ITU-T Work Programme

[2025-2028] : [SG17] : [Q8/17]

[Declared patent(s)] - [Associated work]

Work item:

X.1651 (ex X.soar-cc)

Subject/title:

Framework of security orchestration, automation and response for cloud computing

Status:

Determined on 2025-12-11 [Issued from previous study period]

Approval process:

TAP

Type of work item:

Recommendation

Version:

New

Equivalent number:

Timing:

2025-12 (Medium priority)

Liaison:

Supporting members:

Beijing Qihu Keji, China Telecom, China Unicom

Summary:

Nowadays, as network security strategies continue to evolve, the security architecture for cloud service providers (CSPs) or cloud service customers (CSCs) has changed from a simple combination of prevention and recovery to a new stage integrating detection, prevention, and response. Due to the maturity of technological ecology, leading enterprises and organizations have attached greater importance to security orchestration, automation and response (SOAR). SOAR is regarded as the key technology to improve network elasticity and the efficiency of security operations for cloud computing, which can be detailed as follows: By leveraging artificial intelligence (AI), it is possible to establish a security operation functionality in the cloud that includes threat analysis and automatic response, which could greatly improve the efficiency of security operations. In cloud computing, SOAR has naturally a cost advantage. With the development of cloud native technology, there are new approaches to implementing incident response in cloud computing. This Recommendation ITU-T X.soar-cc describes the overview of SOAR for cloud computing, including the definition and the emerging background of SOAR. It also analyses the advantages of SOAR coping with security threats of cloud computing especially in incident responses. Then it also provides a framework of SOAR for cloud computing to improve the efficiency of security operations for both CSPs and CSCs.

Comment:

Reference(s):

[SG17-TD105/WP4 (2025-09)

]