Security Session - Apsara 2022
Date: Oct 1, 2022
At the Apsara conference 2022, Alibaba officially announced the establishment of the Cloud Native Technology Committee. This means that cloud native, as Alibaba's core technology strategy, will accelerate the use of the advantages of the cloud platform, provide technology developers with a richer native underlying technology environment, and promote faster business development. At the same time, while enjoying the benefits of cloud-native technology, enterprises also accept the security protection of Alibaba's equivalent capabilities Apsara conference 2022.
At the just-concluded Apsara conference 2022 "Accelerating Cloud Native Innovation and Security", Alibaba Cloud Xiao Li also mentioned that the evolution of the underlying infrastructure will bring more earth-shaking changes to security, and all enterprises will enjoy the cloud in the future. The highest level of security. More innovative applications and the influx of new technologies will continue to refresh and define new cloud-native security capabilities, thereby helping enterprises build a new generation of security architecture that is more suitable for their own business Apsara conference 2022.
In the special session, in addition to Xiao Li's release of the Apsara conference 2022 native security architecture, sharing of the core advantages of native security, and zero trust in remote office, there are also many important viewpoints and technology releases worthy of attention:
01
* From hybrid cloud security to secure hybrid cloud
Cloud-native reconstruction of enterprise security system, embracing hybrid cloud architecture Apsara conference 2022*
Gartner predicts that by 2020, 90% of organizations will utilize hybrid cloud to manage IT infrastructure.
With the development of cloud computing, the original physical boundaries of enterprises are being broken, and more and more enterprises are beginning to pay attention to software-defined boundaries. With the full rollout of 5G technology and the popularity of more and more localized applications, more data processing needs to be done at edge nodes. In addition, the combination of cloud computing and SDWAN also helps enterprise users better connect to offline environments, including IDC, office network, mobile office and other scenarios. Apsara conference 2022 evolution of infrastructure has put forward new requirements for security, and the underlying architecture of security needs to be upgraded and evolved. At the Apsara conference 2022, Alibaba Cloud's senior product expert Ge Daibin announced: Alibaba Cloud has officially upgraded its hybrid cloud security solution to a new secure hybrid cloud architecture: Alibaba Cloud's SASE security architecture Apsara conference 2022
Alibaba Cloud's SASE security architecture is actually Alibaba's security hybrid cloud architecture. This secure hybrid cloud can logically be understood as a software-defined secure access area built on the cloud: whether it is application traffic from the Internet to the public cloud and IDC, or external traffic from enterprise employees to the Internet, or enterprise employees The horizontal access traffic of employees to internal applications, as well as the operation and maintenance traffic of enterprise operation and maintenance personnel to applications on the cloud, will automatically access this secure access area for detection, analysis, and protection. In terms of scenarios, it will cover various scenarios of Internet external business, intranet applications, office network security, mobile office, and application operation and maintenance security, so as to help enterprise users gradually migrate from traditional border security to software-defined border security. In this way, enterprises can reconstruct their own security systems in an all-round way based on the security cloud provided by Alibaba Cloud, cover cloud and offline assets, and better embrace the hybrid cloud architecture Apsara conference 2022.
02
*Cloud-native data security defense-in-depth system
Build a complete data security life cycle, covering the deployment on the cloud, and the entire process of business operation*
With the acceleration of the digitalization process and more and more enterprises migrating their business to the cloud, data security has become a common challenge for enterprises. Data security threats are also multifaceted: for example, data leakage or illegal access caused by improper operation of employees; illegal data theft due to external attacks; and because data itself is ubiquitous, there are higher requirements for data protection methods. Changes in the code or application lifecycle make otherwise effective means less useful Apsara conference 2022.
In the entire in-depth security system on the cloud, Alibaba Cloud provides cryptographic technologies and product applications suitable for different links such as network boundary -> workload -> persistent storage, such as SSL certificate and transmission encryption, cloud encryption machine and key management , dynamic credentials, etc.
Apsara conference 2022, Chen Junpu, a technical expert of Alibaba Cloud intelligent products, shared Alibaba Cloud's cryptographic infrastructure: Alibaba Cloud provides enterprises with different high-security cryptographic hardware according to the compliance requirements for passwords in different market regions, allowing encryption. Capabilities run through the entire cloud product system, helping users build default security policies. At the same time, according to different business dimensions, different forms of cryptographic products are designed to help users establish their own different business encryption forms such as financial payment and blockchain scenario applications according to their special cryptographic needs.
At the same time, Alibaba Cloud helps enterprises to realize the construction of security life cycle more intelligently, faster and more automatically by building the ability of data security intelligence and automation:
-Using SDDP products to help users intelligently identify sensitive data and perform classification and grading. At the same time, it provides certain data protection, such as masking and desensitizing sensitive data. In addition, SDDP also provides data leakage detection and reduces manual security audits through intelligent means. Provide data security audits to ensure that the use of native data products by the cloud is in a safe and compliant state
-Transparent access records of open APIs and operation logs in the cloud platform, and deliver them to users' logs or OSS storage for user consumption and analysis
-By configuring the audit service, ensure that the security policy deployed on the cloud is always open by default, and alert and repair violations
These cloud-native capabilities ultimately build a complete data security life cycle, which can cover deployment on the cloud and all aspects of business operation. As the life cycle continues to change, the overall security level also increases simultaneously, making cloud deployments safer and more effective.
03
*Promote the landing of trusted cloud
Alibaba Cloud provides enterprise-level trusted solutions*
Alibaba Cloud released the Trusted Cloud Hardware Architecture in 2018. After two years of technical practice and breakthroughs, Alibaba Cloud Security has truly promoted trustworthiness from the perspectives of hardware root of trust, hardware firmware security, system trusted chain, and trusted execution environment. Cloud landing, Alibaba Cloud Security announced at the Apsara conference 2022:
**1. Alibaba Cloud has supported providing customers with enterprise-level trusted solutions
2. Alibaba Cloud officially released a high-security ECS trusted cloud instance
3. Alibaba Cloud released a trusted solution for public cloud systems**
In fact, system trust is a very important security function and solution for customers such as finance, government, enterprises and institutions that have a strong demand for high-level security. Through Alibaba Cloud's trusted products and solutions, you can manage the secure startup of core components, including the underlying components at system startup and user-specified applications, which can help users effectively protect the underlying system threats that ordinary host security software is difficult to combat. At the same time, it supports multiple scenarios and secondary research and development, so customers can flexibly and diversely use trusted capabilities according to their own business applications.
In addition, Alibaba Cloud security expert Lu Fang mentioned in his sharing: Based on the encrypted computing SGX2.0 technology, on the basis of trusted computing instances, Alibaba Cloud provides customers with a more secure encrypted computing execution environment.
Today, based on the core concepts of trusted computing and encrypted computing, and relying on hardware security features and strict cryptographic algorithms, Alibaba Cloud has created a hardware-based system for enterprises, ranging from physical machines, to virtual machines, to containers, at all levels. letter execution environment. At the cloud platform level, Alibaba Cloud builds trusted firmware and hardware; in user-oriented ECS instances with high security levels, it supports IDaaS and zero-trust solutions for users through system trusted products; finally, at the business application level, it provides users with Product capabilities such as application trust and container trust. At present, this solution has been well applied in a bank on a public cloud. Users not only obtain the underlying security guarantee, but also realize the zero-trust system and container security scheduling according to their own business needs, relying on trusted computing technology to form A very complete and advanced enterprise-level security system.
At the Apsara conference 2022, Alibaba officially announced the establishment of the Cloud Native Technology Committee. This means that cloud native, as Alibaba's core technology strategy, will accelerate the use of the advantages of the cloud platform, provide technology developers with a richer native underlying technology environment, and promote faster business development. At the same time, while enjoying the benefits of cloud-native technology, enterprises also accept the security protection of Alibaba's equivalent capabilities Apsara conference 2022.
At the just-concluded Apsara conference 2022 "Accelerating Cloud Native Innovation and Security", Alibaba Cloud Xiao Li also mentioned that the evolution of the underlying infrastructure will bring more earth-shaking changes to security, and all enterprises will enjoy the cloud in the future. The highest level of security. More innovative applications and the influx of new technologies will continue to refresh and define new cloud-native security capabilities, thereby helping enterprises build a new generation of security architecture that is more suitable for their own business Apsara conference 2022.
In the special session, in addition to Xiao Li's release of the Apsara conference 2022 native security architecture, sharing of the core advantages of native security, and zero trust in remote office, there are also many important viewpoints and technology releases worthy of attention:
01
* From hybrid cloud security to secure hybrid cloud
Cloud-native reconstruction of enterprise security system, embracing hybrid cloud architecture Apsara conference 2022*
Gartner predicts that by 2020, 90% of organizations will utilize hybrid cloud to manage IT infrastructure.
With the development of cloud computing, the original physical boundaries of enterprises are being broken, and more and more enterprises are beginning to pay attention to software-defined boundaries. With the full rollout of 5G technology and the popularity of more and more localized applications, more data processing needs to be done at edge nodes. In addition, the combination of cloud computing and SDWAN also helps enterprise users better connect to offline environments, including IDC, office network, mobile office and other scenarios. Apsara conference 2022 evolution of infrastructure has put forward new requirements for security, and the underlying architecture of security needs to be upgraded and evolved. At the Apsara conference 2022, Alibaba Cloud's senior product expert Ge Daibin announced: Alibaba Cloud has officially upgraded its hybrid cloud security solution to a new secure hybrid cloud architecture: Alibaba Cloud's SASE security architecture Apsara conference 2022
Alibaba Cloud's SASE security architecture is actually Alibaba's security hybrid cloud architecture. This secure hybrid cloud can logically be understood as a software-defined secure access area built on the cloud: whether it is application traffic from the Internet to the public cloud and IDC, or external traffic from enterprise employees to the Internet, or enterprise employees The horizontal access traffic of employees to internal applications, as well as the operation and maintenance traffic of enterprise operation and maintenance personnel to applications on the cloud, will automatically access this secure access area for detection, analysis, and protection. In terms of scenarios, it will cover various scenarios of Internet external business, intranet applications, office network security, mobile office, and application operation and maintenance security, so as to help enterprise users gradually migrate from traditional border security to software-defined border security. In this way, enterprises can reconstruct their own security systems in an all-round way based on the security cloud provided by Alibaba Cloud, cover cloud and offline assets, and better embrace the hybrid cloud architecture Apsara conference 2022.
02
*Cloud-native data security defense-in-depth system
Build a complete data security life cycle, covering the deployment on the cloud, and the entire process of business operation*
With the acceleration of the digitalization process and more and more enterprises migrating their business to the cloud, data security has become a common challenge for enterprises. Data security threats are also multifaceted: for example, data leakage or illegal access caused by improper operation of employees; illegal data theft due to external attacks; and because data itself is ubiquitous, there are higher requirements for data protection methods. Changes in the code or application lifecycle make otherwise effective means less useful Apsara conference 2022.
In the entire in-depth security system on the cloud, Alibaba Cloud provides cryptographic technologies and product applications suitable for different links such as network boundary -> workload -> persistent storage, such as SSL certificate and transmission encryption, cloud encryption machine and key management , dynamic credentials, etc.
Apsara conference 2022, Chen Junpu, a technical expert of Alibaba Cloud intelligent products, shared Alibaba Cloud's cryptographic infrastructure: Alibaba Cloud provides enterprises with different high-security cryptographic hardware according to the compliance requirements for passwords in different market regions, allowing encryption. Capabilities run through the entire cloud product system, helping users build default security policies. At the same time, according to different business dimensions, different forms of cryptographic products are designed to help users establish their own different business encryption forms such as financial payment and blockchain scenario applications according to their special cryptographic needs.
At the same time, Alibaba Cloud helps enterprises to realize the construction of security life cycle more intelligently, faster and more automatically by building the ability of data security intelligence and automation:
-Using SDDP products to help users intelligently identify sensitive data and perform classification and grading. At the same time, it provides certain data protection, such as masking and desensitizing sensitive data. In addition, SDDP also provides data leakage detection and reduces manual security audits through intelligent means. Provide data security audits to ensure that the use of native data products by the cloud is in a safe and compliant state
-Transparent access records of open APIs and operation logs in the cloud platform, and deliver them to users' logs or OSS storage for user consumption and analysis
-By configuring the audit service, ensure that the security policy deployed on the cloud is always open by default, and alert and repair violations
These cloud-native capabilities ultimately build a complete data security life cycle, which can cover deployment on the cloud and all aspects of business operation. As the life cycle continues to change, the overall security level also increases simultaneously, making cloud deployments safer and more effective.
03
*Promote the landing of trusted cloud
Alibaba Cloud provides enterprise-level trusted solutions*
Alibaba Cloud released the Trusted Cloud Hardware Architecture in 2018. After two years of technical practice and breakthroughs, Alibaba Cloud Security has truly promoted trustworthiness from the perspectives of hardware root of trust, hardware firmware security, system trusted chain, and trusted execution environment. Cloud landing, Alibaba Cloud Security announced at the Apsara conference 2022:
**1. Alibaba Cloud has supported providing customers with enterprise-level trusted solutions
2. Alibaba Cloud officially released a high-security ECS trusted cloud instance
3. Alibaba Cloud released a trusted solution for public cloud systems**
In fact, system trust is a very important security function and solution for customers such as finance, government, enterprises and institutions that have a strong demand for high-level security. Through Alibaba Cloud's trusted products and solutions, you can manage the secure startup of core components, including the underlying components at system startup and user-specified applications, which can help users effectively protect the underlying system threats that ordinary host security software is difficult to combat. At the same time, it supports multiple scenarios and secondary research and development, so customers can flexibly and diversely use trusted capabilities according to their own business applications.
In addition, Alibaba Cloud security expert Lu Fang mentioned in his sharing: Based on the encrypted computing SGX2.0 technology, on the basis of trusted computing instances, Alibaba Cloud provides customers with a more secure encrypted computing execution environment.
Today, based on the core concepts of trusted computing and encrypted computing, and relying on hardware security features and strict cryptographic algorithms, Alibaba Cloud has created a hardware-based system for enterprises, ranging from physical machines, to virtual machines, to containers, at all levels. letter execution environment. At the cloud platform level, Alibaba Cloud builds trusted firmware and hardware; in user-oriented ECS instances with high security levels, it supports IDaaS and zero-trust solutions for users through system trusted products; finally, at the business application level, it provides users with Product capabilities such as application trust and container trust. At present, this solution has been well applied in a bank on a public cloud. Users not only obtain the underlying security guarantee, but also realize the zero-trust system and container security scheduling according to their own business needs, relying on trusted computing technology to form A very complete and advanced enterprise-level security system.
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
