All Products
Search
Document Center

Container Compute Service:Shared responsibility model

Last Updated:Dec 16, 2024

In the hosted cluster architecture of Container Compute Service (ACS), security compliance must follow the principle of shared responsibility. ACS is responsible for ensuring the security of the infrastructure resources on which clusters are deployed and the security of control plane components. This topic describes the shared responsibility model of ACS.

Terms

The following terms are frequently used in this topic:

  • Platform: refers to the ACS console.

  • Customer: refers to the customers of ACS.

Principles for allocating security responsibilities

As a serverless platform, ACS fully hosts resources. Alibaba Cloud and customers must be aware of the boundary between their own security responsibilities. The following principles are used to allocate responsibilities.

1. Responsibilities of Alibaba Cloud

Alibaba Cloud bears the responsibility of ensuring the security and reliability of the serverless platform, guaranteeing infrastructure security, providing secure data store and processing services, and protecting the confidentiality of customer data. Alibaba Cloud must ensure the compliance of infrastructure, management, and security practices, protect the applications of customers against attacks, and guarantee the privacy and integrity of customer data.

2. Responsibilities of customers

Customers bear the responsibility of ensuring the security of serverless applications, including application data security, access control, code security, and code auditing. In addition, customers must take effective authentication and authorization measures to ensure that only authorized individuals or teams can access the applications. The principles include:

  • Customers are responsible for security risks posed by themselves: Customers are liable for business interruptions caused by the deployment of pods with potential security risks or excessive authorization.

  • Customers are responsible for the container privileges that they have applied for: By default, the platform forbids features that may severely compromise the stability and security of containers, such as the privileged mode and capabilities. However, customers can apply for using these features. If stability or security issues occur due to the use of these privileged features, such as horizontal attacks targeting other pods in the cluster, customers are liable for the consequences.

3. Responsibilities for ensuring the security of co-managed resources

Some resources on the platform cannot be managed and used by customers only, such as pod security groups created by customers. In an ideal state, these resources are fully hosted on Alibaba Cloud. Due to certain reasons, customers may want to manage or control these resources. In this case, the following principles are needed.

  • One is liable for the risks that they pose. If a customer created pods that have potential risks or used an image that is injected with malware, the customer is liable for any failures arising therefrom. Alibaba Cloud guarantees that all pods managed by ACS do not have potential risks and will not affect the businesses of customers.

  • Both parties must follow the least privilege principle. If a customer exposes an excessive amount of resources to public access, the customer is liable for any consequences or attacks arising therefrom. Alibaba Cloud guarantees that the security groups of all pods in ACS are not excessively exposed to public access and no container escape risk exists in the application pods of customers.

Security is a comprehensive and layered system that requires Alibaba Cloud and customers to bear their own responsibilities and work closely at the same time. Alibaba Cloud bears the responsibility of ensuring infrastructure security and compliance. Customers bear the responsibility of ensuring application and data security. For shared responsibilities, Alibaba Cloud proactively takes actions to mitigate potential risks and provides serverless services with enhanced security.

Understand the shared responsibility model

You must understand the shared responsibility model and the responsibility boundary between Alibaba Cloud and customers before you design and deploy your business systems. Alibaba Cloud not only hosts the infrastructure of ACS clusters but also guarantees the security of the runtime environment and relevant components. The following figure shows the responsibilities of Alibaba Cloud and customers in the serverless architecture of ACS clusters.

image

1. Responsibilities of Alibaba Cloud

On the control plane side, Alibaba Cloud enhances the security of control plane components in ACS clusters based on common security standards such as CIS Kubernetes Benchmarks and guarantees the security of the lifecycle of cloud-native applications based on Security system overview. The following table describes the security responsibilities of Alibaba Cloud in details.

Security item

Description

Infrastructure security

  • Kubernetes continuous updates and CVE vulnerability patching.

  • Kubernetes access control, network isolation (such as VPCs or inter-VPC tunnels), and storage isolation.

Security of elastic computing resource pools

  • Provides the sandbox technology that targets container OSs.

  • Releases vulnerability notes and patches to target node OSs.

Security of control plane components and hosted components

Conducts cluster authentication, certificate management, Secret management, and assessment of ports exposed to external access, VPC isolation, and security group configurations.

Security of non-hosted components and charts in the marketplace

Standardizes the key configurations to ensure security.

2. Customers

On the data plane side, the security O&M engineers of customers must ensure the security of applications deployed on the cloud and are responsible for the security configuration and updates of cloud resources. The following table describes the security responsibilities of customers in details.

Security item

Description

Application security

  • Ensure the security of application artifact supply chains and runtimes.

  • Encrypt sensitive data, including data in transit and data at rest, and use disk encryption.

  • Follow the least privilege principle when granting permissions and assigning roles.

  • Use application-level protection services provided by Cloud Security, and identify and mitigate potential risks at the earliest opportunity.

  • Follow the least privilege principle when creating containers. Try to avoid applying for excessive privileges.

O&M security

Manage the network configuration and storage configuration of the business cloud and the business observability configuration.

Business component security

Strictly limit the business logic of operators and webhooks in case they compromise the security of other applications.

Security of non-hosted components and charts in the marketplace

  • Install patches suggested by Alibaba Cloud in notices at the earliest opportunity.

  • Follow the security principles when configuring parameters to avoid improper settings or authorization, which can be exploited by attackers.