How Cloud‑Native Architecture Turns Security Into an Immune System

Xiao Li, Vice President of Alibaba Group and General Manager of Alibaba Cloud Security, has worked in network security for nearly 20 years, handling various attacks and building security both on‑premises and in the cloud.

Since the early days of cloud security a decade ago, Alibaba Cloud has gradually built a protective system that helps industries establish enterprise security capabilities on the cloud.

The rise of cloud‑native computing deepened his understanding of security, leading to the vision of a native "immune system" that grows within the cloud.

1 Cloud under 20 years: External Security

From 2000 to 2020, thousands of security companies in China offered hundreds of products marketed as "plug‑and‑play," yet compatibility issues often prevented deployment within a month.

Traditional flashy attacks like "Panda Burning Incense" are outdated. Recent complex attacks such as the SolarWinds APT incident and large‑scale DDoS floods have demonstrated the need for more resilient defenses, while ransomware demands can reach billions.

Cloud computing changes this landscape: for example, the Incaseformat worm that spreads via USB was naturally immune in cloud storage, and cloud‑native containers can quickly restore encrypted data after ransomware attacks without paying ransom.

2 Native Security Technology: Built‑in Immune System

Alibaba Cloud’s security practice follows two key concepts: built‑in and pre‑emptive.

Built‑in – security capabilities are embedded directly into the infrastructure, breaking and re‑assembling protection at the single‑point level.

Pre‑emptive – security is considered upstream, establishing both trust and doubt.

Key trends include:

1 Security as a Public Resource on Demand

Enterprises often have limited security resources but need to handle traffic peaks. Instead of maintaining idle “grain reserves,” security can be offered as a SaaS service, scaling on demand. During the pandemic, DingTalk expanded by 20,000 servers in an hour, with security covering the expansion instantly, whereas traditional on‑premise setups would take a month.

2 Infrastructure‑Native Detection and Protection

Security functions are embedded in infrastructure nodes such as SLB load balancers and CDN edges, providing seamless, zero‑impact protection while accelerating traffic.

3 Proactive Repair for Seamless Defense

Earlier security relied on manual patching; now, cloud‑based vulnerability fixes automatically activate protective shields and continuously evolve to remediate threats without service interruption.

3 Native Security Philosophy: Absolute Trust and Continuous Skepticism

Modern enterprises face rapid employee and identity changes, with data flowing across public, private, and edge clouds. A cloud‑native "immune system" must view security holistically, treating data like a bloodstream that requires constant monitoring.

1 Cloud as Trust

Cloud‑native security reduces trust costs, making the infrastructure itself a highly available, trustworthy computing environment.

2 Zero‑Trust for Dynamic Factors

By leveraging identity authentication, network admission, and dynamic permission management, a continuously skeptical, dynamically monitored cloud environment can be achieved.

Hardware‑Rooted Trust and Transparent Encryption

Alibaba Cloud introduced the first SGX 2.0 and TPM‑based trusted virtual instances, and the seventh‑generation ECS instances now include security chips as hardware roots of trust, enabling secure, tamper‑evident startup and supporting secure big‑data computation.

Data is encrypted by default from creation, with automatic key rotation and optional user‑managed keys, ensuring that even if storage is compromised, the data remains unintelligible.

Overall, the goal is to build the world’s safest cloud, offering simple, secure choices amid growing complexity.