On June 24, the "2022 First Business and Application Security Development Forum" hosted by the China Academy of Information and Communications Technology (hereinafter referred to as "China Academy of Information and Communications Technology") was held in Beijing.
At the meeting, the China Academy of Information and Communications Technology announced the results of the 2022 Trusted Business and Application Security Assessment, the 2022 Security Guardian Program - Excellent Cases on Business and Application Security, and announced the first batch of "Business Security Promotion Plan" member units. It released the "Business Security Panorama View" and "Application Security Panorama View" , and jointly released the "Business Security White Paper - Digital Business Risk and Security" with Beijing Dingxiang Technology Co., Ltd., and many industry experts were invited to share at the meeting. .
Li Wei, deputy director of the Institute of Cloud Computing and Big Data, China Academy of Information and Communications Technology, said in his speech that under the guidance of policies, digital transformation has become an inevitable choice for enterprise development. Solving business and application-level risks in an increasingly complex digital environment has become a must-answer in enterprise digitization.
The Cloud Computing and Big Data Research Institute of China Academy of Information and Communications Technology has carried out a number of work on business and application security. While promoting the construction of relevant standards and evaluation systems, it has also built an industry-wide business and application security exchange platform. In the follow-up, CAICT will continue to improve its research work, focus on cutting-edge technologies and key industry needs and pain points, and organize a series of seminars, technical salons and other activities to promote communication between supply and demand.
The China Academy of Information and Communications Technology has developed the trusted security assessment system for many years, and this forum released three latest assessment results.
The first is the first batch of business security capability assessments. In the digital age, companies have introduced new technologies one after another. Many business security issues are highlighted. Against this background, the China Academy of Information and Communications Technology, together with industry experts, jointly compiled a series of standards for "Requirements for Business Security Capability", and carried out the first batch of business security capability assessments based on the standards.
The companies that passed the first batch of business security capability assessments are:
- Alibaba Cloud Computing Co., Ltd. Alibaba Cloud Shield - Content Security V2.0
- Huawei Cloud Computing Co., Ltd. Content Review Service V2.0
- Tencent Cloud Computing (Beijing) Co., Ltd. Privacy Protection Decision System - Credit Version V3
- Tencent Cloud Computing (Beijing) Co., Ltd. Privacy Protection Decision System - Transaction Anti-Fraud V3
- Beijing Dingxiang Technology Co., Ltd. Dingxiang Defense Cloud V5.3.1
The second is the first cloud web application firewall capability assessment. Web application firewall is one of the important products to ensure user application layer security, and cloud WAF is an important part of it, and it is also the future development trend. The China Academy of Information and Communications Technology, together with industry experts, jointly compiled the "Cloud Web Application Firewall Capability Requirements" standard, and also carried out the first batch of cloud Web application firewall capability assessments according to the standard.
The enterprises that passed the first batch of cloud WEB application firewall capability assessments are:
- Huawei Cloud Computing Technology Co., Ltd. Huawei Cloud Web Application Firewall V2
- Inspur Cloud Information Technology Co., Ltd. Yunyu WAFV1.0
- E-surfing Cloud Technology Co., Ltd. Web Application Firewall (Edge Cloud Edition) V1
- Beijing Volcano Engine Technology Co., Ltd. Web Application Firewall V2.4
The third item is cloud service security capability assessment, which has been widely recognized by industry enterprises and key users.
Enterprises that have passed the cloud service security (IaaS/PaaS security) assessment are:
- Beijing Volcano Engine Technology Co., Ltd. Cloud Server V3.0
- China Mobile Communications Group Co., Ltd. Mobile Cloud Bare Metal Server V5.1.0
Businesses that passed the Cloud Service Security (SaaS Security) assessment are:
- ZTE Corporation RDCloud (R&D Cloud) V1.22.23
- China Mobile Communications Group Co., Ltd. China Mobile Public Opinion V4.6.2
- China Mobile Communications Group Co., Ltd. Cloud Customer Service V1.3.6
- China Mobile Communications Group Co., Ltd. Cloud Backup V2.6.1
- China Mobile Communications Group Co., Ltd. Live Video V2.5.0
In order to guide the development direction of products and services in the security field, the China Academy of Information and Communications Technology launched the "2022 Guardian Program - Business and Application Security Special" outstanding case collection activity. After several rounds of strict evaluation, the China Academy of Information and Communications Technology officially released the results of the selection of outstanding business and application security cases at the meeting. A total of 8 outstanding cases passed the evaluation. The specific list is as follows:
In the face of business security governance problems such as gray and black production, the China Academy of Information and Communications Technology, together with industry companies, jointly established the "Business Security Promotion Plan" at the conference, aiming to build a platform for exchanges and cooperation between all parties in the industry and promote the sound development of the business security industry. The list of the first members is as follows:
Enterprises interested in entering the plan are welcome to contact us for the registration of the next batch of member units.
In order to help enterprises better understand the overall picture of the domestic business and application security industry, and jointly resist various risks under the digital wave, the China Academy of Information and Communications Technology officially released the business security panorama (2022) and application security panorama (2022) at the meeting.
In the follow-up, the panoramic view will continue to be updated and iterated. On the one hand, it will combine the latest trends in the development of the industry to improve product and service classification;
Business Security Panorama View
Scan the QR code above to download the business security panoramic view
App Security Panorama
Scan the QR code above to download the app security panorama view
Guo Xue, deputy director of the Open Source and Software Security Department of the Cloud University of China Academy of Information and Communications Technology, gave an in-depth interpretation of the panoramic view of business and application security. Guo Xue said that in the digital age, there are various forms of business and application security risks, which have threatened the security development of enterprises. It is imperative to build a business and application security system. CAICT is actively exploring the field of business and application security, and has achieved a series of results. In the future, it will continue to make efforts in standard construction, industrial research, and ecological construction to promote the application of business and application security in various industries.
Guo Xue, Deputy Director of the Open Source and Software Security Department of the China Academy of Information and Communications Technology, delivered a speech
In order to help enterprises sort out the business security risks and corresponding prevention and control technologies, and build a more complete business security system, Beijing Dingxiang Technology Co., Ltd. and China Academy of Information and Communications Technology Co., Ltd. jointly compiled the "Business Security White Paper - Digital Business" Risk and Safety" and was officially released at the conference.
Scan the code to download "Business Security White Paper - Digital Business Risk and Security"
Yuan Ye, senior vice president of Beijing Dingxiang Technology Co., Ltd., made a detailed interpretation of this white paper. Yuan Ye said that in the digital age, enterprise business security has created new requirements with the development of digital business. Enterprises need to build a system that provides full-process protection, meets different business scenarios, has various industry strategies, and can achieve precipitation and change based on their own business characteristics. Evolved business security cloud. In the future, the overall business security will develop in a three-dimensional, refined, intelligent, and cloud-based manner. The combined application of new technologies and business prevention and control technologies will help business security innovation and upgrade.
Yuan Ye, Senior Vice President of Beijing Dingxiang Technology Co., Ltd. delivered a speech
In the digital age, enterprises have introduced new technologies one after another, and many business security issues have become prominent. In this context, the China Academy of Information and Communications Technology officially released the first series of standards of "Business Security Capability Requirements" at the meeting. Wei Bin, engineer of the Open Source and Software Security Department of the Cloud University of China Academy of Information and Communications Technology, explained the standards. This standard mainly classifies and sorts out common business security scenarios in the industry, and provides guidelines and industry standards for enterprises to effectively identify and protect business risks.
Wei Bin, engineer of the Open Source and Software Security Department of the Cloud University of China Academy of Information and Communications Technology, delivered a speech
In order to standardize the cloud WAF capability requirements and promote the application of cloud WAF in domestic enterprises, the China Academy of Information and Communications Technology released the first domestic standard "Cloud Web Application Firewall Capability Requirements" at the meeting. Engineer, Open Source and Software Security Department, Cloud University, China Academy of Information and Communications Technology Li Yichen interprets this standard. This standard puts forward requirements for cloud WAF capabilities from multiple levels, and provides an effective reference for domestic enterprises to effectively respond to increasingly complex WEB attacks in the cloud era and to test cloud WAF technical capabilities.
Li Yichen, engineer of the Open Source and Software Security Department of the Cloud University of China Academy of Information and Communications Technology, delivered a speech
At the meeting, representatives from all parties in the industry shared the latest technologies and industry best practices in the field of business and application security: Duan Xinfa, senior technical expert of Alibaba Cloud Cloud Security, shared "Alibaba Cloud Business Risk Control Practice - Marketing Anti-Cheat"; word Huang Yuanjun, head of network security at Jiebeat, introduced the "Volcano Engine Application Security Protection System Construction"; Tianyi Cloud Network Security Expert Lin Shundong gave a keynote speech on "Transformation of Cloud WAF to WAAP in the Era of Distributed Cloud"; Midea IoT Software and Peng Jungang, head of cloud security, shared the "Practice of Midea Smart Home Privacy Compliance System Construction"; Li Kai, Product Manager of Inspur Cloud Security, introduced "Web Application Firewall Based on Distributed Architecture - Inspur Cloud Royal WAF"; Huawei Cloud Security Senior Product Manager Yan Feng gave a keynote speech on "Web Protection, Only Fast and Unbreakable".
The convening of the first Business and Application Security Development Forum in 2022 provides a communication platform for technical experts and managers from the security industry, and provides new ideas for enterprises to deal with digital risks and build a more complete and efficient security capability system. The industrial development of business security and application security has played an active role in promoting it.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。