The “Cloud Security” plan is the latest embodiment of information security in the network age. It integrates new technologies and concepts such as parallel processing, grid computing, and judgment of unknown virus behavior. Through the abnormal monitoring of software behavior in the network by a large number of mesh clients, the latest information about trojans and malicious programs in the Internet is obtained and transmitted to the server for automatic analysis and processing, Then distribute the virus and Trojan solution to each client.
Under the cloud computing architecture, the cloud computing network and business sharing scenarios are more complex and changeable, the security challenges are more severe, and some new security issues become more prominent, such as the safe operation of parallel businesses among multiple virtual machine tenants, the safe storage of massive data in the public cloud, etc
Compared with the internally deployed network security, security as a service has many advantages, one of which is to reduce costs. Because it has no capital expenditure, enterprises can purchase services in the form of subscriptions from each user.
In addition to cost, security as a service is easy to deploy with a little maintenance. It is scalable, and available for mobile users.
If cloud service providers fulfill their Service Level Agreements (SLA), the reliability of these cloud-based security services is enough to replace some enterprise internal security tools.
For enterprises, transferring all network security functions to the cloud is a “big leap”. Here are some good independent use cases, including:
1. Identity and Access Management (IAM)
Even with identity management services in the cloud, enterprise network administrators can still maintain sufficient control to create, manage, and delete role-based identities, deploy passwords, and use other biometric technologies.
Administrators are responsible for authorizing access to data, which can reduce the risk of digital identity attacks, and can timely notify users or managers of potential identity theft activities, just like local devices.
2. Intrusion Detection and Prevention (IDP)
For cloud intrusion prevention and detection, the service administrator can obtain the same network traffic detection, behavior analysis and automatic or manual intrusion response functions as the local system.
The cloud intrusion prevention service will allow administrators to set and manage policies to control network access.
3. Safety Information and Incident Management (SIEM)
Cloud applications are easy to be monitored and audited, and these functions are critical to SIEM. SIEM realizes its functions by recording events and security information of traditional security systems (IDP, anti-malware), management systems (Active Directory, IAM) and network systems.
Now, information collection and management can be conducted from the cloud. When transferring SIEM to the cloud, the administrator must ensure that the log information meets specific regulatory and compliance requirements, and the supplier can guarantee the performance requirements of SLA.
4. E-mail Security
Email protection devices can also be placed in the cloud. However, the administrator must ensure that the cloud service provider meets the same security requirements as the local devices of the enterprise. The security requirements of each enterprise may be different.
For example, cloud service providers must encrypt “off the shelf” emails and enforce government and industry specific compliance requirements.
