What is cloud native security?


With the widespread deployment of public clouds and private clouds, cloud computing infrastructure has become the first choice for enterprises to deploy new services. Cloud native architecture is also favored by more and more customers, and cloud native security is receiving more and more attention. Cloud native security includes two layers of meaning: security for cloud native environments and security with cloud native characteristics.

Security for cloud-native environments

The goal of security for cloud native environments is to protect the security of infrastructure, orchestration systems, microservices and other systems in cloud native environments.

The security mechanisms inside cloud native are mostly in the form of cloud native. For example, service grid security usually uses side-connected security containers, and microservice API security usually uses micro API gateway containers. These security containers are all cloud native deployment models. Has cloud-native characteristics.

Security with cloud-native characteristics

Security mechanisms with cloud-native characteristics have similar characteristics to currently popular security resource pools. Of course, with the help of popular cloud-native technologies and platforms in the industry, it can provide security capabilities with better performance and more flexible processing than security resource pools.

In an ideal situation, cloud native security would be to reconstruct the original security mechanism or design new security functions in the cloud native environment, so that the final security mechanism can be seamlessly integrated with the cloud native system, and ultimately reflect the cloud Native security capabilities.

Native security: Converged cloud-native security

Features of native security: Based on cloud native and ubiquitous, even if cloud native technology is used, it is suitable for various scenarios.

Security empowers the cloud native system and builds cloud native security capabilities. Currently, cloud native technology is developing rapidly, but the corresponding security protection is lacking. Even the most basic image security and security baseline are not satisfactory. Therefore, we should study how to apply existing mature security capabilities, such as isolation, access control, intrusion detection, and application security, to the cloud native environment to build a secure cloud native system.

Security products have new cloud-native features, such as light/fast/immutable infrastructure, elastic service orchestration, development and operation integration, etc. Therefore, security vendors will begin to study how to give these capabilities to traditional security products and build native security architecture through software-defined security architecture to provide elastic, on-demand, cloud-native security capabilities and improve the "protection-detection-response" closed loop. s efficiency.

After the security device or platform is cloud-native, it can provide (cloud)-native security capabilities. It is not only suitable for general cloud-native, 5G, edge computing and other scenarios, but can also be independently deployed in large e-commerce companies that require lightweight, high-performance The traditional scenario of elasticity eventually becomes ubiquitous security.