摘要
[目的/意义]随着信息技术的飞速发展,越来越多的政府和企业将业务上云,在IT建设运维成本不断降低、管理效率加速提升、应用愈发灵活的同时,网络安全问题日益突出.模糊的网络边界、无处不在的暴露面、复杂的网络环境和严格的安全合规要求等,都对传统的网络安全架构造成极大的冲击,诸如防火墙策略等边界安全模型,已无法满足云计算时代网络安全日益增长的新需求.[方法/过程]针对现今网络安全防御体系存在的种种问题,深入剖析安全架构面临的关键挑战,提出基于零信任安全的云网管理平台.从零信任安全架构着手,深入研究云网管理平台轻量级客户端、管理控制平台、身份校验网关和安全云网资源等内容,探索网络空间中的应用、数据、设备和服务安全保障措施.[结果/结论]最终形成了集完全隔离的安全云网资源、快速升级的零信任架构、减少的互联网暴露面、基于身份认证的网络安全等特性于一体的云网管理平台,从根本上革新了网络安全信任体系,满足了当前政企智慧化应用升级演进的迫切需要.
[Purpose/Significance]With the rapid development of information technology,more and more governments and enterprises will be on the cloud business,IT construction operation and maintenance costs continue to reduce,management efficiency is accelerated,the application is more flexible at the same time,network security issues are becoming increasingly prominent.Fuzzy network boundaries,ubiquitous exposed surfaces,complex network environments and strict security compliance requirements all have a great impact on the traditional network security architecture.Boundary security models,such as firewall policies,have been unable to meet the growing new needs of network security in the cloud computing era.[Method/Process]In view of the problems existing in today's network security defense system,the key challenges facing the security architecture are deeply analyzed,and a cloud network management platform based on zero-trust security is proposed.Starting from the zero-trust security architecture,we will deeply study the cloud network management platform lightweight client,management control platform,identity verification gateway and secure cloud network resources,and explore security measures for applications,data,devices and services in cyberspace.[Results/Conclusion]Based on the above methods and paths,a cloud network management platform that integrates completely isolated secure cloud network resources,rapidly upgraded zero-trust architecture,reduced Internet exposure,and identity-based network security features is finally formed,which fundamentally innovates the network security trust system and meets the urgent needs of the current government and enterprise intelligent application upgrading and evolution.
作者
徐晨
常晓磊
吴振洲
彭义东
纪添
Xu Chen;Chang Xiaolei;Wu Zhenzhou;Peng Yidong;Ji Tian(Research Institute of Tsinghua University in Shenzhen,Guangdong Shenzhen 518057;Tsinghua University,Beijing100084;Cnooc Information Technology Co.Ltd.,Guangdong Shenzhen 518054)
出处
《网络空间安全》
2024年第1期85-90,共6页
Cyberspace Security
基金
深港联合资助项目“面向关键工业应用的云边端集成计算系统”(项目编号:SGDX20190917160803729)。
关键词
网络安全
零信任安全
云网管理
企业信息安全
数据安全治理
network security
zero-trust security
cloud network management
enterprise information security
data security governance
