In 2018, the upstream server industry gross margin fell to 11.2%, the industry profit margins are compressed, cloud service vendors began to focus on public cloud security, traditional network security companies are focusing on private cloud security, according to foresight industry research institute, according to data by 2019, cloud security become one of the new listed company investment direction key,
one, the core competence of cloud security
Enterprise can through the clouds, using security advantages of cloud vendors, to help build a more secure IT system, tencent cloud, director of security products, tencent security cloud tripod senior laboratory safety engineer Fooying believes that the core competence of cloud vendors on the cloud security mainly reflected in three aspects:
First, enough safety and compliance of cloud and cloud products, bring the native enterprise IT system security and compliance, in the past, companies in the IT related systems increase related services, means that may bring new security risks, namely the new service may be due to the existence of security vulnerabilities lead to problems such as enterprise IT system introduces security holes, so that enterprises need accordingly through safety human to go to the risk of convergence, and the safety of using native cloud facilities and services, companies don't have too much energy to focus on these basis the default security services and products, IT also raised the enterprise IT system security,
Second, to provide a more flexible, more unified, more native security features and products, enterprises can use these security features, security products to build its own security system, in the past, the traditional security system often face their operations, complete packing problem, namely different security system may not be able to implement the data exchange, strategy, unified control and other issues, and the cloud of native security products and systems are more unified, more standardized,
Third, the safety of the value-added service and ability, the interior of the cloud platform security team establish security intelligence monitoring mechanism, etc.,
2, know cloud security architecture
1. The infrastructure security
VPC network isolation scheme design, based on the private network application firewall WAF, security group (cloud server network access control), the secure link connections (such as VPN and special line, etc.),
2. The identity and access controlAccess management system, multifactor authentication, etc.,
3. The DDoS protection
Cloud parsing (DDoS prevention DNS), DDoS protection, safe CDN, high anti IP, etc.,
4. Data encryption
Block storage and object storage encryption, key management system, database middleware secure connection, etc.,
5. Log and monitoring
Network flow log, cloud audit services, logging services, cloud monitoring, etc.,
3, enterprise internal factors are the fundamental factors that affect cloud security
As part of the cloud services, cloud providers start to provide more robust security measures, but in the end is responsible for protecting the cloud of the workload is the users themselves, "cloud security report" in 2020, 66% of the enterprise on its own cloud security situation have no confidence, think is the most outstanding enterprise cloud security challenge is the data leakage, followed by data privacy,
enterprise most concern about cloud security
Pain points, and the operational security enterprise think lack of qualified safety personnel is on one of the biggest problems after cloud, followed by compliance issues,
operational security (
Enterprise on the cloud, the cloud platform is a relatively safe, because behind not only security experts, professional security infrastructure, and perfect security mechanism, more secure the safety of the products and services and more timely response, such as
Instead, the intrinsic factors of enterprises often become unsafe key points, for example, the enterprise staff safety awareness is not high, gaiden operating dangerous information, the unreasonable service configuration, the incorrect operations management, security incident response not in time, etc., this could cause a cloud resource directly controlled by a hacker or even destroyed,
4, how to avoid and reduce the risk of cloud?
Risk: information
Measures: enterprise employees on cloud security training or certification, network security professionals believe that 59% of the employees will benefit from measures,
Risk: cloud services misallocation
Measures: using cloud services provide security features for security and configuration, data leakage can be avoided,
Risk: improper operations
Measures: build services require access restrictions, to avoid the host and related services set up weak passwords, etc.,
Risk: common component and system vulnerabilities
Measures: needs to be updated timely repair and patches, otherwise will be hackers use,
Risk: DDoS attacks
Measures: delete unused services on cloud server, close unused port,
CodePudding user response:
"Cloud services that something" VX, dry goods