农业农村部信息中心,北京 100125
【目的】 为了提高云安全防护能力,充分保障云平台上信息系统、网络和数据安全,文章探索构建云安全管理平台,实现安全资源统一管控、安全服务自动化部署、云内安全态势感知、大数据联动分析防御,形成全方位的安全保障体系,有效应对各类网络和数据安全风险挑战。【方法】 以云安全管理平台建设,实现多源异构安全资源集约化、安全能力服务化、安全管理智能化,依托虚拟化技术和人工智能算法,充分集成检测类、防护类、审计类等多种安全能力,按照层次化、模块化、体系化的方法开展网络和数据安全治理。【结果】 实现云上安全资源动态扩容、安全能力按需分配、业务需求快速响应,形成全方位的安全监测能力、安全纵深防御能力、安全综合审计能力、安全态势感知能力,从云外攻击防御、云内安全管控两大维度提高云平台安全防护水平。【结论】 通过云安全管理平台设计研究,丰富了云平台的防护措施和管理手段,为云上信息系统、网络安全、数据安全探索了一条可复制可推广的有效路径,为云安全管理提供了有效参考。
关键词:  云安全  网络安全  数据安全  云安全管理
Research on the design of cloud security management platform
Hu Yajie
Information Center of Ministry Agriculture and Rural Affairs,Beijing 100125,China
Purpose In order to improve cloud security protection capabilities,and ensure the security of information systems,networks and data on cloud platforms,this paper explores the construction of a cloud security management platform,achieving unified control of security resources,automated deployment of security services,cloud security situation awareness and big data linkage analysis and defense,forming a comprehensive security guarantee system that can effectively respond to various network and data security risks and challenges.Method Building a cloud security management platform to achieve the intensification of multi-source heterogeneous security resources,the service-oriented security capabilities,and the intelligence of security management. Relying on virtualization technology and artificial intelligence algorithms,we fully integrated various security capabilities such as detection,protection and auditing,and carry out network and data security governance in a hierarchical,modular and systematic manner.Result Realized dynamic expansion of cloud security resources,on-demand allocation of security capabilities,and rapid response to business needs. We had also achieved comprehensive cloud security monitoring capabilities,deep defense capabilities,comprehensive auditing capabilities and situational awareness capabilities. We had greatly improved the security protection level of cloud platforms from two dimensions:external attack defense and internal security control.Conclusion Through the design and research of the cloud security management platform,the protection measures and management methods of cloud platforms have been enriched,and a replicable and promoteable effective way for information systems,network security and data security on the cloud has been explored,providing an effective reference for cloud security management.
Key words:  cloud security  network security  data security  cloud security management