The Information Security Conference: The theme of this conference was “New Opportunities for Information Security-Big Data, BYOD, SDN, Cloud Security”. Tech guys from the Information Security Business department of different companies introduced the security solutions for the computing environment of Cloud Data Center at the conference .
It should be said that in the cloud computing environment, security issues may be more complicated than the original environment. We said that the introduction of cloud computing, cloud computing puts more applications and more data on the back end, and puts computing resources and storage resources , Network resources are shared as a service. Under this circumstance, many traditional security problems, such as identity security, network fraud, and network attacks, have not decreased. In this case, many new security problems have emerged.
In the cloud computing data center, the business scale is getting larger and larger, because we concentrate everything in the background, and the application model here is also very complicated. The original data center may only have a hundred machines, but it is concentrated in the cloud computing data center.
- Working Safely from Home – Online Security Measures in this Pandemic
- Importance of Web App Security over the Increasing Web Application Attacks
- Hybrid Cloud Security Puzzle: Integrated Solutions for Cloud Computing
- Make Sure Your Security Policies Survive the Transition to the Cloud
- Best Methods to Improve Information Security in Companies
After that, there may be tens of thousands of machines and different users, users who are completely out of your control. The users don’t know where their things are placed, and the administrator doesn’t know what the users put here. Especially in the current environment in developing countries, most of our data and applications are hardware and software running in foreign countries.
This situation is very common. Let us say a more vivid metaphor, that is, your data and applications Like we raise them in the courtyard of others, in fact, the operating system and database cannot be guaranteed to be autonomous and controllable. This security problem is very serious.
The traditional challenge here is the security, efficiency and reliability of external access. Cloud computing data center is a kind of service. We have requirements for the service. One of the key points is our traditional reliability. In fact, broadly speaking, the availability and reliability of this service are part of the day.
Here, how do I ensure that the cloud computing data center can continue to provide services, and the service is stable and reliable, I promise you, for example, a virtual machine you apply for in the cloud computing data center requires 2 CPUs and 10G memory , But it is the cloud computing data center that continues to ensure this supply. How to ensure the balanced distribution of resources in the data center is a factor in ensuring service reliability.
Secondly, the operation and maintenance control and security of the entire system. I just mentioned that cloud computing data centers will become more and more complex. Traditional systems have their own certification and management. For general administrators, the entire data center will slowly The manageability is getting worse and worse.
It is a headache to face these equipment and assets every day. How can we effectively improve the efficiency of system operation and maintenance and ensure that all users here can be managed uniformly? Can assets be managed uniformly? Everyone knows this number. 70% of the risks come from internal sources, which are very important for internal personnel and management control.
Thirdly, the centralized management of security. We just mentioned that in this mode of cloud computing, many traditional security threats still exist. In this case, many traditional security devices still need to be used, but in a huge cloud computing data. You may need to use a lot of things in the center, but you still need firewalls, identity detection and other equipment, plus so many equipment.
So many virtual machines and so many databases running on the equipment, how to quickly when the system fails. Orientation, or that there may be some security incidents here, such as security attack incidents, where the attack point is, and where to start, this kind of centralized management is also a big challenge to the entire management system.
- Six Possible Means Businesses Can Profit from Artificial Intelligence
- Oracle’s Recent Cloud Predictions for Next Year | Top 10 Forecast
- Microsoft Azure AI in Artificial Intelligence Platform
The core challenge here is our virtual machine. We know that the system always runs on the host. In traditional security solutions, whether it is the hardware, network layer, or traditional servers and hosts. In fact, the defense is that I solve this problem at the physical machine level. Many colleagues have already talked about how to solve it in the virtual machine situation, such as the virtualization of firewalls, the virtualization of various network security tools, and the virtual machine and virtual machine.
How to isolate the computer, there is another important point here, that is, my multiple applications run on a physical computer, how to ensure the true isolation between the application and the application, this is also the application of the cloud computing data center Very worried. In theory, why these virtual machines also share the memory of a physical machine and the hard disk of a physical machine. Can this space be really isolated?
The existing operating system security issues; it should be said that the domestic security operating system has been used for many years, but a very real problem foreign operating systems are still very high. Most people still use windows, most of them are still With IBM, HP, Solaris, which security problems can be solved. Most of the commercial operating systems can only meet the second-level requirements, automatic access control, how to add to our system has three-level, four-level. This is also a big challenge we face in this era.
Here are some requirements. Our commercial operating systems often only reach this level, and it is difficult to raise them so high. In many of our key business areas, we need it to have better security protection.
Summary: In the era of cloud computing, the culture of security is not less than before, but with the accumulation of our applications and resources, security problems may be more than before. Many traditional security methods may still be used here, but a key we want to talk about here is how our cloud computing data center can protect it from access to applications, to all our operations, to the core host can be kept safe. Here we propose our own cloud computing data center security solutions.
From the perspective of this concept, it is relatively simple. Everyone knows how to do security. Regardless of whether it is a computing environment, a network environment, or any environment, all the access we do here must be done by authorized personnel , and authorized personnel must ensure Access is free. People who are not authorized must ensure that they cannot access it. Simply speaking, can they be allowed to come in and do what they come in can be truly safe, reliable and traceable.
On the whole, the security of the entire data center includes the following parts. I just mentioned that the boundary of the data center may rely on traditional means after entering the data center:
It is access security. Access security is to ensure that each of our applications can be accessed safely and efficiently. As mentioned earlier, * is to ensure that the people who can access are authorized and not illegally attacked.
Second, all accesses enter the back-end system from the access layer. We require that every back-end host can be protected by security. This security protection is in the host itself. The operating system is reinforced to reach a level of three or more protection.
Operating system control and memory protection in a virtual environment can be used in the virtual environment. I just mentioned that host protection is for each model, and the database still needs to be managed by humans. Every human behavior, operation of the database, and an application must be controlled by our centralized management platform.
Read This Articles
- Industrial Development of Cloud Computing in Education
- Building a Super Computing Cloud Platform and its Applications
Later, our overall monitoring and management can quickly locate some safety issues that may occur in the entire data center, and quickly find some failure points and where some safety points are.
The first is access security. We know that all applications in the cloud computing data center must also be accessed through the network. Of course, there can be encryption and firewalls at the network level. But before we get to the host, we still have to perform some security on the application. Guarantee, first of all is load balancing.
We talk about the quality of service in cloud computing. If you do not have a good quality of service guarantee, this cloud computing data center will basically fail. Here we use front-end equipment All the requests can be evenly distributed to the background. When the front-end needs to apply for resources, we allocate enough resources from the cloud computing data center to the front-end applications for use.
In this case, you may say that this is not a simple load balancer. The traditional load balancer is mainly for network requests. For example, there are 10 machines in the background, and a dynamic request is moved to 10 machines. For example, there are now three applications and three virtual machines running on the backend server. The amount of three virtual machines is very large.
At this time, you need to find another server to migrate the virtual machines. Because we know that it is actually difficult to dynamically scale a virtual machine. At this time, we need to migrate resources and add more resources to respond to the front-end request. At this time, we need to interact with the background cloud computing environment at this time to call The new interface creates new resources, which are efficiently allocated in the cloud computing data center.