The 10th Trusted Cloud Conference Cloud Native Security Sub-forum hosted by China Academy of Information and Communications Technology (hereinafter referred to as "CAICT") and China Communications Standards Association was successfully held at the Beijing International Convention Center on July 26. As one of the achievements displayed at the conference, the "Cloud Native Security Configuration Baseline Specification" jointly compiled by the China Academy of Information and Communications Technology and industry-leading companies was officially released. Hua Yun'an participated in the joint release ceremony of the standard as a representative of the participating units.
One of the biggest risks in the field of cloud-native security is wrong security configuration. Wrong security configuration will be introduced into the enterprise application environment through the software supply chain, causing huge losses to the enterprise. Therefore, the cloud-native security configuration baseline is the focus of common attention of enterprises. In this context, the China Academy of Information and Communications Technology has joined forces with a number of cloud users, cloud service providers, and security companies to start the preparation of the "Cloud Native Security Configuration Baseline Specification" standard.
The cloud-native security configuration baseline requirements in the "Cloud Native Security Configuration Baseline Specification" are the requirements for the security configuration baseline of the cloud-native tool Kubernetes. As shown in the figure, the requirements in this standard mainly include the API Server, control and management Security configuration requirements for controllers, schedulers, etcd, security configuration requirements for working nodes kube-proxy, kubelet, and workloads, and CNI and network policy configuration requirements for additional items. In addition to the corresponding security requirements, in order to cooperate with the use of automated baseline scanning tools, each requirement in this standard is accompanied by automation requirements.
Cloud native technology, as a typical technology leading the transformation of the new generation of software architecture, has achieved high-quality and large-scale implementation in the entire industry, and has become the latest paradigm for enterprise cloud use. Cloud-native drives innovations in software architecture and application models, injecting new vitality into traditional enterprise applications and bringing new risks and challenges to traditional cloud security protection systems. More agile and efficient cloud-native security has become a competitive force for enterprises. focus areas.
As a participating unit of the standard release, Huayunan actively participates in the exploration and practice of the development of cloud native technology. Based on cloud-native models and technologies, Huayunan has created a future-oriented, new-generation security defense system based on the perspective of attackers. Its core idea is to provide various atomic security capabilities through a security platform, and provide customers with a cloud-native atomic security capability platform integrating active defense capabilities, intelligence coordination capabilities, and traceability and countermeasure capabilities.
The cloud-native security platform that Huayunan continues to build uses the security risk library of the knowledge graph and the scenario-based artificial intelligence engine as the core key technologies to provide various atomic security capabilities through micro-services, combined with automated and intelligent orchestration technologies, Deliver continuously iterative atomic security capabilities to customers. The atomic security capability design of the platform based on microservices fully considers the requirements of elasticity, redundancy and high performance, and the atomic security capability is agile and easy to use.
Hua Yunan's current business focuses on threat and exposure surface management, including attack surface management, security verification, and automated defense. At present, Hua Yunan has built cloud-native atomic security application capabilities such as detection and discovery capabilities, analysis and judgment capabilities, intelligence early warning capabilities, and response and handling capabilities. With the development of the cloud-native security industry becoming more and more perfect and the technological ecology becoming more mature, cloud-native security has become the best path for security protection on the cloud. Hua Yunan will continue to improve the construction of the cloud-native security platform system to provide the digital transformation of enterprises with Solid safety base.