|
Work item:
|
X.fr-msp
|
|
Subject/title:
|
Functional Requirements of Microsegmentation Platform in a cloud-based environment
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2027-03 (No priority specified)
|
|
Liaison:
|
-
|
|
Supporting members:
|
China Telecom, ZTE
|
|
Summary:
|
The network architecture has evolved from traditional IT architecture to virtualization, hybrid cloud, and containerization, making internal isolation increasingly challenging. Traditional cloud security products lack effective control measures for internal cloud security, making it difficult to achieve fine-grained isolation control based on business needs. Once the boundary defences are breached or circumvented, attackers can laterally move within the cloud and cause havoc. Microsegmentation is a crucial means of securing cloud workloads. It involves two main processes: policy decision and policy enforcement, generally equipped with the following capabilities: 1) security policy management; 2) visualization of east-west traffic; 3) fine-grained isolation and access control capabilities; 4) policy-adaptive computing.
For cloud service providers and cloud service customers, deploying and applying microsegmentation can provide visibility and monitoring of traffic in cloud-based environments. Besides addressing isolation issues for local data centre workloads in hybrid IT, it can also extend to various types of cloud workloads and containers, preventing attackers from laterally moving within the network after entering the cloud environment, thereby reducing the attack surface.
This proposal will first introduce the application scenarios that urgently require microsegmentation technology. Then, based on the security requirements of cloud environments, it proposes a reference architecture, functional requirements, and workflow procedures for microsegmentation platform in cloud-based environments. Finally, it standardizes the security requirements for the microsegmentation platform.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2024-03-12 14:29:54
|
|
Last update:
2024-03-12 14:34:06
|
|
