cloud services.
It can be expected that with the improvement of security and many other links, users will gladly accept cloud computing services.
(Responsible editor: Duqing first)