Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you what is the solution to the security problem of cloud computing. The article is rich in content and analyzes and describes it from a professional point of view. I hope you can get something after reading this article.

Building a security protection system supported by virtual technology

At present, virtualization has become a key technical means for cloud computing service providers to provide "on-demand services", including basic network architecture, storage resources, computer resources and application resources. Only based on this virtualization technology is it possible to provide personalized storage computing and reasonable allocation of application resources according to the needs of different users. And use the logical isolation between virtualized instances to achieve data security between different users. Security, whether as a basic network architecture or based on the concept of security as a service, needs to support virtualization in order to achieve end-to-end virtualized computing.

Building a high-performance and reliable network security integrated protection system

In order to cope with the changes in the traffic model in the cloud computing environment, the deployment of the security system needs to be adjusted in the direction of high performance. In the process of enterprise private cloud construction at this stage, the large traffic formed by the convergence of multiple high-speed links has become more common. In this case, security devices must have the ability to deal with high-density 1OG or even 1OOG interfaces. Whether it is an independent rack security device or a variety of security service engines with high-end switches in the data center, it can be reasonably configured according to the cloud scale and construction ideas of users. At the same time, considering the business sustainability of the cloud computing environment, the deployment of devices must take into account the support of high reliability, such as dual-computer devices, configuration synchronization, redundancy of power fans, link bundling aggregation, and so on. really realize the basic security protection in the case of large traffic convergence.

Deal with borderless security protection with centralized security service center

Different from the traditional security construction model, which emphasizes boundary protection, storage computing and other resources are highly integrated, so that different enterprise users can only achieve logic-based partition isolation when applying for cloud computing services, and there is no physical security boundary. In this case, it is no longer possible to aggregate traffic and deploy an independent security system based on each or each type of user. Therefore, the deployment of security services should be transferred from the original security protection based on each subsystem to the security protection based on the whole cloud computer network, and a centralized security service center should be built to adapt to this physical model of logical isolation. Cloud computing service providers or enterprise private cloud administrators can introduce the user traffic that needs security services to the centralized security service center through reasonable technical means, and then go to the original forwarding path after completing the security services. This centralized security service center can not only realize the separate configuration of user security services, but also effectively save construction investment, considering the ability to provide security services on the basis of a certain convergence ratio.

Make full use of the cloud security model to enhance the coupling between the cloud and the client

In the construction of cloud security, making full use of the super computing power of the cloud to achieve the security detection and protection of the cloud model is an important direction of the follow-up work. Compared with the traditional security protection model, the new cloud security model not only requires the massive local clients hanging on the cloud to have basic threat detection and protection functions, but also emphasizes its ability to detect unknown or suspicious security threats. Any client should send the suspicious traffic that cannot be identified locally to the cloud detection center in the background at the first time, and use the detection computing power of the cloud to quickly locate and analyze the security threat. and push the protocol characteristics of the security threat to all clients or security gateways, so that the clients and security gateways in the cloud have the ability to detect this unknown threat. The coupling between the client and the cloud is further enhanced. The security protection system based on this model will really realize the security closed loop of PDRR, which is also the essence of cloud detection mode.

The above is the solution to the cloud computing security problem shared by the editor. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.