Kingsoft Cloud's integrated cloud security system to prevent cloud service abuse

Cloud service abuse scenarios mostly refer to external DDoS attacks, as well as the dissemination of illegal information, Trojans and malware through cloud servers. It has become one of the core topics of concern in the security field, due to its prevention difficulties and its huge impact on the business. The well-known cloud security agency CSA lists 12 top cloud computing security threats, and “cloud service abuse” is among them. How to prevent cloud service abuse so as to build a more secure cloud environment, is a common problem faced by major cloud vendors.

Recently, Zhang Na, senior security manager of Kingsoft Cloud, was invited to attend the 2018 Cloud Security Annual Conference held by CSA, and delivered a keynote speech on "Cloud Service Abuse Prevention Practice" on cloud security issues. She believes that in order to prevent cloud service abuse, in addition to doing its own security precautions, it is also necessary for all major cloud vendors to join forces to share threat intelligence and suppress network attacks, thereby jointly solving cloud service abuse problems and maintaining cloud security together.

Cloud security issues cannot be ignored

At present, cloud computing has been recognized by more and more users for its convenience in resource acquisition, agility of business expansion and better data security. But the subsequent abuse of cloud services has also brought great challenges to cloud security. When it comes to preventing abuse, cloud service providers need to identify these abuses, such as identifying DDoS attacks in network traffic, providing customers with security check tools to assess the security of the cloud environment, thereby reducing abuse from the cloud server.

However, the diversity and concealment of abuse scenarios also increase the difficulty of preventing cloud service abuse. In addition to the management of cloud vendors, cloud service users also need to pay attention to the security of their own business and establish a sound security process system. For this problem, Kingsoft Cloud provides mature security products and services, as well as customized security solutions to ensure business security from both the cloud server and the customer.

In terms of security services, Kingsoft Cloud has anti-attack centers, web application firewalls, server security, vulnerability scanning, advanced security services, certificate management and other products and services, as well as rich enterprise-level service experience and years of deep research in the security field, providing full-process services such as system structure design, security mechanism construction and data storage management to build a secure and reliable cloud environment.

Four measures to prevent cloud service abuse

In response to the reality of cloud service abuse, Kingsoft Cloud provides three-dimensional security protection before, during and after the event. A professional security team provides strong technical support for this security protection, avoiding the adverse effects of users due to abuse. Specifically, risk management is mainly carried out from the following four aspects:

In terms of user agreements, constraints are imposed at the legal level. Users must not use cloud resources to conduct illegal business and conduct illegal activities.

In terms of user account risk management, strict real-name authentication and account information are used to avoid malicious account registration; multi-factor authentication and login behavior detection are used to prevent account theft; at the same time, the database protection and data interface are used for authentication to prevent account information from being leaked, thereby ensuring the security of the user account in multiple dimensions.

In terms of cloud platform security construction, an automated three-dimensional protection system is established to ensure basic security in multiple dimensions such as network, host, application, and service; on the basis of automated detection, manual penetration testing is performed periodically. In addition, Kingsoft Cloud has continuously improved its threat intelligence channels and mechanisms to ensure the security of the entire cloud platform through various protection measures.

In terms of monitoring system, Kingsoft Cloud uses different security monitoring mechanisms to complement the protection system, such as traffic monitoring, attack monitoring, content monitoring and record monitoring to cope with various cloud service abuse scenarios.

As the largest independent cloud service provider in China, Kingsoft Cloud has built a complete security process system. It has many security certifications such as ISO 9001/27001, Information System Security Protection Level 3, Trusted Cloud, and International Cloud Security Alliance C-STAR. It has been rated as one of the cloud security companies with the highest security level by IDC, an internationally renowned analyst organization. Kingsoft Cloud provides users with a full range of cloud security products covering cloud computing, intelligent pipe and terminals, as well as cloud security solutions for many vertical industries such as games, video, finance, government, manufacturing, transportation and energy. Through perfect cloud security services, Kingsoft Cloud can effectively address cloud service abuse issues and provide users with secure, stable and reliable cloud services.