After years of development , China's cloud native technology ecology has tended to be perfect 、 The acceptance of industry users has increased rapidly 、 The capital market boom is surging , It can be predicted that China's cloud primary industry will enter a high business cycle . On the user side , The overall transformation of cloud primitives is the general trend , However, the reshaping of cloud native technology architecture and the change of application mode have introduced new security risks , Mirror holes 、 Container escape and service interaction security caused by fine-grained splitting of microservices are threatening the cloud native platforms and applications of enterprises , Cloud native security construction has become a necessary item in the process of Enterprise Cloud native platform construction and application cloud native biochemical transformation .

2022 year 6 month , Tencent cloud participated in the first cloud native security maturity assessment organized by the China Academy of information technology , Successfully completed the test .

Tencent cloud focuses on cloud native security research , Creating a secure industrial cloud , Relying on Tencent security 20 Years of experience in business security operation and black industry confrontation , Tencent cloud has top security experts in the industry 、 The most complete security big data and AI Technology accumulation .2018 year 9 month 30 On the th, Tencent launched a comprehensive cloud native cloud strategy , So far, there are tens of millions of core scale . Based on the security technology accumulated by Tencent for many years , Combined with the largest container cluster management and operation experience in the industry , Tencent cloud has built a complete cloud native security system and service capabilities , Cover Cloud native security governance 、 Cloud native data security 、 Cloud native application security 、 Cloud native computing security 、 Five aspects of cloud native network security . And built Host security 、 Container safety 、 Security operations center 、 Cloud firewall And a series of leading cloud native security products and services , Continue to provide native services for cloud users 、 Safe and reliable protection capability . meanwhile , Tencent cloud actively promotes the preparation of industry standards and specifications , And start 《 Tencent cloud container security white paper 》, The present situation of domestic container environmental safety is analyzed and summarized , Help the standardization and healthy development of cloud native security ecology .

  Tencent cloud native security system

The Chinese Academy of communications and communications has cooperated with the industry 20 Nearly of more than units 40 Experts lasted 1 The year of The first cloud native security maturity model standard in China The compilation , Provide self inspection ruler and construction guide for the construction of Enterprise Cloud native security capability . Tencent cloud successfully completed Infrastructure security domain 、 Infrastructure security domain 、 R & D and operation security domain 、 Cloud native security operation and maintenance domain evaluation .

Infrastructure security domain capabilities ：

Tencent cloud provides global security leading computing 、 The Internet 、 Infrastructure services such as storage , Build multiple threat identification models based on the massive threat data accumulated by Tencent to prevent cloud security events 、 defense 、 Detection and response , Provide a secure and stable computing environment , And perfect safety isolation , Data backup recovery 、 Storage encryption capability .

Cloud native infrastructure security domain aspect ：

Tencent cloud has a leading and comprehensive cloud native security technology , Provide comprehensive security protection measures for cloud native infrastructure , Including unified container asset management 、 Container image security scan management 、 Cluster arrangement facility patrol inspection and access control 、 Container runtime intrusion detection and other security services , Automatic attack and intrusion protection and threat response through rich security policy definitions , Ensure that the container business starts from building 、 Full lifecycle security deployed to runtime .

Cloud native R & D and operation security domain capabilities ：

Tencent cloud establishes a defense system based on vulnerability defense and repair , The test finds out the known vulnerabilities and conducts the repair and defense against them ; Discover potential security threats based on the software development lifecycle , establish DevSecOps Capabilities are modeled through threats 、 Safety design 、 Reduce threats from multiple angles, such as security testing , Build product cloud native security .

Cloud native security operation and maintenance domain capabilities ：

Tencent cloud provides complete and intelligent security audit and policies 、 identity 、 Password security management capability , Support from cloud accounts 、 Cloud operation audit 、 Virtual machine to K8s Conduct security operation and maintenance management in terms of authority policy and identity management . Relying on the security capabilities of various cloud native foundations of the platform , A unified alarm analysis 、 Incident investigation 、 Centralized disposal , Automated responsive operational systems , And with security services to enhance the enterprise's cloud native security operation capability .

Introduction to cloud native security maturity model

Cloud native Capability Maturity Model （CNMM-TAS） To improve the efficiency of enterprise R & D 、 To promote business innovation and development , From the technical architecture （T）、 Business applications （A）、 Security architecture （S） Three aspects promote the construction of Enterprise Cloud native capabilities . Cloud native security maturity （CNMM-TAS） Assessment incorporates zero trust 、 Move left safely 、 The four concepts of continuous monitoring and response and observability , From infrastructure security 、 Cloud native infrastructure security 、 Cloud native application security 、 Cloud native R & D and operation security and cloud native security operation and maintenance 5 Fully examine the security level of cloud native architecture in three dimensions , Help enterprises quickly compare 、 Locate the level of safety capability , Diagnose your own problems , Customize the evolution direction of the security architecture according to the business requirements and the high-level capabilities of the model .

Cloud native security maturity model

summary

Cloud native technology not only brings new business changes, but also new security challenges , At present , Tencent cloud has established a complete cloud native security system and product services , from Cloud native infrastructure 、 Cloud native infrastructure 、 Cloud native application 、 From cloud native R & D and operation to cloud native security operation and maintenance Built a complete and comprehensive security guarantee , Relying on Tencent cloud's solid security base and rich cloud native security product matrix , For different industries 、 Hundreds of thousands of customers of different sizes and development stages provide cloud native Services . future , Tencent cloud will continue to focus on cloud native security research , Through a complete cloud native security protection system , Help users realize cloud native transformation safely , Enjoy the bonus of cloud native .

Previous selections ：

• Tencent cloud releases container security white paper

• Capture the wild container attack on the cloud again ,TeamTNT Uncover the secret of black production attack method

• Security construction and operation under cloud native architecture from the perspective of major vulnerability emergency （ On ）

• Security construction and operation under cloud native architecture from the perspective of major vulnerability emergency （ Next ）

• Container security field attack investigation

• Tencent cloud million container image security management operation practice