面向政務(wù)云的安全體系設(shè)計(jì)與實(shí)踐

武海龍

摘 ? 要：政務(wù)云的建設(shè)既需要解決政府職能部門(mén)間的 “信息孤島”問(wèn)題，同時(shí)也要考慮云計(jì)算技術(shù)的各種安全風(fēng)險(xiǎn)。文章首先探討了政務(wù)云面臨的安全挑戰(zhàn)，然后給出了政務(wù)云安全體系的總體設(shè)計(jì)方案，提出和總結(jié)了政務(wù)云各業(yè)務(wù)區(qū)域的分層分域安全規(guī)劃及隔離、構(gòu)建政務(wù)云安全等保立體防御矩陣和通過(guò)SDN/Overlay架構(gòu)搭建安全調(diào)度網(wǎng)絡(luò)等關(guān)鍵要素。最后，根據(jù)該套方案設(shè)計(jì)的安徽省政務(wù)云安全體系，實(shí)現(xiàn)了政務(wù)云平臺(tái)的預(yù)警、檢測(cè)、防護(hù)和響應(yīng)安全能力的全面提升。

關(guān)鍵詞：政務(wù)云;安全體系;風(fēng)險(xiǎn)預(yù)警;響應(yīng)聯(lián)動(dòng)

中圖分類(lèi)號(hào)： TP301 ? ? ? ? ?文獻(xiàn)標(biāo)識(shí)碼：A

Abstract： The construction of government cloud not only needs to solve the problem of "information island" between government departments， but also needs to consider various security risks of cloud computing technology. This paper first discusses the security challenges faced by the government cloud， then gives the overall design scheme of the security system of the government cloud， puts forward and summarizes the hierarchical and domain security planning and isolation of each business area of the government cloud， the construction of the three-dimensional defense matrix such as the security of the government cloud， and the construction of the security scheduling network through the SDN / overlay architecture. Finally， the Anhui Provincial Government Cloud Security System designed according to this set of plans has achieved a comprehensive improvement in the early warning， detection， protection and response security capabilities of the Government Cloud Platform.

Key words： government cloud;security system; risk warning; response linkage

1 引言

政務(wù)云是承載各級(jí)政務(wù)部門(mén)門(mén)戶(hù)網(wǎng)站、政務(wù)業(yè)務(wù)應(yīng)用系統(tǒng)和數(shù)據(jù)的云計(jì)算基礎(chǔ)設(shè)施，用于政務(wù)部門(mén)公共服務(wù)、社會(huì)管理、跨部門(mén)業(yè)務(wù)協(xié)同、數(shù)據(jù)共享和應(yīng)急處置等政務(wù)應(yīng)用。政務(wù)云對(duì)政府管理和服務(wù)職能進(jìn)行精簡(jiǎn)、優(yōu)化、整合，并通過(guò)信息化手段在政務(wù)上實(shí)現(xiàn)各種業(yè)務(wù)流程辦理和職能服務(wù)。政務(wù)云的建設(shè)有利于減少各部門(mén)分散建設(shè)，提升信息化建設(shè)質(zhì)量，提高資源利用率和減少行政支出等。

政務(wù)云的服務(wù)對(duì)象是各級(jí)政務(wù)部門(mén)，通過(guò)政務(wù)外網(wǎng)連接到各單位，使用云計(jì)算環(huán)境上的計(jì)算、網(wǎng)絡(luò)和存儲(chǔ)資源，承載各類(lèi)信息系統(tǒng)，開(kāi)展電子政務(wù)活動(dòng)。隨著政務(wù)云的推廣，實(shí)施問(wèn)題也隨之而來(lái)，政務(wù)云建設(shè)既需要解決政府職能部門(mén)之間的 “信息孤島”問(wèn)題[1]，同時(shí)也要考慮云計(jì)算技術(shù)的各種安全風(fēng)險(xiǎn)[2]。……