One of the great advantages of cloud storage is its elasticity, which is more accurate than the security of the original cloud storage. Businesses chose cloud computing is not only for "security" as a way to do so, but also for its convenience, cost-effective, and resilient enough.
Cloud storage in the era of Big data: In the era of big data, resources and data that were previously limited to private networks are connected to the network, and these resources and data are put on the public network shared by public cloud service providers. Through cloud storage mode, on the one hand, these data create infinite value, on the other hand, they are becoming the "target" of super hackers, network illegal organisations and APT attacks. The recent virus blackmail incident is to give us a wake-up call! Once a cloud computing platform leaks users' data privacy, or a large amount of data is lost due to device failure in the process of cloud storage, or data is tampered with arbitrarily by other users in the process of transmission, the adverse effects caused by such consequences are inestimable.
Data security has become an increasingly important issue that can not be ignored, and the cloud storage field must also face up to this problem! So, how does cloud computing technology ensure data security?
- The relativity of security: there is no absolute security, security is always relative! According to the current situation, based on good, stable and secure software technology, hardware technology, equipment room facilities environment and other factors, cloud storage is much safer than local storage.
- Three dimensions of data: availability, integrity, and privacy Data availability:
Data availability is a factor that prevents data from being unusable due to hacker attacks and physical device failures. If we are concerned about the loss of important data due to computer viruses, power failures, etc., we often take precautions by backing up our data. In cloud computing, the common measures to ensure data availability are similar to this, which is called redundancy backup, a means to improve system reliability by using the parallel model of the system.
Data integrity: During data transmission and storage, data integrity ensures that data cannot be tampered with by unauthorised users or can be quickly discovered by the system after tampering. Digital signature is a common method to ensure data integrity. Digital signatures ensure data transmission in the cloud, ensuring that data is not modified or changed during transmission, and identifying the sender and receiver of data transmission.
Data privacy: Data privacy is another very important dimension, refers to the protection of users' personal data and information in every link of mass data transmission, storage and processing. Cloud computing applications mainly protect data privacy through three methods: authentication based on shared key, biological characteristics and encryption algorithm based on public key. In addition, object de-identification at the data level, vulnerability protection, VIRTUAL machine scanning, data isolation, and hybrid cloud technologies are also often used to ensure data privacy and security.
- Key update frequency & Classification of privacy protection level: There are many different types of data in the storage system of cloud computing platform: documents, videos, pictures, emails and so on. In order to protect the privacy of users, a relatively complex encryption algorithm is added to it. Of course, the reality can not be ignored, which will consume a large number of resources of the cloud platform, thus greatly reducing the efficiency of the whole cloud platform, and naturally increasing the cost. However, if simple encryption algorithms are used for data, data may be leaked during storage or processing on the cloud platform. Each type of data is different in terms of security and importance to the user because the information involved in the data is different in terms of importance. If you want to set up a data security walkthrough for the cloud platform, you need to link the privacy level of the data to the privacy level of the user. The above data can be classified according to the importance degree, which can be based on the importance degree of data and the sensitivity degree of data. As cloud service providers can depending on the degree of data privacy for the users to set the appropriate level of privacy, the privacy of data can be divided into three levels:
Level 1: do not include in this level of data privacy sensitive user data, the level of data can be used in a relatively simple encryption algorithm, makes the system resource is not wasted too much.
Level 2: Some of the data at this level is sensitive to users, so use encryption algorithms that match this level for these data areas.
Level 3: there is a large number of user privacy data in this level of data, so it is necessary to take a more complex encryption algorithm to ensure the security of the data is summarised in a word: for different needs of customers to take different data encryption algorithm to protect the data!
- Build a closed-loop network for cloud data protection: Data generation - data migration - data using the data sharing - data storage - destroy
Data generated - ownership problem
For enterprise and the customer privacy data, the enterprise must to understand their own what data is learned by cloud providers, and as the customer want to take some measures to avoid cloud computing flat Taiwanese businessmen to obtain its own sensitive data.
Data migration - take complex encryption algorithm, to guarantee the data security and privacy
In the process of data migration should take more complex effective encryption algorithm, to prevent access to the data by other customers, also ensure data integrity in the transmission process should take certain checking devices to protect the integrity of data, Make the data in the process of migration data loss will not happen.
Data using - static data security
Data sharing - need to be careful
In the process of data sharing, if with a third party to realise data sharing, the data owner should take certain measures to limit the third party without restriction for the transmission of data for customer share part of the data, In addition to data authorisation in a certain way, it is also necessary to study the way of data sharing and consider how to prevent users' sensitive data from being shared in the process of data sharing.
Data storage - Simple storage service & Complex storage
Data is stored in the cloud platform. Data integrity, security, and availability must be considered. The most common way to solve these problems is to encrypt data. In order to achieve the desired effect of data encryption, the reliability of the algorithm should be verified in detail. With the increasing amount of data transmitted, stored and processed by cloud computing platforms, data transmission speed and data transmission efficiency should be taken into account in the process of data encryption. Generally, cloud symmetric encryption algorithms are adopted in cloud computing platforms to encrypt data on cloud platforms. In order to ensure the integrity of data, relevant data should be checked in the process of data transmission, and sufficient attention should be paid to the use and migration of local data.
Data destruction - Also need to be noted
In general, the computer deletes data without actually deleting it from the computer's hard disk, just the corresponding index of the file. In addition, the same is true for disk formatting. Disk formatting only creates a new index for the operating system and marks the disk sector as unused. Once the data is deleted in this way, the data on the disk can be recovered by using certain data recovery methods. For sensitive or even secret data of enterprises, cloud computing providers can consider erasure of data on disk, or use certain data destruction algorithms or even physical destruction to protect users' data security and privacy.
Author: Event horizon cloud