Introduction: Recently, the 2024 BCS Beijing Cybersecurity Conference-Cloud Native Security Forum was held in Beijing. The forum was themed “Native Fusion Security on the Go” and discussed security practices and construction ideas in the cloud native environment.
Recently, the 2024 BCS Beijing Cybersecurity Conference-Cloud Native Security Forum was held in Beijing. With the theme of “Native Fusion Security on the Go”, the forum jointly discussed security practices and construction ideas in cloud native environments, used new technologies to solve new security problems, and safeguarded the healthy development of the cloud native industry under the wave of digital economy.
As enterprises accelerate their cloud migration and cloud use, cloud native technology is rapidly gaining popularity. With its advantages of agility, high availability, and elastic scalability, cloud native has become the preferred cloud computing technology for current IT infrastructure and an important force in promoting the development of AI and new productivity. However, with the rapid development of cloud native business, many security issues have arisen. For example, the arrival of cloud native has made security observability more difficult; side-mounted security tools are independent of each other and lack unified management and collaboration capabilities, which has brought huge challenges to security operations. In response to these new security issues arising from cloud native environments, the guests at the conference expressed their views.
“We need to build a native, platform-based, and intelligent cloud-native security protection system, including: deep integration of cloud-native and security, integrated protection throughout the entire life cycle, AI-enabled automation, and improved cloud-native security operations.” Du Lan, senior business manager of the Cloud Computing Institute of the China Academy of Information and Communications Technology, said that domestic cloud-native security has entered a period of rapid development, and building a cloud-native security protection system is currently a hot topic in the market.
Du Lan, Senior Business Manager of Cloud Computing Institute, China Academy of Information and Communications Technology
“China Unicom Cloud's native security products and security capabilities are born in the cloud, grow in the cloud, and are used in the cloud. They are deeply integrated with China Unicom Cloud and become a PaaS-based capability provided to the outside world.” Zhou Kai, CTO of China Unicom Digital Security Division, said that China Unicom Cloud is promoting the unified orchestration of cloud security capabilities, the nativeization of cloud security products, and the nativeization of cloud security operations to provide customers with better cloud-native security products and truly systematic and refined security operation services.
Zhou Kai, CTO of China Unicom Digital Security Division
“We believe that cloud security is an onion-shaped defense. We hope that customers will establish multi-layered defenses so that hackers will pay a heavy price for each layer they advance. When the price is no longer bearable for the attacker, further attacks will stop.” Zhu Zhiqiang, a senior security expert at Amazon Web Services, said that customers need to have multiple levels of protection, increase the cost of attacks, and minimize the harm caused by hacker attacks.
Zhu Zhiqiang, senior security expert at Amazon Web Services
“The current supply chain security issues, as well as vulnerabilities, backdoors, etc. that can provide attackers with initial intrusion entries are of great concern. These problems will further lead to container escapes or other isolation problems, and ultimately threaten the security of other clusters.” Ren Yilin, an expert in terminal security attack and defense research at Volcano Engine, said that cloud-native security needs to be shifted left, and the presence of attackers can be detected at the application layer entry. Currently, RASP is an effective means to protect the runtime security of cloud-native applications. In the future, it will further strengthen the detection of adversarial techniques and strengthen the linkage of detection and analysis on the same cluster side, so as to achieve better defense effects.
Ren Yilin, an expert in terminal security attack and defense research at Volcano Engine
“The cloud-native asset topology is highly complex. Due to the elasticity requirements of scaling and business deployment, we may have weak underlying management of assets. Under cloud-native conditions, containers and virtualization have made us increasingly lack control over the underlying layers, and this lack has led to a weakening of observability,” said Wang Qiang from the University of the Chinese Academy of Sciences. Network defense has now entered the deep water zone, and multi-dimensional checkpoints can be established on the cloud to avoid the observation blind spots of traffic bypass and establish a seamless application security perception plane.
Wang Qiang, University of Chinese Academy of Sciences
“The digital economy drives digital innovation in enterprises, and cloud native has become a new technology trend. The resulting cloud native security is also a hot topic. Cloud native environments generally have many security issues such as code defects, misconfigurations, supply chain security, and cloud native product security.” Fan Weibo, head of Qi'anxin's cloud security division, said that at this stage, it is necessary to manage the security of cloud native assets, risks, and threats throughout their life cycle from a global perspective. Qi'anxin CNAPP Cloud Native Security Management System is developed precisely to meet the security needs of cloud native. Its security capabilities cover the entire cloud native architecture and the entire life cycle of cloud native applications. It covers the infrastructure for the operation of cloud native applications vertically from bottom to top, including IaaS platforms, PaaS platforms, hosts and container workloads, and the corresponding microservices of the applications themselves. It covers the entire life cycle of cloud native applications horizontally from left to right, including the development, deployment, and runtime stages, integrating security into Devops and successfully achieving “security left shift”, helping customers to make cloud native security visible, manageable, and controllable.
Fan Weibo, Head of Qi'anxin Cloud Security Division
“The rapid development of cloud-native technology has brought flexibility and scalability to enterprises, but it has also brought new security challenges.” Xue Qingwei, a security expert from Qi'anxin's Network Security Department, introduced the attack and anomaly detection methods in cloud-native environments, as well as practical thinking on cloud-native security operations to the guests based on Qi'anxin's internal practices.
Xue Qingwei, security expert of Qi'anxin Network Security Department
The BCS Cloud Native Security Forum has been held for two consecutive sessions so far, bringing together many industry experts and scholars, first-party customers and security companies from the cloud native field. It has had a positive impact on improving the theoretical construction and practical level in the field of cloud native security, and has safeguarded the healthy development of the cloud native industry under the wave of digital economy.
If reprinted, please indicate the original address
Thank you for your support, I will continue to work hard!
OpenWeChatScan and click on the upper right corner to share
You may also be interested in
-
Native integrated security on the go | BCS Cloud Native Security Forum held in Beijing
-
The National Energy Administration issued the “Emergency Plan for Power Network Security Incidents” (attached with full text)
-
The Eastern Hemisphere's top cybersecurity competition is about to open, and these contents of the “Matrix Cup” are worth paying attention to
-
Forum Preview | July 4th, Global Digital Economy Conference – Digital Security Ecosystem Construction Forum
-
A new tool for on-site investigation! A variety of automotive electronic data forensics equipment, there is always one suitable for you
-
10% off! Meiya Pico's “New Forensic Capability Enhancement Upgrade Package” is online
GIPHY App Key not set. Please check settings