QCon 2019: A Gathering of Tech Experts Discussing Cloud Security
On May 6-8, 2019, the QCon Global Software Development Conference took place at the Beijing International Convention Center, attracting over 100 large coffee attendees from around the world. The conference featured a diverse range of topics, including cloud security, which was a major focus of the event.
Cloud Security: A Shared Responsibility
During the conference, Tencent Anquan Yun Ding Ding Zhiqiang, head of the laboratory, moderated a panel discussion on “Cloud Security: Attack and Defense.” The panel featured industry experts, including Yao Wei, CEO of Early Morning Network Technology, Yu Feng, a senior engineer at Tencent, and White Ga, director of information security at Rokid.
Data Security in the Cloud
Yao Wei emphasized the importance of data security in the cloud, stating that it is a shared responsibility between cloud vendors and users. He noted that while cloud vendors have implemented various security measures, users must also take responsibility for their own security. Yao Wei highlighted the need for users to understand the role they play in cloud security, comparing it to owning a house or renting a shop. Just as a homeowner must take steps to secure their property, a cloud user must take steps to secure their data.
Common Security Issues in the Cloud
Yu Feng discussed the common security issues in the cloud, including unauthorized access, data downloading, and attacks on Hadoop, MongoDB, and ElasticSearch. He emphasized the need for users to be aware of these issues and take steps to prevent them. Yu Feng also introduced the concept of “Notice - Analysis - Capture,” which involves monitoring network traffic, analyzing potential threats, and capturing malicious activity.
Security Architecture for Small and Medium-Sized Internet Companies
White Ga discussed the challenges faced by small and medium-sized internet companies in building cloud security. He emphasized the need for a comprehensive security architecture that includes four key principles: overall protection, offense and defense balance, self-control, and network perimeter defense. White Ga also highlighted the importance of assuming vulnerabilities and employee unreliability in building a robust security architecture.
Traffic Analysis: A Shortcut to Business Security
Li Chang Chi, technical director at Pavilion Technology Products, discussed the importance of traffic analysis in solving business security challenges. He noted that traffic analysis can provide a shortcut to business security, but emphasized the need for a comprehensive understanding of the business and its risks. Li Chang Chi also highlighted the use of Gateway Web traffic analysis as a solution to business security challenges.
Conclusion
The QCon 2019 conference highlighted the importance of cloud security and the need for a shared responsibility between cloud vendors and users. The panel discussion and presentations emphasized the importance of data security, common security issues in the cloud, security architecture, and traffic analysis. The conference provided a platform for industry experts to share their knowledge and experiences, and to promote the construction of a secure cloud ecosystem.
Tencent Secure Cloud Ding Concern
Tencent Secure Cloud Ding Concern, a laboratory building cloud security systems, hopes to promote the construction of a secure cloud ecosystem through joint planning and research. The laboratory is working on a cloud security system that focuses on offense and defense research and security operations teams in a cloud network environment.