Frost & Sullivan, in collaboration with LeadLeo, released the '2023 China Cloud Native Security Market Report'. The research topic of this market report is the 2023 China cloud native security market, focusing on product capabilities such as cloud native security architecture, container security, cluster security, microservice security, and cloud platform security services. The research period spans from the second half of 2022 to the first half of 2023.
This research project will focus on sorting out the application characteristics, market features, development history, competitive landscape, and other information of cloud-native security solutions in different fields such as finance, government affairs, telecommunications, healthcare, and education. It will also make speculations or predictions about market development prospects from the dimensions of value creation and technological development.
The cloud-native security capability needs to form a perfect corresponding relationship with the cloud-native infrastructure architecture, and flexible and precise security detection should be formed for different sections such as cloud workload platforms, containers and clusters, container orchestration management systems, etc.
While cloud-native architecture brings elastic and scalable dynamic working environments to public, private, and hybrid cloud environments, it also poses new challenges to asset security and data security. For core components such as containers, service meshes, microservices, infrastructure, and declarative APIs under cloud-native architecture, security service providers need to build and optimize cloud security protection capabilities with a different approach from traditional network security. This helps end-users achieve development security, test security, delivery security, and application security under the new architecture while enjoying the advantages of cloud-native such as distributed, elastic scalability, agile deployment, and multi-coupling. It also integrates machine learning and deep learning technologies to further promote automated security protection.
From the perspective of security architecture, cloud-native security capabilities are clearly mapped to cloud-native architecture. Core functional areas include infrastructure code security, container security, image security, application security, cluster security, and cloud-native data security. As the granularity of infrastructure computing and running continues to refine, the detection and protection capabilities required at different levels (network, computing, storage, application, big data, etc.) for cloud-native security are also being continuously refined. This will support the flexible selection of security modules by end-users when building hybrid cloud architectures, allowing them to be deployed flexibly.
Business security risks caused by rapid infrastructure upgrades or resistance to cloud-native adoption
Enterprise users' adoption of cloud infrastructure has evolved from initial cloud adoption to current deep application of cloud-native architecture. The change in architecture brings more security challenges, and migration may face more potential and actual security incidents. Cloud security service providers need to quickly deploy effective detection, monitoring, prediction, protection, repair, and tracing capabilities for different architecture layers such as cloud platforms, containers, CVMs, serverless environments, container orchestrators, and Infrastructure as Code (IaC), helping enterprise users avoid economic losses due to security breaches while upgrading business efficiency.
Users value refined configuration management, authorization mechanisms, access control, and encryption mechanisms.
In most business scenarios, enterprise users deploy cloud-native architectures in a step-by-step manner, from initial evaluation planning to containerization, introduction of cloud-native technologies, and reconstruction of application architecture. Different levels of risks faced during the entire process require corresponding security protection measures and tools.
① The cloud workload platform is the foundation for building cloud applications. With the surge in workload, platform vulnerabilities and application vulnerabilities inevitably increase significantly. Users urgently need to achieve compliant configurations while managing a large number of workload platforms;
② At the container, image, and cluster levels, end-users require security service providers to offer more flexible and scalable authentication and authorization control mechanisms, effective identification and protection against vulnerabilities and threats in container-to-container and cluster-to-cluster communication traffic, and establish isolation policies that can be quickly scaled for application;
③ At the container orchestrator level, access control and authentication requirements for core communication nodes such as ports and hosts are more stringent, and users need to ensure compliant access to core operating systems and nodes;
④ At the code level, while users enjoy the convenience of one-click deployment, they also need precise configuration to reduce asset exposure and implement comprehensive encryption measures.
Compared with virtualized cloud processes, cloud-native environments have fundamental differences in architecture and application patterns. Models such as IaC, containers, container orchestration systems, microservices, and serverless architectures can better leverage the flexible and elastic advantages of cloud computing.
The establishment of security protection policies at the infrastructure code level is a representative practice of left-shifting security. Although in cloud-native environments, compliance configurations of containers, images, and clusters are more susceptible to attention due to security detection and protection policies, infrastructure code is the foundation of cloud-native workflows. It is recommended that users pay attention to building security checkpoints at this level, adopt stricter access policies, strengthen asset security, and shift the access mechanism from container and image levels to infrastructure code.
Based on enhanced security configuration at the infrastructure layer and the construction of an admission management mechanism, cloud-native users can more conveniently enable IaC command-line and declarative script templates, and obtain template replicability, maintainability, and security. Security service providers can continuously scan the configuration of IaC templates to promptly detect vulnerabilities and control risks before the business production process, ensuring the smooth implementation of CI/CD.
Containers and container orchestrators form the cloud-native standardized infrastructure. The application of containers and container images has grown exponentially, and the increasingly complex underlying ecosystem poses more challenges to security management. Privileged account risks at the container level, attack evasion risks, and container image vulnerabilities can all lead to rapid infiltration of attacks within an organization. Improper configurations or component vulnerabilities at the container orchestrator level can also amplify the risk exposure, such as port vulnerabilities, critical control node hijacking, key leakage, or unverified credentials, which can all lead to intrusion into underlying computing resources.
CVMs are the foundation for carrying all workload in cloud-native environments. There may be vulnerabilities or port exposure risks due to improper baseline configurations or missing asset archives. In the event of an attack or intrusion, a compromise of CVMs can propagate to the entire cloud platform. In a hybrid cloud environment, there may be more complex risk propagation effects.
Microservice modules under cloud-native architecture are essentially application components. They decompose complex applications into multiple service modules in form, and transfer computing instructions between service modules through APIs. The split microservice modules provide greater convenience for developers, support the writing of different development languages, and constitute an application system as a whole. Given the splitting of service modules, the microservice architecture can help developers update applications in a more flexible manner, enabling rolling updates and grayscale releases of service modules in a cloud-native environment.
Microservice architecture has rapidly become popular in global development environments, and the serverless (FaaS) framework has emerged as a result. This enables enterprise developers to focus more on the characteristics and development requirements of their business, freeing them from the limitations and inefficiencies of traditional development environments. Although microservice architecture supports better splitting and more orderly fault management (such as circuit breaking and throttling), the security challenges that arise are also increasing rapidly compared to traditional development and operations environments.
The allocation of cloud computing applications and processes has risen from the infrastructure layer and system level to the cloud system level, requiring finer-grained services and inter-service communication security capabilities; AI technology and cloud-native security have a two-way driving relationship.
As enterprises across various industries move towards cloud deployment, digital businesses are rapidly demanding more scalability, agility, and flexibility from IT resources. In traditional cloud models, computing resources migrate from hardware devices to virtualized systems, but they are still fundamentally allocated based on devices and cannot meet the exponential growth needs of digital businesses for IT resources. The application of cloud-native architecture further takes virtualized computing resources as the foundation for a total control platform for computing power, building direct support for application systems.
The key technical elements of current enterprise application cloud-native architecture include four aspects:
4) Continuous delivery: Automate application delivery, supporting rolling deployment, grayscale deployment, rollback, and other capabilities.
Under the cloud-native architecture, security service providers can leverage rapidly iterating AI capabilities to achieve seamless security management and penetration of security features across development, deployment, and operations. Specific application directions include the construction of intelligent SASE platforms, AI supply chain management, automated operation of security centers, and operational security automation.
-
The SASE platform leverages AI technology to achieve unified management and automated Ops.
The SASE platform can provide unified network security capabilities and services for public clouds, local data centers, mobile devices, SaaS, cloud computing infrastructure, etc.
-
The cloud-native security platform framework and AI supply chain management are highly compatible.
The cloud-native security protection platform can provide AI supply chains with finer-grained security protection capabilities and dynamic compliance configuration services.
-
Granular refinement of log, threat intelligence, and alarm data enables rapid security detection and analysis.
The log statistics and alarm capabilities at different levels of cloud-native security need to integrate AI technology to promote fine-grained data collection and training, thereby shortening the vulnerability detection cycle and advancing security in advance.
Frost & Sullivan, in collaboration with LeadLeo, conducted a multi-factor hierarchical assessment of the competitiveness of China's cloud-native security market based on two major evaluation dimensions: growth index and innovation index. The assessment covered six major indicators: security of basic cloud-native environments, network management and authorization control, market growth, security detection and posture management technology capabilities, security protection upgrades, and security policy and service upgrades.Based on the comprehensive scores of the 'Innovation Index' and 'Growth Index', Qingteng Cloud Security, Huawei Cloud, Tencent Cloud, and Changting Technology are positioned at the leading tier in China's cloud-native security market.
-
Qingteng Cloud Security
The Qingteng CNAPP platform is independently developed by Qingteng, mainly focusing on two aspects: security left shift and runtime security. Throughout the full lifecycle of cloud-native applications, it provides native and integrated security capabilities. It can be deeply integrated into complex and ever-changing cloud-native environments such as PaaS cloud platforms, OpenShift, Kubernetes, Jenkins, Harbor, JFrog, etc. By offering a one-stop container security solution covering the entire lifecycle of containers, Qingteng Hive can achieve a secure closed-loop of container security prediction, defense, detection, and response.
The core concept of the Qingteng CNAPP platform is mainly reflected in two aspects: ① During the development phase (Dev), following the 'Security First' principle, ensuring security upon deployment; ② During the operation phase (Ops), following the 'Continuous Monitoring and Response' principle, achieving full self-adaptation.
-
Huawei Cloud
Huawei Cloud has launched the new phase of cloud-native 2.0, making significant progress in resource intelligent scheduling, agile development and deployment, business automation operations and maintenance, and security and trustworthiness. In the cloud-native security and trustworthiness segment, Huawei Cloud has built a comprehensive protection system including application security, protecting cloud load security, data security, and managing security posture. Relying on Web Application Firewall (WAF), DDoS High Defense, Enterprise Host Security, and Situational Awareness Services, it provides a more granular protection toolchain for public and hybrid cloud environments. In terms of infrastructure code security, cloud-native security posture management (KSPM), API security protection, and key management, Huawei has provided innovative strategies and technical points in 2023.
-
Tencent Cloud
Tencent Cloud's CNAPP provides enterprises with full lifecycle security protection for cloud-native applications by deeply integrating product features such as CWPP and CSPM, achieving a one-stop security solution. Currently, Tencent Cloud's CWPP mainly integrates cloud-native security capabilities including host security and container security, constructing a complete host/container protection system of "prevention - defense - detection - response". It has leading advantages in multiple security capabilities such as vulnerability defense, intrusion detection, threat intelligence, and big data analysis. Tencent Cloud Security Center (CSPM) is Tencent Cloud's unified cloud security operation platform, fully connecting the three lines of security defenses: cloud firewall, cloud WAF, and CWPP. It can provide enterprises with one-click security health checks, including CSPM cloud security configuration check, risk service exposure detection, and no-deployment vulnerability scanning. It provides one-stop security operations for enterprise users, enabling them to handle security alarms with one click through the three lines of defense, greatly improving security operation efficiency.
-
Changting Technology
Changting Technology has been deeply involved in the iterative innovation of hybrid cloud-native security technologies. Its security products are deeply integrated with cloud infrastructure and virtualization environments, and its cloud-extension security solutions have been widely practiced in fields such as finance, government affairs, and the Internet. Relying on Changting Cave Insights (X-Ray) to effectively manage enterprise assets under cloud-native architectures, Changting SafeLine supports the next-generation Web application firewall to achieve modular underlying architecture and container cloud-native security. Changting T-ANSWER enables advanced threat analysis and early warning. In addition, it also includes Changting COSMOS, Cloud Atlas, CloudWalker, and D-Sensor to build comprehensive security protection for cloud security posture, cloud hosts, and private networks in multi-cloud environments.
