In the hosted cluster architecture of Container Compute Service (ACS), security compliance must follow the principle of shared responsibility. ACS secures the cluster infrastructure and control plane components. Learn about the shared responsibility model for ACS.
Terms
This topic uses the following terms:
-
Platform: the ACS console.
-
Customer: a customer of ACS.
Security responsibility principles
ACS is a serverless platform that fully hosts resources. The following principles define the security boundary between Alibaba Cloud and customers.
1. Responsibilities of Alibaba Cloud
Alibaba Cloud ensures the security and reliability of the serverless platform, including infrastructure security, secure data storage and processing, and customer data confidentiality. Alibaba Cloud maintains compliance of infrastructure, management, and security practices, protects customer applications from attacks, and guarantees data privacy and integrity.
2. Customer responsibilities
Customers ensure the security of their serverless applications, including data security, access control, code security, and code auditing. Customers must implement authentication and authorization to restrict access to authorized individuals or teams. Key principles:
-
Customer-initiated risks: Customers are liable for business interruptions caused by deploying pods with potential security risks or excessive authorization.
-
Requested container privileges: The platform disables features that may compromise container stability and security, such as privileged mode and capabilities. Customers can request these features, but are liable for any resulting issues, such as lateral attacks on other pods in the cluster.
3. Co-managed resource security
Some platform resources, such as pod security groups created by customers, are co-managed by Alibaba Cloud and customers. Ideally these resources are fully hosted on Alibaba Cloud, but customers may want to manage them. The following principles apply:
-
Each party owns its risks. If a customer deploys risky pods or uses malware-injected images, the customer is liable for resulting failures. Alibaba Cloud guarantees that all ACS-managed pods do not have potential risks and do not affect customer workloads.
-
Both parties follow the least privilege principle. If a customer over-exposes resources to public access, the customer is liable for any resulting attacks. Alibaba Cloud ensures that ACS pod security groups are not over-exposed and that no container escape risk exists in customer pods.
Security requires both Alibaba Cloud and customers to fulfill their responsibilities. Alibaba Cloud ensures infrastructure security and compliance. Customers ensure application and data security. For shared responsibilities, Alibaba Cloud proactively mitigates risks and provides serverless services with enhanced security.
Responsibility model overview
Understand the responsibility boundary between Alibaba Cloud and customers before you design and deploy your systems. Alibaba Cloud hosts ACS cluster infrastructure and secures the runtime environment and components. The following diagram illustrates the responsibilities of each party in the ACS serverless architecture.
1. Responsibilities of Alibaba Cloud
On the control plane side, Alibaba Cloud enhances the security of control plane components in ACS clusters based on common security standards such as CIS Kubernetes Benchmarks and guarantees the security of the lifecycle of cloud-native applications based on Security system overview. The following table describes Alibaba Cloud security responsibilities.
|
Security item |
Description |
|
Infrastructure security |
|
|
Security of elastic computing resource pools |
|
|
Security of control plane components and hosted components |
Cluster authentication, certificate management, Secret management, port exposure assessment, VPC isolation, and security group configuration. |
|
Security of non-hosted components and charts in the marketplace |
Standardizes key configurations for security. |
2. Customers
On the data plane side, the security O&M engineers of customers must ensure the security of applications deployed on the cloud and are responsible for the security configuration and updates of cloud resources. The following table describes customer security responsibilities.
|
Security item |
Description |
|
Application security |
|
|
O&M security |
Manage network, storage, and observability configurations for business workloads. |
|
Business component security |
Strictly limit operator and webhook business logic to prevent compromising the security of other applications. |
|
Security of non-hosted components and charts in the marketplace |
|