摘要
以容器、编排和微服务为代表的云原生技术,已被众多企业用于搭建和运行关键信息基础设施、信息交互平台及应用系统。云原生采用一种新方法构建和运行应用程序,充分利用云计算模型和容器调度程序。云原生的出现提高了开发敏捷度,缩短了新功能和新服务的开发时间。通过对云原生基础设施、容器、无服务器功能、软件定义一切、云服务不断扩展等方面展开信息安全风险分析,云原生的发展也带来了诸多信息安全风险,已有的安全防护策略在云原生时代虽然仍有作用,但是并不足以保持现代基于云原生的工作负载的安全性和合规性。本文最后提出代码审计、微隔离、Kubernetes API访问控制、无服务器功能防护等防护手段。
Cloud-native technologies,represented by containers,orchestration,and microservices,have been used by many enterprises to build and operate key information infrastructure,information interaction platforms,and application systems.Cloud native use a new method to build and run applications,making full use of cloud computing models and container schedulers.The emergence of cloud-native improves development agility and shortens the development time for new features and services.By analyzing the information security risks of cloud-native infrastructure,containers,serverless functions,Software Defined Anything(SDX),expanding cloud services,it is found that the development of cloud-native also brings many information security risks.Although the existing security protection strategy still works in the cloud-native,it is not enough to maintain the security and compliance of modern cloud-native workloads.Finally,this paper proposes code auditing,microisolation,Kubernetes API access control and protection measures for serverless functions.
作者
康金鹏
叶琼瑜
任悦
Kang Jinpeng;Ye Qiongyu;Ren Yue(Shanghai Electrical Apparatus Research Institute,Shanghai,200063;Shanghai Electrical Apparatus Research Institute(Group)Co.,Ltd.,Shanghai,200063;Shanghai Testing&Inspection Institute for Electrical Equipment Co.,Ltd.,Shanghai,200063)
出处
《工业信息安全》
2022年第10期69-74,共6页
Industry Information Security
