Research And Implementation Of The Peer-To-Peer Protection Strategy When Users Deploy And Migrate Applications Across Clouds

With the development of cloud computing,more and more users are deploying applications on the cloud platform.As a single cloud platform may have limitations in terms of computing resources,architecture support,network services,and disaster recovery,users have the need for application deployment and migration across clouds.Using multiple cloud platforms users deploy applications to promote the development of clouds convergence.This type of cloud-based joint service model is called hybrid cloud^[1].Currently,research in the hybrid cloud focuses on architecture support and computing performance.It is insufficient to consider whether the security protection between cloud platforms is equal.In terms of cloud security,cloud service providers prove the security capabilities of cloud platforms through certifications of various security standards.However,the security standards adopted by different cloud platforms are uneven,and the short board of a cloud platform's security protection capability may bring security risks to the entire system.Therefore,how to select a cloud platform with the peer to peer protection capabilities becomes a problem that needs to be solved when users deploy and migrate applications across clouds.This paper focuses on the problems existing in the deployment and migration of cross-cloud applications.It first investigates the current major security standards,regulations and frameworks in the field of cloud security,including CSA CCM^[2],FedRAMP SCP^[3],CCSM^[4],and IAF^[5],ISO27001^[6]and GB/T 31168^[7].Given CSA CCM as a recognized and leading security guideline in the industry,its control domain and security objectives cover the major areas of cloud security,establishing a peer-to-peer mapping of FedRAMP SCP,CCSM,IAF,ISO27001,GB/T 31168 and CSA CCM.Relational tables.Based on this,a peer-to-peer protection strategy was designed and implemented.This strategy uses CSA CCM as a reference for cloud platform security assessment before and after deployment and migration.Based on the peer-to-peer mapping table,the security standards passed between the two cloud platforms are evaluated.The differences as well as the user's special requirements for the CSA CCM related control domain give the peer-to-peer security assessment results for the two cloud platforms.Based on the differences in the CSA STAR certification level of cloud platforms,two assessment processes have been developed.At the same time,a peer protection strategy evaluation tool was developed,and functions such as peer protection policy related algorithms,cloud security standard library,and peer mapping relationship table were designed and implemented.Finally,using mature cloud platforms such as Alibaba Cloud^[8],AWS^[9],and Azure^[10]as examples,five application scenarios for evaluation tools and peer protection strategies were tested.The experimental results show that the tool can effectively assess the differences in security standards between the two cloud platforms,complete the user's assessment of specific control domains,and give a report on whether the cloud platform security protection is equivalent.