On June 24, the fourth security online seminar of the "Top Ten Trends in Industrial Internet Security in 2022" with the theme of "Guarding Cloud Native Security and Building an Enterprise Security 'Moat'" was successfully held. Co-founder of the CIO Era Under the auspices of Liu Jing, COO and Secretary-General of the New Infrastructure Innovation Research Institute, Tan Xiaosheng, founder and chairman of Beijing Cyberyingjie Technology Co., Ltd., Dong Yixi of Gaotu Group, Li Mingyu, senior engineer of the Institute of Computing Technology, Chinese Academy of Sciences, Tao Fen, director of cloud native security products at Tencent Security Yunding Lab, jointly discussed the practical path of building a cloud native security system. Subscription cloud security may lead the development of the security industry Tan Xiaosheng, founder and chairman of Beijing Cyberyingjie Technology Co., Ltd., once again visited the live broadcast room and delivered a keynote speech on "Cloud Native Security Challenges and Market Analysis". Tan Xiaosheng pointed out that currently cloud computing is in the stage of rapid rise of cloud native, strong demand for cloud network integration, prominent cloud management and optimization needs, security system innovation, and digital development has accelerated into the cloud native era. He gave a comprehensive and detailed introduction to the development status of cloud native and cloud native security. Nowadays, cloud-native related technologies are developing in a spurt, and changes in development models, deployment methods, and operating methods have also posed new challenges to cloud-native security. When introducing the latest cloud native architecture "Service Mesh", he explained: The "Sidecar" mechanism provided by "Service Mesh" is very good, including service discovery, load balancing, service degradation, call chain, fault log, monitoring, measurement, Authentication, encryption, access control, etc. can provide program measurement and security services. Therefore, how to better apply "sidecash" to help security under cloud native architecture will be of great significance. At the same time, he also explained the "Gartner Cloud Security Family Bucket" in Gartner's "Hyper Cycle for Cloud Security 2021". It covers CSPM (Cloud Security Situation Management), CSPM (Compliance Assessment, Risk Identification, Operational Monitoring, Integration, Policy Enforcement, Threat Protection, etc.), and CWPP (Cloud Load Protection Platform). Through the protection of hosts, Vulnerability exploitation protection, application whitelisting, system consistency, network segmentation, system monitoring, workload configuration, etc., the cloud implements cloud-native security protection. Regarding the opportunities and challenges faced by cloud native security in the development, Tan Xiaosheng, chairman of Beijing Cyberyingjie Technology Co., Ltd., made a prediction and analysis: "Original security product solutions can only solve some problems, and cloud native security The requirement is to understand both security and cloud-native development, which also provides more opportunities for innovation and entrepreneurship in the domestic cloud-native security track. And subscription-based cloud-native security will be rapidly spread with the development of cloud-native. This is a great benefit to the development of the cloud security industry and the development of the security industry." The six major components of cloud architecture in the security system Gaotu Group CSO Dong Yixi brought us "Gaotu Cloud Native". Safety Practice Sharing”. Dong Yixi first introduced the network security system planning of Gaotu Group. With reference to international and domestic security standards such as ISO and IEC270001, 7799, and combined with past experience and the security system construction standards of major Internet manufacturers, Gaotu formulated the The group's "ISMS four-layer security system architecture". This includes the cloud environment architecture. The entire architecture system divides the company into fine-grained parts from the outside to the inside, and then peels off the layers, and then finally implements the divisions. Among them, Dong Yixi also focused on the six major components of the second-tier cloud architecture in the security system architecture. First, the basic security of the cloud. is based on Gaotu Group's business layer using Alibaba and Tencent Cloud . In the cloud environment and the entire cloud bottom layer, the real implementation is based on the host security, HIDS, etc. provided by the two cloud vendors themselves. Second, application security at the application layer. , as an important link that invests the most energy, will prioritize protection from the attacker's perspective. Third, the security protection of the protective layer. When comes into contact with new products or considers traffic pressure, it will build a cloud security architecture at the application level. Fourth, security prevention and control at the business level. carries out business risk control and access source monitoring from a compliance perspective, and reduces business operation costs. Fifth, solve data security. In terms of cloud architecture, data security is closely related to business security and application security, and is also the core asset. By classifying and grading online data or C-end data, desensitizing them, and then conducting API monitoring from the entire data security life cycle. Sixth, account security. starts from the management requirements, manages it through fortress-level audit certification, and combines the above five parts to establish an internal security operation center. In addition, Dong Yixi also specially introduced the fourth layer of the ISMS four-layer architecture: As the final system, it needs to solve historical problems and security threat risks. Therefore, the final implementation measure is overall unified management and evaluation of target construction through an indicator system. The indicator system includes construction indicators and operation indicators. The two parameters of the construction indicators are coverage and completion rate. The two parameters of the operation indicators are response time and discovery time. The completion status is displayed through different colors. Cloud native mode protects cloud native applications Li Mingyu, a senior engineer at the Institute of Computing Technology, Chinese Academy of Sciences, shared the theme of "Architecture Innovation and Practice Based on Cloud Native". Li Mingyu first talked about the current status and technical direction of architectural innovation from "machine native" to "cloud native". Through the sharing of practical cases, it tells us about the difficulties and challenges faced by traditional development methods and application construction technologies when enterprises carry out digital transformation from to , as well as the algorithm modules, integration frameworks, deployment and implementation when cloud native helps enterprises transform. play an important role. Li Mingyu also shared with us his thoughts on native application protection: "Backup and disaster recovery are very important aspects of application protection. Cloud native application protection needs to be application-centric, fully consider the characteristics of cloud native applications, and support For granular protection of applications, refer to application models such as CNCF OAM, and support three levels: container, application and namespace. Use cloud native mode to protect cloud native applications and provide APIs to allow application developers to better indicate the protection objects. , and then implement disaster recovery through automatic means. The implementation of the protection method itself also follows the cloud native model, using declarative APIs and operators, and is combined with cloud native infrastructure." The Offensive and Defensive Ways of Cloud Native Security Finally, Tao Fen, Cloud Native Product Security Director from Tencent Security Yunding Lab, brought us "The Offensive and Defensive Ways of Tencent Cloud Native Security". Tao Fen first introduced cloud native The architecture faces many security risks as it matures, as well as the short life cycle and high density of containers, DevSecOps under cloud native, and cloud native security capabilities, which pose challenges to the enterprise's operational security capabilities. Knowledge Attack: Container in the wild attacks, Security Attack and Defense Matrix Tencent Security Yunding Lab has found in its research and monitoring of container attacks in the wild in recent years that the vast majority of companies that apply cloud native technology have experienced container security incidents. The monitoring and analysis of DockerHub black products shows that. , black products have compromised about 190 million containers on the Internet, and the types of attacks and confrontations are continuing to increase. Security issues have become an important consideration for users to implement cloud native. In the future, supply chain attacks on cloud native applications will be the most important. Security is the focus of attention, and cloud-native security attack and defense has entered the practical stage of confrontation. Know how to defend: Tencent Cloud’s cloud-native security capability architecture carries the entire Tencent Tencent Cloud container platform, which is the largest in the industry. Large-scale self-developed cloud container applications follow four major principles in the security architecture: first, native security capabilities, second, security shift left, third, full life cycle security protection, and fourth, zero trust security architecture. Tencent Cloud's container security protection system framework, according to the hierarchical approach of cloud native architecture, can implement security protection layer by layer, creating a cloud native and secure container cloud that carries Tencent's business, and can also help enterprises achieve cloud native security. Transformation. Internal Strength: Tencent Cloud Container Security Management and Operation Practice Security operations are the goal, and security capabilities are the means. When promoting container security operations internally, you can refer to the NIST network security framework and divide the security operations of containers into five parallels. The consecutive steps are: identification, protection, detection, response and recovery. In the cloud native scenario, the implementation of security operations still faces many challenges: In terms of technical threshold , those who understand security do not understand cloud native, and those who understand cloud native do not understand security. Enterprise security operations personnel need to gradually complete the cloud Native knowledge and operation and maintenance knowledge; In terms of process specifications, , the business has grown wildly, and the construction of supporting security capabilities and process specifications for safe operations cannot keep up; In terms of people and assets, , the roles are complex, design and development, security, Container PaaS platform development, operation and maintenance, security awareness is relatively weak, and asset ownership is unclear. Four key points need to be paid attention to when building enterprise cloud-native security operation capabilities: good security management and control of images; proactive security reinforcement at the container cluster level; powerful container runtime security protection; and establishment of basic container assets market emergency response. At the end of the sharing, Tao Fen shared the current practical progress of Tencent Security in cloud native security. Tencent Security, which is good at both offense and defense, has jointly established the industry's first cloud native security laboratory with Academy of Information and Communications Technology and Tsinghua University , and released the first cloud native security test platform. The basic framework of the test platform has been established. Completed, in the future, the actual exercise stage will be expanded to the actual combat exercise environment, focusing on the actual verification of cloud native technology. With the development of the digital age, the use of cloud native technology has become an inevitable trend. While enterprises enjoy the convenience brought by cloud native technology, they also face challenges brought by an increasingly complex environment.We also hope that this seminar can help enterprises clarify their development needs, find the best path to apply cloud native technology, build a cloud native security system, and achieve innovative development of enterprises. At this point, the four theme seminars of the "Top Ten Trends in Industrial Internet Security in 2022" security online seminar series have also come to a successful conclusion. In the future, CIO Times will also jointly organize a series of seminars on other themes with Tencent Security to contribute its own small efforts to assist enterprises in digital transformation.
In view of the agility, scalability and other advantages brought by cloud native, more and more enterprises are transforming their IT to cloud native methods. Technology updates are particularly important. Cloud native technology systems are becoming increasingly larger and more complex. Complex, cloud-native applications will also face technical capabilities challenges in innovation. Faced with the problem of uneven cloud native technical capabilities among enterprises, Li Mingyu described how to summarize and accumulate best practices through the "cloud native application design model" to help enterprises better implement cloud native applications.
