云资源池数据安全生命周期研究与实践

随着云计算的发展需要,面临着越来越多的威胁,网络与信息安全也随之提升到了一个前所未有的高度,任何工作上的疏漏,都有可能造成非常严重的负面影响,影响到企业安全可持续。随着信息化云计算时代的到来,涉及敏感信息的安全保护正面临着越来越严峻的考验。网络攻击、病毒破坏、木马、存储介质盗取、遗失,非法授权或授权滥用、内部人员不经意失密、泄密,都构成严重的信息安全威胁,我们发现服务安全、数据安全、操作规范等安全问题,始终是云平台正常投入使用所面临的最大问题和业务隐患。本文阐述为了加强新疆移动云资源池数据安全,实现对云计算环境下虚拟机业务数据调取传输以及迁移过程中各类敏感数据的创建、生产、使用、销毁等各环节的全生命周期安全管控。监控处于数据生命周期各环节的各虚拟机传输过程和存储涉及哪类敏感数据；对敏感数据传输、分类,并给虚拟机打上需要销毁的标签,可靠擦除,避免虚拟机被共享后数据恢复。同时,实现对敏感数据宿主虚拟机的传输实时监控,发现异常和违规行为,避免违规或非法人员通过网络访问、隐蔽通道、非常规端口等方式盗取敏感数据。

Research and Practice of Data Lifecycle of Cloud Resource Pool

SWith the development of cloud computing needs, faced with more and more threats, network and information security also will be promoted to an unprecedented height, any work on the omission, are likely to cause very serious negative impact, the impact To the enterprise safe and sustainable. With the advent of information cloud computing era, involving sensitive information security is facing more and more severe test. Network attacks, viruses, Trojans, storage media theft, loss, illegal authorization or authorized abuse, insider loss of confidentiality, leak, constitute a serious threat of information security, we found that service security, data security, operational norms and other security issues, Cloud platform is always put into use the biggest problems and business risks. This paper describes the whole life cycle security control of all aspects of the creation, production, use and destruction of all kinds of sensitive data in the process of virtual machine business data transmission and transmission in the cloud computing environment in order to strengthen the data security of mobile cloud resource pool in Xinjiang The Monitoring sensitive data in the virtual machine transmission process and storage in each part of the data lifecycle; tagging and sorting sensitive data and marking the virtual machine to be destroyed, reliably erasing, and avoiding the recovery of the virtual machine after sharing The At the same time, real-time monitoring of the transmission of sensitive data host virtual machines, detection of anomalies and violations, to avoid illegal or illegal personnel through the network access, covert channels, unconventional ports, etc. to steal sensitive data.