Apsara Conference 2022|Alibaba Cloud Releases Cloud Security Access Service Based on SASE Architecture
Date: Oct 1, 2022
2020 is a special year. Affected by the epidemic, people's work and lifestyle have quietly changed. With the surge in telecommuting, online education, and online medical care, all industries are experiencing a "stress test". Digital transformation has become the general trend, and it has become the best way to advance and break through in this test. With the introduction of new technologies such as big data, cloud computing and 5G, enterprise IT infrastructure architecture has also undergone significant changes:
- "Cloudization" of core enterprise applications, including cloudification of internal enterprise applications and Internet of external applications
- "Marginalization" of business scenarios, more and more data processing and computing are sinking to edge nodes for completion
- "Diversified" office scenarios, mobile office, remote office, headquarters/branch office collaboration
This change has brought new challenges to the security of traditional IT infrastructure. The original boundaries of enterprises are being broken, and traditional hardware security solutions have been unable to meet the protection requirements of enterprises in digital transformation.
SASE (Secure Access Service Edge), secure access service edge, this architecture will be more adaptable to IT environments such as edge computing, cloud services, and hybrid clouds, and help enterprises complete digital transformation faster, more securely, and more conveniently.
---- Gartner, 2019
Therefore, at the just-concluded Yunqi Conference, Alibaba Cloud officially released the "Cloud Native SASE Solution", which integrates core native security capabilities and network capabilities to provide cloud users with a SaaS-based security solution based on Alibaba Cloud's infrastructure. Service Platform. The solution is based on the innate dynamic expansion capability of the cloud, and supports real-time agile and elastic scaling of security protection capabilities. Relying on Alibaba Cloud's nationwide data centers and edge computing nodes, it realizes nearby network access, reduces latency, and ensures security effects. Cloud identity authentication service, build a new zero-trust access architecture, greatly reduce the exposure of internal assets and systems, and create a more secure office system. Therefore, Alibaba Cloud's native SASE solution provides users with a unified security management capability, which not only covers the security of assets and applications on the cloud, but also better manages the security of corporate office networks.
Screenshot 2020-09-27 11.03.39 pm.png
CSAS Secure Access Service Based on SASE Architecture
Recently, as the core product of Alibaba Cloud's SASE architecture, Cloud Security Access Service (CSAS) was officially launched for public beta. This product supports enterprises to carry out unified platform-based security management on the use of employee intranet applications and Internet access. And Alibaba Cloud CSAS supports deep integration with SD-WAN, which can help Alibaba Cloud enterprises cover more diverse scenarios, such as security management between corporate headquarters and branches/stores, as well as mobile office and remote office security Wait.
CSAS secure access service, based on Alibaba Cloud's native advantages, presents four characteristics of high availability, full coverage, low latency, and "0" touch, and supports four core digital scenarios:
scene 1:
**Headquarters/branch offices, store office security
Low cost, high efficiency, unified platform management**
In March of this year, Hema announced that it would open 100 new Hema Fresh Stores nationwide. Relevant media also mentioned that the development of urbanization requires the regionalized and decentralized business model of stores, which will become a new trend. At the same time, financial institutions all over the country also have this state of coordination between the headquarters and a large number of branches, which puts forward higher requirements for security management, how to maximize the security effect, and how to unify the branches. Safety management has become a key concern.
By sinking security capabilities to cloud edge nodes, branches/stores of enterprises can select nearby security protection nodes to access through CSAS. In the form of a SaaS service platform, CSAS supports out-of-the-box use, that is, enterprises do not need to purchase additional complex security equipment, and only need a simple network configuration to realize the security management and control of branches/stores by the headquarters. Example: When a relevant security threat occurs in a store, the headquarters can sense it in real time and respond to and block the branch in real time. When the headquarters improves the security protection capabilities, the stores also enjoy the same security protection capabilities, which greatly reduces the operation and maintenance and management costs.
**Scenario 2:
Remote/mobile office, SOHO at home
Sensorless secure access**
Through the deep connection with network capabilities, relying on Alibaba Cloud's secure edge nodes distributed across the country, the CSAS secure access service enables remote/mobile office terminals to intelligently adapt to the nearest network and secure access through the lightweight security proxy mode. Such advantages The reason is that even if you are working in a different place, SOHO at home, or accessing the Internet on a business trip, or the corporate intranet, you can access it more smoothly, and the overall security is also guaranteed. No matter where employees are, they enjoy the same security policy, and when a risk occurs, enterprises can quickly respond through the management platform. In this way, enterprise IT personnel can reduce the cost input related to deployment and maintenance.
Scenario 3: SD-WAN Security Seamless Convergence
SASE is a network architecture that integrates software-defined wide area networking (SD-WAN) and security into cloud computing services, guaranteeing simplified WAN deployment, improved efficiency and security, and the right bandwidth for each application , that is, no matter what resources end users need, and where they and the resources are located, they have the same access experience and security protection capabilities. Based on the native advantages of Alibaba Cloud, CSAS and Alibaba Cloud SD-WAN can be deeply connected to realize integrated delivery and deployment with SD-WAN networking terminal SAG equipment and SAG-APP. Users only need to upgrade the existing SAG software version, without the need for secondary After deployment, security protection capabilities can be enabled through security devices or security clients.
Scenario 4: Office Behavior Audit Security Compliance
The CASA cloud security access service also supports real-time auditing of enterprise employees’ Internet access and internal business access logs. Enterprises can conduct unified management of enterprise employees’ operation logs through the platform. At the same time, audit logs can be retained for 6 months, which meets the requirements of cybersecurity laws and so on. compliance requirements.
Alibaba Cloud CSAS cloud security access service has started public beta
First launch experience: https://www.aliyun.com/product/security/csas
2020 is a special year. Affected by the epidemic, people's work and lifestyle have quietly changed. With the surge in telecommuting, online education, and online medical care, all industries are experiencing a "stress test". Digital transformation has become the general trend, and it has become the best way to advance and break through in this test. With the introduction of new technologies such as big data, cloud computing and 5G, enterprise IT infrastructure architecture has also undergone significant changes:
- "Cloudization" of core enterprise applications, including cloudification of internal enterprise applications and Internet of external applications
- "Marginalization" of business scenarios, more and more data processing and computing are sinking to edge nodes for completion
- "Diversified" office scenarios, mobile office, remote office, headquarters/branch office collaboration
This change has brought new challenges to the security of traditional IT infrastructure. The original boundaries of enterprises are being broken, and traditional hardware security solutions have been unable to meet the protection requirements of enterprises in digital transformation.
SASE (Secure Access Service Edge), secure access service edge, this architecture will be more adaptable to IT environments such as edge computing, cloud services, and hybrid clouds, and help enterprises complete digital transformation faster, more securely, and more conveniently.
---- Gartner, 2019
Therefore, at the just-concluded Yunqi Conference, Alibaba Cloud officially released the "Cloud Native SASE Solution", which integrates core native security capabilities and network capabilities to provide cloud users with a SaaS-based security solution based on Alibaba Cloud's infrastructure. Service Platform. The solution is based on the innate dynamic expansion capability of the cloud, and supports real-time agile and elastic scaling of security protection capabilities. Relying on Alibaba Cloud's nationwide data centers and edge computing nodes, it realizes nearby network access, reduces latency, and ensures security effects. Cloud identity authentication service, build a new zero-trust access architecture, greatly reduce the exposure of internal assets and systems, and create a more secure office system. Therefore, Alibaba Cloud's native SASE solution provides users with a unified security management capability, which not only covers the security of assets and applications on the cloud, but also better manages the security of corporate office networks.
Screenshot 2020-09-27 11.03.39 pm.png
CSAS Secure Access Service Based on SASE Architecture
Recently, as the core product of Alibaba Cloud's SASE architecture, Cloud Security Access Service (CSAS) was officially launched for public beta. This product supports enterprises to carry out unified platform-based security management on the use of employee intranet applications and Internet access. And Alibaba Cloud CSAS supports deep integration with SD-WAN, which can help Alibaba Cloud enterprises cover more diverse scenarios, such as security management between corporate headquarters and branches/stores, as well as mobile office and remote office security Wait.
CSAS secure access service, based on Alibaba Cloud's native advantages, presents four characteristics of high availability, full coverage, low latency, and "0" touch, and supports four core digital scenarios:
scene 1:
**Headquarters/branch offices, store office security
Low cost, high efficiency, unified platform management**
In March of this year, Hema announced that it would open 100 new Hema Fresh Stores nationwide. Relevant media also mentioned that the development of urbanization requires the regionalized and decentralized business model of stores, which will become a new trend. At the same time, financial institutions all over the country also have this state of coordination between the headquarters and a large number of branches, which puts forward higher requirements for security management, how to maximize the security effect, and how to unify the branches. Safety management has become a key concern.
By sinking security capabilities to cloud edge nodes, branches/stores of enterprises can select nearby security protection nodes to access through CSAS. In the form of a SaaS service platform, CSAS supports out-of-the-box use, that is, enterprises do not need to purchase additional complex security equipment, and only need a simple network configuration to realize the security management and control of branches/stores by the headquarters. Example: When a relevant security threat occurs in a store, the headquarters can sense it in real time and respond to and block the branch in real time. When the headquarters improves the security protection capabilities, the stores also enjoy the same security protection capabilities, which greatly reduces the operation and maintenance and management costs.
**Scenario 2:
Remote/mobile office, SOHO at home
Sensorless secure access**
Through the deep connection with network capabilities, relying on Alibaba Cloud's secure edge nodes distributed across the country, the CSAS secure access service enables remote/mobile office terminals to intelligently adapt to the nearest network and secure access through the lightweight security proxy mode. Such advantages The reason is that even if you are working in a different place, SOHO at home, or accessing the Internet on a business trip, or the corporate intranet, you can access it more smoothly, and the overall security is also guaranteed. No matter where employees are, they enjoy the same security policy, and when a risk occurs, enterprises can quickly respond through the management platform. In this way, enterprise IT personnel can reduce the cost input related to deployment and maintenance.
Scenario 3: SD-WAN Security Seamless Convergence
SASE is a network architecture that integrates software-defined wide area networking (SD-WAN) and security into cloud computing services, guaranteeing simplified WAN deployment, improved efficiency and security, and the right bandwidth for each application , that is, no matter what resources end users need, and where they and the resources are located, they have the same access experience and security protection capabilities. Based on the native advantages of Alibaba Cloud, CSAS and Alibaba Cloud SD-WAN can be deeply connected to realize integrated delivery and deployment with SD-WAN networking terminal SAG equipment and SAG-APP. Users only need to upgrade the existing SAG software version, without the need for secondary After deployment, security protection capabilities can be enabled through security devices or security clients.
Scenario 4: Office Behavior Audit Security Compliance
The CASA cloud security access service also supports real-time auditing of enterprise employees’ Internet access and internal business access logs. Enterprises can conduct unified management of enterprise employees’ operation logs through the platform. At the same time, audit logs can be retained for 6 months, which meets the requirements of cybersecurity laws and so on. compliance requirements.
Alibaba Cloud CSAS cloud security access service has started public beta
First launch experience: https://www.aliyun.com/product/security/csas
