Today, if all walks of life want to explore the attraction of technology to industrial value, an undoubted choice is to go to the cloud.

For most public cloud users, the benefits of migrating business to the cloud are obvious. On the one hand, cloud computing provides a network solution that saves costs and speeds up certain processes, making it easier for enterprises to manage and store information; At the same time, the use of cloud to transplant AI's various capabilities to the industry has also given energy and new imagination space to many traditional fields.

However, the opening of infrastructure reform also means that the internal and external environment faced by enterprises is facing unprecedented challenges. In the past year, dozens of large-scale downtime events have occurred in the world's mainstream cloud service manufacturers, and individual manufacturers have even been "recruited" many times, behind which thousands of cloud enterprises or projects lost business, or even died prematurely.

Obviously, it is not easy for public cloud manufacturers to build new industrial efficiency barriers based on cloud computing, and then do a good job in this era of big business. In our opinion, we need to answer at least two questions: First, how to reduce the security risks of public clouds? The other is how to make enterprises understand cloud security again in the process of going deep into the industry?

In the past year or two, even the most widely used cloud service providers, from AWS, Microsoft Azure to Google Cloud and Alibaba Cloud, have failed to achieve 100% reliability. The security risks of cloud services have also been pushed to the forefront by sudden downtime events.

Although cloud service providers have made some compensation for customers who caused network failures and data losses afterwards, industry insiders and onlookers are obviously more concerned about the cloud security issues reflected behind the downtime, and have lingering fears. Is it time for the security mechanism and technology of cloud services to reach the inflection point of "being transformed"?

We know that the integration of cloud computing and industry has two meanings: one is to provide more powerful and cost controllable network support to all walks of life through shared cloud servers; The second is to provide huge computing power and intelligent technology for massive IoT devices, triggering the integration of edge intelligence and social production.

Cloud, namely productivity, a promising market, also brings new problems.

First of all, as more and more enterprises deploy business systems and sensitive data on the cloud, once the cloud server, as the support of the basic network, goes down, it will directly paralyze mobile applications such as games, e-commerce, streaming media, etc., like a power outage. In addition to affecting user experience and growth, it may even lead to life and death business losses.

If the former reflects the upgrading needs of traditional security technologies, then the interconnection between devices in the Internet of Things era shows us the standard line for cloud service providers to break through in the future.

From the frequent attacks of extortion viruses on terminal devices such as hospitals and banks to the rapid development of edge intelligence such as smart homes, the Internet of Vehicles, and the Internet of Industrial Things, it also reflects the complex network environment and data connectivity faced after access to cloud services. Once it goes down, vulnerabilities can easily be "shared" and then "taken away by hackers". Resisting attacks on the Internet of Things has also become the basic requirement and trust coordinate for users on the technical strength of cloud manufacturers.

It is not difficult to find that behind the frequent downtime events, social organizations are actually hesitating about the deployment of cloud services, as well as the necessary security level for cloud computing to enter complex industrial applications.

"Skyladder" for cloud safety

A security attack and defense war between cloud giants is just starting. At this moment, we will find that cloud computing technology itself wants to meet the needs of social applications, and its safe "sink" has both inherent weaknesses and new bottlenecks in the fight against malicious methods.

For example, the sharing of cloud services, to some extent, is the inherent hidden danger of cloud computing.

We know that public cloud service providers often realize large-scale services by sharing technical facilities, platforms or application levels, which requires deploying a large number of hardware and a variety of virtualization management components, such as virtual machine monitors, network policy controllers, storage controllers, etc., to achieve the need for multi tenant hardware sharing and isolation of business and data.

However, such a data center with large user scale and strong data diversification is more likely to be attacked. According to the 2018 Internet Network Security Report released by the National Internet Emergency Center, the cloud platform has become the hardest hit area for network attacks. In the number of network security events of all types, the number of DDoS attacks on the cloud platform, the number of websites implanted in the back door, and the number of websites tampered with account for more than 50%.

In such an environment, once some software vulnerabilities are maliciously exploited, attackers can easily and quickly cover all similar instances, and other tenants will naturally "share" security threats together while enjoying the "as a service" convenience.

Since the use of a single cloud makes people nervous, can we avoid "fire and camp" by putting eggs (sensitive data) in different baskets (clouds)?

At present, more and more enterprises begin to choose "multi cloud" deployment, and select multiple cloud service providers as the primary backup plan for each other. Some will rent multiple cloud services or self built machine rooms to let private clouds or proprietary clouds carry key services and data.

The "hybrid cloud" solution not only improves business security, but also means that the cost and technical complexity of enterprises will increase exponentially. Different resource management, different underlying architectures, and different security tools mean that enterprises need more security products and operation and maintenance personnel. Once the internal security management lacks the perspective of macro control over the entire IT system, it is difficult to achieve uniformity in data encryption and policies, so that unsafe APIs, chaotic key identity management and other issues can take advantage of the situation.

In fact, the average time from discovery to utilization is decreasing every year. As Gartner predicted in its survey report, "95% of cloud security failures are actually the fault of customers (wrong operations)."

Here we have to mention another "short board" of cloud security. For the network deployed in the cloud system, ensuring the security of enterprise content stored in the cloud platform is considered to be the responsibility of the cloud service provider. However, it is far from enough to rely solely on cloud service providers. Users' corresponding security awareness, application ability and control ability may not be able to follow up in a timely manner, which will further exacerbate security risks.

In this regard, security software provider XYPRO Technology said, "When enterprises migrate their applications to the cloud, it does not mean that the responsibility for network security can be transferred to cloud computing providers." In other words, before a new security mechanism is reached, loopholes and security risks will grow with the explosion of cloud services, Let cloud service providers work hard to fill the gaps.

In a word, new attack methods, chaotic identity management, advanced persistent threats, malicious SaaS applications, sharing technology problems, etc. are all the weak points of cloud security "sink". How to find the loopholes hidden in unexpected corners as efficiently as possible is a prerequisite challenge for cloud service providers to seize the market and establish advantages.

Of course, problems also mean opportunities. We all know that AI's powerful computing power and logical reasoning are constantly combined with the industry to create more economic value than we can imagine. Can the intelligent revolution also play a role in security practice?

Obviously, cloud service providers that continuously output AI capabilities in batches to the industrial end are also launching a "flag race" around AI in the security campaign to address the concerns of various industries and the landing needs of different enterprises for cloud computing.

For example, Google Cloud, which focuses on AI capabilities, quickly encroaches on AWS's market share overseas; Huawei Cloud, Baidu Smart Cloud and Alibaba Cloud Smart, which we are familiar with in China, regard intelligent defense as the core capability in cloud solutions.

In general, the technical characteristics of AI are being fully invoked by cloud service providers in the security process, and collectively push cloud security to a native and intelligent level:

The first is the processing capacity of large-scale data. We know that the cloud needs to deploy a variety of security devices and software, involving massive security data and repeated alarms. Relying on operation and maintenance personnel to manually extract effective information from massive data is obviously unrealistic in the cloud era, and AI is just the optimal solution to deal with large-scale data.

For example, AI can quickly clean, merge and correlate multi-source data for large-scale, real-time network security threat data, so that operation and maintenance personnel can efficiently master the latest security events, major vulnerabilities and other information, and achieve an accuracy rate that cannot be achieved manually in risk mining and emergency response, To identify known advanced threats and some unknown new attacks.

The second is the ability of reasoning and decision-making. For large enterprises and public networks, vulnerability oriented attacks, such as Internet of Things attacks, extortion virus hijacking, etc., often need to take the initiative to predict in advance. This is impossible for traditional firewalls to achieve, and it also pushes AI capabilities and cloud computing to the combination point of active defense.

For example, in user behavior analysis, AI is introduced to analyze multi-dimensional data such as IP, fingerprint, and historical behavior, accurately portray user profiles, mine risk points, and establish an anomaly detection model to perceive abnormal behavior and give early warning, so as to effectively avoid internal and external threats.

In addition, AI can also use deep learning technology to simulate automated attacks to provide automated monitoring and repair of security problems. For example, Microsoft Azure has built a set of chips, cloud and operating system as a whole cloud computing security operation chain.

In addition to improving quality and efficiency through intelligent automation at the external attack end, AI's optimization of internal security management in the enterprise also further improves the security level of cloud computing.

Typical intelligent security products, such as situation awareness platform. AI can acquire, understand and predict the security elements that can cause changes in the cloud environment situation, and effectively manage and process the dynamic changes of cloud assets such as virtual machines. At the same time, using AI's elastic identification, the cloud platform can prioritize vulnerabilities, use NLP technology and network context to analyze the exposure of enterprise security, assess the impact on business, and give priority to repairing the vulnerability with the greatest risk.

In addition, the intelligent management of internal secret keys also makes enterprise security controllable, transparent and compliant. AI can grant different permissions to different people in a dynamic environment, realize the refined management of cloud systems, enable anyone to correctly access the corresponding resources at any time and anywhere, and uniformly manage the internal border security.