Telecom Operator Industry
Practice of Implementing Inherent Security Capabilities for Cloud-Native Applications in the Telecom Operator Industry
Business Requirements
As one of the critical infrastructure sectors, the communications industry boasts an extremely large and complex ecosystem of information systems and networks. With the deepening informatization of the industry and the widespread adoption of cloud-native application architectures, characteristics such as microservice-oriented applications, diversified forms, large-scale deployments, dynamic operations, and agile lifecycles have significantly expanded the security risk landscape of digital applications. The security and integrity of applications, data, infrastructure, and networks are facing severe challenges, making cloud-native application security assurance an urgent priority.
Solution
Technical Architecture
Leveraging Xmrrior Xmaze AI Development Security Guard, Xcheck Software Composition Analysis Platform,Xmaze lAST Security Testing Platform andXshark RASP Adaptive Application Protection Platform, we cover phases including planning, coding, building, testing, integration, delivery, operation & maintenance, and monitoring. Through lightweight threat modeling, AST key toolchain construction, RASP runtime protection, security compliance auditing, penetration testing, API security governance, and microservice security governance, we effectively ensure the security of cloud-native applications.
Achievements and Benefits
In cloud-native scenarios, security focuses more on business-critical applications themselves and container infrastructure. Establishing a cloud-native DevSecOps agile security system addresses the incompatibility of traditional security technologies in cloud-native environments, strengthens the protection against business application vulnerabilities and data risks, improves the security and stability of the entire business system, and reduces information security risks. This enables the sustainable development of businesses in cloud-native scenarios.
Honorary Recognition
China Telecom Research Institute's "Yundao-based DevSecOps Adaptive Threat Management Solution" was awarded one of IDC China's Top 20 Outstanding Security Projects.
The establishment of the "China Top 20 Outstanding Security Projects" award fully recognizes the innovative ideas and bold practices that empower enterprises' digital transformation through technological innovation and security. It also provides a reference target for enterprises navigating digital transformation and offers a basis for judging project selection and implementation. The Yundao-based DevSecOps Adaptive Threat Management Solution, co-created by Xmirror Security and China Telecom Co., Ltd. Shanghai Research Institute, stood out after multiple rounds of selection and ultimately won the award.
Scan the QR code for access
to the detailed scheme of the award - winning case.
to the detailed scheme of the award - winning case.