Thoughts on Huawei Cloud's Security Operations and Maintenance for Public Cloud

https://www.ichunqiu.com/open/60391

1 Thoughts on Huawei Cloud's Security Operations and Maintenance for Public Cloud#

2 Table of Contents#

Security Risks in Cloud Environment
Ideas for Building Huawei Cloud's Security Operations and Maintenance System
Huawei Cloud's Security Operations and Maintenance Practices
Summary and Recommendations

2. Security Risks in Cloud Environment#

2.1 Main Security Challenges Facing Cloud Services#

Security and Challenges

External intrusion attacks
Traffic attacks, service interruption
Account theft, gaining permissions
Vulnerability intrusion, data theft
Internal risks of the cloud platform
Isolation issues in a shared environment
How to ensure the legitimate use of data
Security services at the tenant level
Need for quick, simple, easy-to-use, on-demand services
Need for unified management
Traditional security products are difficult to deploy in the cloud
Security awareness/skills need improvement
Inadequate tenant data protection
Most tenants' security awareness needs to be improved
Most tenants' security skills need enhancement

3. Public Cloud Environment vs. Traditional IT Environment#

3.1 Traditional IT Environment - Hakka Round House#

Characteristics
Clear boundaries, full security responsibility, known business
Strategy
Walled protection, security can cover end-to-end, refined protection strategies for basic business deployment
Technology
APT attack detection, phishing email protection, DLP

3.2 Public Cloud - Open Community#

Characteristics
Unclear boundaries, shared security responsibility, unknown business
Strategy
Light control, heavy detection, rapid response. Emphasizes timely evidence collection.
Technology
Defense against DDoS attacks, protection against brute force cracking and basic vulnerability attacks, prevention of cloud resource abuse, etc.

4. Differences Between Security Operations and Maintenance in Public Cloud Environment and Traditional Environment#

Type	Public Cloud Security Operations	Traditional Security Operations
Protection Environment	Black box business unknown	White box business known
Security Boundary	Shared responsibility, blurred operational and network boundaries	Clear boundaries, end-to-end responsibility
Security Goals	Prevent attacks, prevent intrusions, prevent abuse	Prevent leaks, prevent attacks, prevent intrusions
Main Responsibilities	Detection, response, security consulting, security services, threat modeling development, etc.	Monitoring, response, configuring security policies
Main Risks	Denial of service attacks, weak passwords and vulnerabilities leading to host intrusions, cloud service abuse	Data leaks, APT parasites, weak passwords or vulnerabilities leading to intrusions
Security Products	Mainly self-developed products, complex business, wide industry, product modeling needs to support rapid iteration, content security focuses on illegal detection	Use mature third-party solutions and products, security capabilities constrained by third-party products, content security uses DLP to prevent critical asset leaks
Technical Means	Weak control, focus on detection, rapid response, control defenses usually use black and white list mechanisms, business and users are relatively fixed, generally through business to formulate security policies, end-to-end visibility
Typical Technologies	DDoS defense, brute force cracking defense, web application protection, content detection, C&C communication, network flow analysis visibility	Email security, DLP, web application protection, IPS, mobile security, host security

5. Challenges in Public Cloud Security Operations and Maintenance#

High requirements for automation
Lack of understanding of the business
High business continuity
Shared security responsibility model

6. Ideas for Building Huawei Cloud's Security Operations and Maintenance System#

6.1 Firefighting Stage#

Quickly identify top risks, optimize solutions for business "pain points," and perform some basic "life-saving" work.

6.2 Systematic Construction#

Solid security infrastructure construction, establish security operations and maintenance process system + a small number of self-developed tools + third-party security products.

6.3 Advanced Security#

Self-research and automated security big data continuous security operations and maintenance key capability matrix layout.

6.4 Intelligent Security#

Security self-adaptive, intelligent, prevention, detection, response, tracing, prediction.

7. Huawei Cloud Security Operations and Maintenance System Framework#

7.1 Organizational Personnel#

Process system, architecture.

7.2 Security Governance#

Security operations, operational toolization, automation.

8. Security Operations and Maintenance Process System#

8.1 Excellent Practices, Cases#

AWS, Azure.

8.2 Legal + Policy Requirements#

Domestic legislative bodies, sensitive national legislative bodies.

8.3 Industry Requirements#

Industry policies, standard publishing bodies.

8.4 Law Enforcement Requirements, Cases#

National regulatory enforcement bodies, national review bodies.

8.5 Historical Cases#

Media events, security incidents, operational incidents.

漫游指南-1 的世界