First, what is cloud computing security:
Cloud computing refers to a series of security or safety cloud cloud computing data set for protection policy application and associated structures, and control technology, belongs to computer security, network security sub-field, or more generally belongs to the field of information security sub cloud computing security can contribute to the development of cloud computing innovation, will help solve the dispersion of investment, redundant construction and overcapacity, uneven integration of resources and lack of co-construction and many other issues.
While cloud computing because of its cost, easy maintenance, flexible configuration services has become a priority of Governments to promote development. United States, Britain, Australia and other countries have introduced the relevant development policies, there are plans to promote the migration of government information systems to the cloud computing platform. But we should also see that the government use of cloud computing services but also to secure their sensitive data and critical business brings security challenges.
Second, cloud computing security threats:
In a cloud environment, in addition to all kinds of security threats facing the traditional sense, but also new threats of a new business model brings.
- escape threats and covert channel
Escape the threat is under the control of a virtualized application has been (VM) premise, by using a variety of virtual system security vulnerabilities, to further expand the penetration of other VM Hypervisor even, make the Hypervisor level, other virtualization applications install back door, DDoS, etc. attack. Because of such threats and related communication takes place between the various VM virtual machines or more, and most are on the same physical entity, do not go through security gateways, hardware firewalls and other security equipment, namely due to the sharing of hardware between virtual machines resources caused by covert channels, simply can not be detected by conventional protection and protective equipment. The lack of visibility into virtualized environment for inter-VM traffic is a major security challenges we face.
- Web security vulnerabilities
Cloud computing services to promote the Internet Web trend, the Internet is an open, non-control mechanism network, and compared to traditional security vulnerabilities operating system, database, C / S system, application level security issues more prominent, multi-client, virtualization, dynamic, complex business logic service, user participation, these web2.0 and cloud services network security features would mean a huge challenge, even disaster. Cloud computing security issues must also be considered more complex than the network security issues.
- Denial of Service Attack
Due to large-scale and high-performance cloud platform, once suffered DDoS attacks, cloud platform’s ability to provide technical means to deal with, so that normal applications are not affected, is an important indicator of evaluating cloud computing platform. DoS and DDoS denial of service attacks, while not unique to cloud services. However, cloud services technology environment, the key core data units, and if left intranet services migrate to the cloud service center, more applications and integrated business began to rely on the Internet, the consequences of denial and destruction will serve significantly more than the traditional network environment. Therefore, the availability of the service at any time and the data itself is not only a very important safety indicators and quality assurance in the presence of a malicious attack environment will cause its complexity is greatly increased. How to prevent DDoS attacks disrupt normal application is a big challenge.
- The internal data leakage and abuse
In contrast, the application installed in existing internal environment is more readily accessible for inspection, but also have a perfect inspection techniques, however, cloud computing applications installed on the outside if not properly protected, these data may be illegally from external cloud computing leak, and the difficulty of checking its very large. When the user’s sensitive data processed in the cloud, critical data and business applications unit in cloud platform IT systems. In a multiuser environment, the cloud platform is difficult to provide the same individual customer environments and related resource isolation level security, users can not risk direct control, data owner can not control, do not even know where data is stored, more different levels of computing tasks may run on one or more machines. Effective protection of cloud service providers to manage their own internal security and segregation of duties system, security audit, to avoid the potential risks of cloud computing environments to coexist bring more customers, security concerns have become a major cloud computing users in the environment.
- Identity Management
The level of protection, the main object of certification, mandatory access control – direct the focus of discussion in a cloud environment if impractical to solve these two problems, widely used cloud is not realistic. In order to secure the data was originally placed inside the firewall, now on the external cloud computing environment, how to use the service in a number of roles, management strategies, and effective management of multiple identities, identity identification are faced with significant security challenges. The identity of employees, customers, participants and workload of authentication, authorization and auditing cloud computing is the future direction of security.
- interoperability between different cloud (portability)
For the reality of consideration, the domestic cloud platform to build a multi-country, private cloud-based industries, especially for important national information systems and networks, due to the current cloud computing has not yet formed a unified system of standardization in the industry, or whether it is cloud platform unified cloud services are not formed, which gives the development of cloud computing industry has brought a bottleneck, various units for their own cloud services to launch their own development platform and service standards, so that the interests of the many cloud application platform and service users and long-term development can not be guaranteed, greatly hindered the suitability of the inheritance and development of cloud computing and versatile alternative and software.
Ielab Li Qiang Wei
For more articles you can follow us on: