There is no doubt that with the continuous optimization of digital government and smart city construction, the business needs of government departments are becoming increasingly diversified, and more and more government departments are using Internet applications to improve service quality and efficiency and model innovation, which is related to this The demands of innovative application scenarios continue to drive the update and optimization of cloud infrastructure.
For this reason, smart city construction is also "evolving" from government service reform to comprehensive urban management, and government cloud, as the cloud infrastructure of smart cities, is also "evolving" in the direction of urban cloud focusing on intensive construction. . It can be said that from promoting "government affairs to the cloud" to realizing "city to the cloud", the cloud has become the "black land" for urban digital transformation and smart city construction.
But we must also see that as data islands and barriers continue to be broken down, data has become the core and key to the services provided by smart cities. For city managers, since data involves data sovereignty and privacy, and there must be no data risk issues during the sharing and operation of data, the security issue of the city cloud has also been raised to an unprecedented level.
Urban cloud security challenges are becoming increasingly severe
In the past few years, Wuhan City has built the "Wuhan Cloud" that integrates the government domain, trusted domain, and industrial domain. This is the country's first "city cloud" and an "enabler" of Wuhan's digital economy. At present, Wuhan Cloud has supported more than 400 government affairs systems to run on the cloud. At the same time, "Wuhan Cloud" also plays an important role in the fields of "national economy and people's livelihood" such as education, medical care, and social security.
In this process, with the continuous deepening of digital applications, the boundaries of security are constantly being broken, which also makes Wuhan Cloud face more dynamic and uncertain challenges in daily operations, including data leakage, Service interruption, resource abuse, compliance, etc. Since Wuhan Cloud's business entities are government departments, the applications and data it carries involve people's livelihood services, social construction, industry development, policy governance and other fields, so it is also problematic in terms of security. There are higher risks and challenges.
First of all, from the perspective of policy requirements,With the promulgation and implementation of the "Cybersecurity Law" and "Security Protection Requirements for Critical Information Infrastructure", it is emphasized to build "active defense, monitoring and early warning, "Situation awareness, emergency response" and other network security capabilities, so this also puts forward higher requirements for Wuhan Cloud's security protection capabilities.
Secondly, from the perspective of security challenges,With the investment in construction of cloud-enabled and other compliance-enabled devices, security equipment in the past has also become independent, heterogeneous, dispersed, without linkage, and without Coordination and other phenomena make it difficult to form an overall security protection capability; coupled with the "increasing intensity" of network security attacks, whether the future city cloud base can withstand higher-level network attack and defense confrontations, such as APT, blackmail threats, etc., has also become a It has passed the test of Wuhan Cloud Xin’s security issues.
Finally, from the perspective of operational requirements,Because asset protection, vulnerability information, and security situation cannot be "visualized", it will also make it difficult to effectively implement security work decisions and disposals. Not only that, in traditional security capability building, because the experience and processes of security operation experts are passed on by "word of mouth", there is a lack of platform tools and the inability to standardize, which has also become a problem that Wuhan Cloud encounters in daily security operations. "problem".
In fact, as the country's first "urban cloud", the specific challenges faced by Wuhan Cloud in security operations also illustrate from one aspect the role and role of urban cloud in government governance and social services in today's accelerating development of the digital economy. The value continues to be highlighted, but at the same time, with the large number of innovations in urban data applications, the security pressure it faces is increasing. Therefore, the direction of urban cloud construction to be safer and smarter is not only a "trend", but also an "imminent need". ".
Against this background, Wuhan Cloud has created the Wuhan Cloud Security Cloud Brain through in-depth cooperation with Huawei Cloud, thereby building the technical capabilities to perceive the security situation of cloud assets in an "all-round way" and automate threat processing "all-weather" to prevent external attacks. The user "cannot enter, take away, understand, change, or run away", which has truly comprehensively improved the overall security protection capabilities of Wuhan Cloud.
Wuhan Cloud Security Cloud Brain Best Practices
It is understood that the Wuhan Cloud Security Operation Center has built a cloud-native three-dimensional security operation system with the "Security Cloud Brain" as the core. It is based on Huawei Cloud's new generation cloud-native security operation platform and provides comprehensive log collection and asset management. , security governance, situational awareness, threat operations, orchestration response and other fast closed-loop security information and event management services (SIEM), which can realize real-time reporting of high-risk security events and asset information, vulnerability and threat intelligence information sharing, and have "efficient research and judgment, accurate "Governance" capabilities not only comprehensively improve Wuhan Cloud's overall security protection capabilities, but also provide Wuhan Cloud's security construction with new value in three aspects: "intensive, efficient, and visible."
First of all, in terms of "intensification", Wuhan Cloud Security Cloud Brain has achieved comprehensive "integration" of cloud security capabilities. The security cloud brain has accumulated and integrated Huawei's thirty years of security operation experience, building Wuhan Cloud with security business scenario protection capabilities equivalent to Huawei Cloud, including daily operations, protection drills, major guarantees, and websites. Monitoring, security assessment, etc., and can provide the capabilities of "one-click security compliance, one-stop full-process processing, one-screen comprehensive perception, one-cloud global analysis", allowing users to handle security challenges in a "global operation" manner.
Secondly, in terms of "efficiency", through its powerful security management capabilities, Wuhan Cloud Security Cloud Brain has also achieved improvements in security operation efficiency. Take "security orchestration" as an example. It is based on the built-in Huawei security operation best practices and can support custom orchestration of security scripts and processes. At the same time, security response scripts can be dragged through security orchestration. Drag-and-drop flexible orchestration dynamically adapts to security business needs; at the same time, the security cloud brain supports cloud service security log data collection, data retrieval, security compliance inspection, threat detection model, vulnerability management, intelligence management, intelligent detection, and customization Functions such as security reports can provide professional-level security analysis capabilities to achieve security protection for cloud loads, various applications and data.
Data shows that Wuhan Cloud Security Cloud Brain has reduced operation and maintenance labor costs by 50% and increased security operation efficiency by more than 5 times through continuous security operation spiral iteration. While achieving "cost reduction and efficiency increase", it also makes security operation work "double the result with half the effort" ".
Finally, in terms of “visuality”, through the built-in “1+4” large visual screen, Wuhan Cloud Security Cloud Brain realizes the presentation of security protection and operational effects. For example, in the field of "situation awareness", the security cloud brain can provide a unified display platform for risk visibility, attack visibility, response visibility and to-do work order visibility on the cloud, maximizing Help users timely view various risk events encountered by cloud assets, thereby building powerful "before, during and after" security management capabilities; in addition, the security cloud brain also has the ability to "minute-level alarm response", through the collection of Threat alarm events of various security services, and use big data analysis technology to conduct classification statistics and correlation analysis of attack events, threat alarms and attack sources, which can comprehensively present the overall security attack situation, and can automatically handle or notify users in a timely manner Investigation and handling provide key support for safety work decision-making and handling.
It is worth mentioning that as the current security construction presents the characteristics of "normalization, systemization and practicality", it has become a new trend to use professional security operation teams to analyze and deal with various problems. For this reason, Wuhan Cloud We also cooperated deeply with Huawei Cloud and made new exploration and practice in MDR operation practice, and achieved good results. In addition, since the Wuhan Cloud Security Cloud Brain operation scenario covers single-commissioned office security operation self-management and security operation hosting, the two parties have also innovated three operating models on the same platform, including "single rental and self-operation, bank management" Operation and supervision operation" also provides diversified security protection options for different users of Wuhan Cloud.
For this reason, Wuhan Cloud Security Cloud Brain has also recently won the third batch of outstanding cases of the China Academy of Information and Communications Technology's "Security Guardian Program". It can be seen that the Wuhan Cloud Security Operation Center has built an integrated and closed-loop security operation system with the "Security Cloud Brain" as the core. By providing "one-click security compliance, integrated full-process processing, one-screen comprehensive perception, and one-cloud global "Analysis" capabilities have not only greatly improved the level of Wuhan Cloud's security operation capabilities, but the key is that the "safe and smart" Wuhan Cloud Security Cloud Brain created thereby has also better assisted the digital economy of Wuhan City Circle. high-quality development.
In general, as digitalization enters the "deep water zone", security boundaries are blurred, and attack complexity increases. Coupled with the multi-tenancy, virtualization, elastic scaling and other characteristics of cloud native architecture, traditional single-point security protection has gradually become insufficient. , and to protect the "lifeline" of urban data security and continue to improve network security resilience, a high degree of security will be the only way for every urban cloud to upgrade and develop in the future. In this process, the in-depth cooperation between Wuhan Cloud and Huawei Cloud has created the best time for the formation of Wuhan Cloud Security Cloud Brain, which undoubtedly provides more reference and new value for future urban cloud security integration governance construction.
Shenyao's Technology Observation was founded by Shensky, a senior technology media person. He has 20 years of experience in enterprise-level technology content communication and has long been focused on the observation and thinking of industrial Internet, enterprise digitalization, ICT infrastructure, automotive technology and other contents.
