Source: Laohu Technology said
The development of cloud computing is as fast as wind and as violent as fire. Under the empowerment of business, going to the "cloud" has become the general trend! Especially in the context of the epidemic that has lasted for nearly three years, the cloud market demand continues to break out. For capital parties, business owners, customers, users, etc., cloud is becoming the most concerned technology field for all parties. In 2022, operators, independent cloud vendors, and foreign cloud vendors will appear one after another, and many companies will "roll" to the cloud.
Overall, the entire cloud computing empowers business, while security empowers cloud computing. After all, cloud security compliance is the cornerstone of doing business .
It is understood that over the years, as the number one player in global cloud computing, Amazon Cloud Technology has continued to invest in the field of cloud security. While ensuring the security of the cloud itself, Amazon Cloud Technology also provides 280+ security and compliance services and functions for users to use. , users can use these to improve their own security level and improve the efficiency of compliance.
In fact, cloud security should be like water and air, and its value cannot be simply measured by money. Only by providing users with high-quality water and air, creating a healthy environment, and allowing customers to better use cloud computing to create more value, is the greatest value of cloud security.
This is in harmony with the cloud security strategy of Amazon Cloud Technology. It has accumulated many methodologies and practical experience in the field of cloud security, which is worth studying.
The importance and practice of cloud security
"Gartner China Cloud Infrastructure and Platform Services Market Guide" predicts that by 2024, nearly 40% of China's end-user spending on system infrastructure and infrastructure software will shift to "cloud services". The cloud has great potential; the cloud is the general trend. But is it safe to go to the cloud? This is the most critical issue in the current cloud service industry.
After all, before, during, and after going to the cloud, the whole chain must consider the card of "safety". For example, before going to the cloud, it is necessary to ensure the security of the cloud platform itself; when going to the cloud, it is necessary to ensure the security of the data migration process; after going to the cloud, it is necessary to comprehensively consider the security construction in the cloud, and how to use cloud-native services to improve security performance and improve compliance efficiency.
In a word, security can only scratch the deepest part of the cloud computing industry, and its importance is self-evident. Nowadays, the so-called modularization, standardization, prefabrication, customization, intelligence, etc. of various cloud computing are inseparable from "security". Safety is 1, everything else is followed by 0.
Today, more and more organizations recognize that building a cloud security strategy is an ongoing effort. In recent years, the domestic cloud security market has continued to maintain rapid growth. The report "2021-2022 Cloud Security Market Status and Trends" released by CCW Research, an authoritative ICT research and consulting agency, shows that the cloud security market size in 2021 will exceed 10 billion for the first time. Yuan mark. In the field of cloud security, Amazon Cloud Technology has invested a lot of energy and accumulated rich experience.
At present, millions of users around the world have put their data and services on the Amazon cloud, many of which are heavily regulated industries such as finance and telecommunications. For example, Nasdaq, the world's largest stock exchange, will migrate all its business to Amazon cloud technology in stages, and NTT docomo, Japan's largest telecom operator, will migrate PB-level data warehouses to the cloud.
Shared responsibility and four dimensions of cloud security
The core question is, how does Amazon cloud technology do in terms of security?
At the specific practical level, Amazon Cloud Technology has established a "Security Responsibility Shared Model", which sets the basic principles for the construction of cloud security. "Share" is the key word.
Amazon Cloud Technology is responsible for the security of the cloud itself, and customers are responsible for the security of their own business in the cloud. Moreover, Amazon Cloud Technology will provide multi-level security protection services to help improve the security protection in the customer's cloud.
In this way, customers can take advantage of the infrastructure and services provided by Amazon Cloud Technology to improve security and compliance across the board. For example, through Amazon Cloud Technology, customers gain the control and confidence they need to safely conduct business using the most flexible and secure cloud computing environment available today. In addition, customers can benefit from the ability to protect information, identities, applications and devices of the Amazon cloud technology data center and network, enhance core security capabilities such as data locality, protection and confidentiality.
It can be said that this "shared responsibility for security model" greatly reduces the complexity and cost of managing and operating the underlying infrastructure for customers, while providing customers with the flexibility and control they need for deployment.
It is worth noting that, as the premise and core link of the shared security responsibility model, it is how Amazon Cloud Technology implements the security of the cloud itself. After all, the security of the cloud itself is the foundation of trust, the precondition for enterprises to decide to migrate to the cloud, and the cornerstone for enterprises to build applications on the cloud. Specifically, there are four main aspects:
First, the core infrastructure. Amazon Cloud Technologies provides scalable, highly reliable infrastructure that enables customers to deploy applications and data quickly and securely. Given the unique needs of the cloud, redundant and layered controls, continuous validation and testing, and extensive use of automation ensure that the underlying infrastructure is monitored and protected 24/7. Know that Amazon Cloud's data centers and network architectures are built to the highest security standards. All customers, regardless of size, get consistent cloud-based security without the huge CAPEX and OPEX of traditional data centers.
Second, security is more than just security services. The security team at Amazon Cloud Technologies has been deeply involved in the development of new services and new features from the beginning, and new services will not be launched if there are any known security issues. Amazon advocates automation and risk reduction through deeply integrated services. Amazon Cloud has a complete set of API management and security tools that automate security tasks and reduce manual configuration errors. For example, WAF log analysis is very important in security management. Users can directly push WAF logs to our OpenSearch analysis service through Amazon Kinesis Data Firehose for analysis to get more accurate results.
Third, adhere to the concept of customer ownership and control of data. Amazon Cloud Technologies does not touch customer data. Customers always own their data and are able to act autonomously on that data. Moreover, this data encryption is everywhere, all data flows are automatically encrypted at the physical layer before leaving the security facility, all VPC cross-region traffic is also encrypted, and there are TLS connections between services.
Fourth, Amazon Cloud Technology has been recognized by many clouds for their own security compliance, meeting the compliance requirements of all regulatory agencies around the world. As evidenced by the data, Amazon Cloud Technology has obtained 98 globally recognized security standards and compliance certifications. Includes ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, and more. These are undoubtedly evidence of the security strength of Amazon's cloud technology.
The new stage of privacy protection, the challenges in the new regulatory environment
It is worth mentioning that in the entire domestic cloud security field, privacy protection and compliance are the most important aspects of the segmentation level, and they are also the focus of attention this year.
Just in August this year, according to media reports, tens of millions of Shanghai Suishen Code data were leaked and sold. This inevitably makes people feel cold down the back.
On July 21, 2022, the Cyberspace Administration of China imposed a fine of RMB 8.026 billion on Didi Chuxing. This is the largest fine issued by Chinese regulators in the field of network and data security. In the latest Commerce Department's list of restrictions and prohibited technology exports, there are restrictions specifically targeting TikTok's acquisition.
It can be seen that the country has gradually begun to pay attention to data and data-derived algorithm learning, which means that the regulatory environment has become stricter, privacy protection has become a key focus area of the country, and data privacy protection in the cloud era has begun to enter a new inflection point. . This is the same challenge that all customers will face.
How to break through the situation, the transformation is urgent, and now enterprises have shown more and more layers on the cloud. Gartner predicts that by 2024, leveraging cloud infrastructure and programmability, improving the security protection of workloads on the cloud will demonstrate better compliance and reduce security incidents by at least 60% than traditional data centers.
The road to cloud security is long and difficult, and it requires hard power competition on the way forward, which is difficult to achieve overnight. Innovation is the driving force behind the development of Amazon cloud technology in China. It is unclear who will die in front of Cloud Security, but only those who seek change and innovators have the most hope.
Click the link to sign up for the 2022 Amazon Cloud Technology China Summit https://summit.awsevents.cn/2022/signin
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。