In order to win this inevitable battle and fight against COVID-19, we must work together and share our experiences around the world. Join us in the fight against the outbreak through the Global MediXchange for Combating COVID-19 (GMCC) program. Apply now at https://covid-19.alibabacloud.com/
As we are still fighting in the front line against the COVID-19 outbreak, we are yet to know how long the epidemic will last. Through continual technological development, we have created more and more possibilities, which enables us to deal with disasters with more effectively and calmly. Despite the economic disruption caused, alternatives such as telecommuting helps organizations worldwide to maintain the pace and productivity of operations.
COVID-19 has challenged us in unprecedented ways. During the epidemic, advanced technology is no longer a perk but a requirement. For many enterprises, the impact of the COVID-19 outbreak has driven them to embrace digital transformation. Cloud services is no longer a luxury, and cloud security services has now become a necessity in the field of cybersecurity.
To a certain extent, computer viruses can also be thought as a different kind of epidemic that persists in the cyberspace. The cybersecurity industry was born from defense against computer viruses during the long development of the Internet. It is undeniable that cloud security has opened a new chapter in cybersecurity defense.
In fact, defense against viruses in cyberspace has parallels to defense against epidemics. On February 14, Alibaba Cloud Security Team helped an epidemic prevention and control organization to remotely implement Managed Security Service and completed the first physical examination of cloud assets within 24 hours. The organization promptly detected security threats such as webshell file upload by exploiting vulnerabilities and malicious command execution through webshell files. The organization immediately confirmed and deleted the vulnerabilities.
RoarTalk turned to Alibaba Cloud Security for interviewing Alibaba Cloud Security Director Niu Jilei (nicknamed Dongchang) regarding cloud security operations and the development trends of cloud security services during the COVID-19 epidemic.
What Are Cloud Security Operations?
RoarTalk: What does “cloud security operations” mean? Does it mean security capability provisioning through cloud services, or does it mean security capabilities on the cloud?
Dongchang: Cloud security operations is the delivery of security capabilities through the cloud. It is the ultimate pattern of security as a service in cloud computing. In cloud computing, cloud native capabilities (including cloud security product capabilities) are provided directly through cloud infrastructure (including cloud platforms, cloud products, and security products) by a powerful team of experts from cloud service providers. This allows customers to remotely access online security operation services.
This approach can lower the security operation costs and improve the efficiency of security operations due to the scale effect of cloud computing and the global “visual” characteristics of security policies. Security services can be delivered remotely on the cloud and so can be provided to customers around the clock more easily than traditional services. In the event of threats, enterprises can troubleshoot quickly, respond quickly, and control the issue promptly to prevent threat escalation.
Editor’s note: Cloud security is an all-encompassing concept. The industry generally divides cloud security into cloud computing security and secure cloud computing. Cloud computing security indicates the security protection of the cloud itself, including cloud computing application system security, cloud computing application service security, and cloud computing user information security. Secure cloud computing is an approach to provide and deliver security services through the cloud. This improves the service performance of security systems by using cloud computing technologies, such as the antivirus technology and Trojan detection technology based on cloud computing.
From this perspective, cloud security operations belong to secure cloud computing because it provides security capabilities through the cloud. The first company in the world to provide 5K cloud computing service capabilities, Alibaba Cloud independently developed the large-scale distributed computing operating system Apsara, which supported the transaction systems during several Double 11 Shopping Festivals of Tmall. This shows Alibaba Cloud’s technical prowess. Over the past 11 years, Alibaba Cloud has accumulated cybersecurity technicians and technical capabilities that are in high demand in the market.
How Do We Perform Cloud Security Operations?
RoarTalk: How can cloud security operators quickly get to know all the customer’s cloud assets (protection targets) and cloud security products (protection measures)? Why is it difficult to implement conventional security methods?
Dongchang: The cloud offers natural advantages such as auto scaling and unification of accounts, resources, and technical capabilities. Cloud resources and security protection measures can be globally displayed in a cloud console. Enterprises can intuitively know the categories and quantities of their cloud assets and the current security protection measures, for example, whether cloud-based web application firewalls (WAFs), cloud security centers, bastion hosts, and risk control are deployed, and what security configurations are available. Enterprises can easily perform security O&M, and can quickly troubleshoot and respond to security incidents.
Assets are generally scattered in data centers, especially in scenarios of hybrid cloud deployment. It takes at least two to three days to investigate assets and understand the network, security, system deployment location, and security protection measures. Many security products are scattered. The model, configuration, and standards vary between different products of different manufacturers and even different security products of the same manufacturer. This creates a challenge for security O&M and makes it difficult to immediately respond to security events. Security defense is a race against time. Compared with conventional offline security services, online cloud security operations are faster, simpler, more efficient, and less costly.
Editor’s note: O&M security is an interdisciplinary field that is highly valued by enterprises for two reasons. One reason is that group attacks of network viruses are destructive, such as Heartbleed, Shell Shock, and all types of distributed denial of service (DDoS) attacks. The second reason is that it is cost-effective to take O&M security measures to mitigate vulnerabilities such as weak passwords and loose permissions management.
Therefore, security O&M must be available around the clock. As Dongchang said, “Security defense is a race against time.” Alibaba Cloud believes their large team of experienced security O&M personnel is a great strength, and many enterprises need the expertise they can offer.
RoarTalk: What is the process of cloud security operations and how long does the delivery process take?
Dongchang: In Alibaba Cloud, cloud security operations are performed through Managed Security Service. By using Alibaba Cloud Managed Security Service, enterprises can invite Alibaba Cloud’s experienced team of experts to help with remote security operations online. After a user activates Managed Security Service online, we immediately activate a DingTalk service group in the background and check the user’s security protection status based on the user’s ID on Alibaba Cloud. Then, we perform security hardening based on the check results, help the user resolve security protection defects, and provide 24/7 security monitoring and alert support. We notify the user of any attacks immediately and help them resolve the attack. It takes about 30 minutes for a user to consult about Managed Security Service, place an order, and activate the service. Then, the user has immediate access to expert services.
RoarTalk: What is the effect of cloud security operations on security O&M and defense capabilities? Can we automate routine O&M and defense?
Dongchang: The cloud security operation function can help security engineers perform routine security operations on the cloud, such as security analysis, processing, and emergency response. This automates routine operations and defense, and improves the security protection level and emergency response time. This allows experts in different fields, such as cybersecurity, host security, and cloud architecture security, to provide centralized security services in the background, helping small enterprises raise their security levels to the middle and advanced levels in the cloud computing field.
Alibaba Cloud Managed Security Service integrates the leading security technologies of Alibaba Cloud’s security products, to implement product coordination and 24/7 security monitoring and alerting. It is difficult to coordinate conventional security services among security protection devices of different manufacturers and brands, causing security threats.
Alibaba Cloud provides customers with considerable security services that are backed by security experts who work on every Double 11 Shopping Festival. Each customer can enjoy the same level of security as Double 11. In contrast, conventional offline security services cannot dispatch excellent security experts to provide customers with onsite services.
Editor’s note: Many enterprises have improved their productivity through cloud computing, but they do not highly recognize cloud-based service provisioning. However, enterprises have to resort to cloud services during the COVID-19 outbreak.
Cloud providers switch from a single output of computing power to service provisioning through cloud platforms, which is a virtuous cycle for the cloud industry.
RoarTalk: Affected by the epidemic, many companies have suspended their business. Do you think this is an opportunity to promote cloud security products and services?
Dongchang: During the epidemic, the information security industry suffered from less impact than the tourism, catering, and hotel industries. However, some companies need to scale up servers and security devices due to the surge in online business. Business is affected because personnel cannot arrive at the designated sites. The impact also extends to security consulting services that require communication with users. Cloud computing can be scaled up in an elastic and remote manner. Security products and services can be activated online. These advantages will gradually grow.
RoarTalk: Alibaba Cloud is an important service provider in the cloud marketplace. Did any changes or trends occur in the cloud service marketplace during the epidemic?
Dongchang: Cloud services, such as telecommuting, online education, and online medical services, were promoted during the epidemic. An increasing number of enterprises resorted to Managed Security Service on the cloud to mitigate the epidemic impact. This trend is supported by the data of consulting institutions such as Gartner and IDC, as well as the growth and benefits of cloud computing. Security is based on the speed, technology, and final cost of automatic attack defense. These factors play an important role in cloud computing.
It is the future trend for enterprises to entrust security operations to cloud service providers for online hosting. Cloud service providers have a deep understanding of cloud security threats and solutions. Compared with enterprise-purchased external security products, the security products and solutions of cloud native can be better integrated with the cloud to eliminate security threats on the cloud.
Users of Alibaba Cloud Security services have access to high-level security capabilities parallel to those that are provided within Alibaba by cloud security experts engaged in the Double 11 Shopping Festival.
From a technical point of view, the security field, like the epidemic situation, is actually a war zone. The speed of vaccine and virus control measures must be faster than the speed of virus propagation and mutation. The speed of security monitoring and protection must be faster than the speed of vulnerability detection. Therefore, security depends on speed and technology. We have deployed millions of security probes on the cloud. Once security vulnerabilities and threat intelligence are detected, data can be quickly shared across the network and threats can be blocked with one click. This is impossible to achieve through conventional O&M.
Customers can better focus on their business growth after their security problems have been resolved by the best experts in the most rapid and cost-effective manner. Customers’ pursuit of cloud security is also the future goal of cloud security hosting and cloud security products.
Whether due to industry trends or to demand resulting from broader social situations, the provisioning of security services as cloud security operations is expected to see explosive growth. In the long run, when cloud computing becomes a basic productivity tool, cloud security services will also become an essential security service format for small- and medium-sized enterprises. From this perspective, the cloud will soon encounter an inflection point.
While continuing to wage war against the worldwide outbreak, Alibaba Cloud will play its part and will do all it can to help others in their battles with the coronavirus. Learn how we can support your business continuity at https://www.alibabacloud.com/campaign/fight-coronavirus-covid-19