基于零信任安全的云网管理平台应用透析

Application analysis of cloud network management platform based on zero-trust security

徐晨 ¹常晓磊 ²吴振洲 ¹彭义东 ³纪添¹

扫码查看

作者信息

1. 深圳清华大学研究院,广东深圳 518057
2. 清华大学,北京 100084
3. 中海油信息科技有限公司,广东深圳 518054
折叠

摘要

[目的/意义]随着信息技术的飞速发展,越来越多的政府和企业将业务上云,在IT建设运维成本不断降低、管理效率加速提升、应用愈发灵活的同时,网络安全问题日益突出.模糊的网络边界、无处不在的暴露面、复杂的网络环境和严格的安全合规要求等,都对传统的网络安全架构造成极大的冲击,诸如防火墙策略等边界安全模型,已无法满足云计算时代网络安全日益增长的新需求.[方法/过程]针对现今网络安全防御体系存在的种种问题,深入剖析安全架构面临的关键挑战,提出基于零信任安全的云网管理平台.从零信任安全架构着手,深入研究云网管理平台轻量级客户端、管理控制平台、身份校验网关和安全云网资源等内容,探索网络空间中的应用、数据、设备和服务安全保障措施.[结果/结论]最终形成了集完全隔离的安全云网资源、快速升级的零信任架构、减少的互联网暴露面、基于身份认证的网络安全等特性于一体的云网管理平台,从根本上革新了网络安全信任体系,满足了当前政企智慧化应用升级演进的迫切需要.

Abstract

[Purpose/Significance]With the rapid development of information technology,more and more governments and enterprises will be on the cloud business,IT construction operation and maintenance costs continue to reduce,management efficiency is accelerated,the application is more flexible at the same time,network security issues are becoming increasingly prominent.Fuzzy network boundaries,ubiquitous exposed surfaces,complex network environments and strict security compliance requirements all have a great impact on the traditional network security architecture.Boundary security models,such as firewall policies,have been unable to meet the growing new needs of network security in the cloud computing era.[Method/Process]In view of the problems existing in today's network security defense system,the key challenges facing the security architecture are deeply analyzed,and a cloud network management platform based on zero-trust security is proposed.Starting from the zero-trust security architecture,we will deeply study the cloud network management platform lightweight client,management control platform,identity verification gateway and secure cloud network resources,and explore security measures for applications,data,devices and services in cyberspace.[Results/Conclusion]Based on the above methods and paths,a cloud network management platform that integrates completely isolated secure cloud network resources,rapidly upgraded zero-trust architecture,reduced Internet exposure,and identity-based network security features is finally formed,which fundamentally innovates the network security trust system and meets the urgent needs of the current government and enterprise intelligent application upgrading and evolution.

关键词

网络安全/零信任安全/云网管理/企业信息安全/数据安全治理

Key words

network security/zero-trust security/cloud network management/enterprise information security/data security governance

引用本文复制引用

基金项目

深港联合资助项目(SGDX20190917160803729)

出版年

2024

网络空间安全

中国电子信息产业发展研究院

网络空间安全

影响因子：0.505

ISSN：1674-9456

被引量1

参考文献量14

段落导航