Ideas for data security middle platform construction

News 2023-06-12 02:42:32 views: null

1. Brief background of Zhongtai

With the continuous deepening of the construction concept of China-Taiwan, various "China-Taiwan +" concepts continue to enter people's field of vision. The complex application architecture and diversified application scenarios have bred "China-Taiwan", and the rise of business-Taiwan has gradually driven "Security China-Taiwan" "develop. The development of the security middle platform includes the network-centric traditional security protection middle platform and the data-centric data security middle platform (currently, there are many security vendors covering the network and data, but more emphasis on the network side). This article is mainly about the data-centric security middle platform.

At present, most of the data security mid-platform concepts proposed by security vendors are based on business-side functions, such as providing encryption, asset metadata management (classification, marking), desensitization and other services, compared with traditional data security protection , strengthened the centralized management and control capabilities, but did not realize the real security middle platform from business to network. With the increasing importance of data security, the existing data security middle platform will gradually develop in depth in terms of functional scope, service scenarios, and network linkage.

2. There are currently problems in the middle platform of data security

At present, the problems in the data security center include: the degree of virtualization of the basic system needs to be strengthened, the serviceability of data security functions needs to be improved, and the support and integration capabilities of SDN architecture need to be strengthened.

The degree of pooling of the basic system needs to be strengthened: the security capabilities of the current data security center have few virtualization and pooling capabilities, and poor dynamic scalability. It needs to be strengthened in terms of load balancing, dynamic deployment, continuous expansion, and multi-tenancy. .

The serviceability of data security functions needs to be improved: the serviceization of data security functions is to form a service interface with existing security capabilities, and use the unified management interface (authentication, authorization, authentication, audit, approval, etc.) of the security center. Currently, the focus is on data In terms of security functions, it lacks the ability to link pooled systems and network architectures. In the case of multi-tenant applications, data processing capabilities (audit, access control, etc.) are dynamically allocated after a surge in data requests.

SDN network architecture support and integration capabilities need to be strengthened: lack of integration capabilities with user SDN network architectures makes it impossible to establish service-oriented data security functions (audit services, access control services, classification and grading services) and software-defined data security (network adjustment, traffic diversion, security capabilities, rapid intervention, etc.) between "highways".

A real data security middle platform needs to have software-defined security capabilities and existing middle platform security business function management and control capabilities. For example, if a new business A is launched (there is no database access control system in the network), access control to its database is required. At the same time, it is necessary to use the asset management platform for classification and classification, and provide classification and classification information to the data access control platform to achieve differentiated management and control. According to the existing data security middle platform architecture, it is difficult to satisfy.

3. How to realize data security middle platform

With the increasing importance of data security, the data security middle platform is also fermenting in the market. Centralization of data security management and control capabilities, adaptability to multiple scenarios, and support for business development sustainability are the core ideas for the construction of a data security middle platform. Therefore, to realize real data security, the platform should have (personal understanding) network SDN, system pooling, function service, and policy centralization. Network SDN solves the complexity of newly added equipment in the traditional network architecture. Through software-defined security methods, it accelerates the adjustment of network traffic and realizes the rapid intervention of security capabilities; The function is abstracted in the form of an interface, and services are provided externally through the middle platform; the policy is centralized, and the policy centralized management of security control is realized.

3.1 Data Security Middle Platform Construction Architecture

The data security middle platform construction architecture can be divided into application layer, control layer and traffic forwarding layer. The application layer includes specific organization-related applications. This layer can call the relevant interfaces formed by the data security center to realize the rapid intervention of data security capabilities; the control layer is divided into the network master control center, SDN controller, and data security center. The network master control center realizes software-defined security through unified orchestration for operation and maintenance personnel and security management personnel. Data security provides related interfaces to provide data security services for the application layer. The SDN control is responsible for the relevant settings on the network side; the forwarding layer is the actual network architecture, and this layer introduces a data security protection pool, which is accessible to all layers of the network to achieve rapid flow traction.

3.2 Data security mid-platform business changes

After the construction of the data security middle platform is completed, the existing business needs to be migrated to the data security middle platform architecture in an orderly manner. The overall migration strategy is [from point to surface, from simple to difficult, from edge to center]. The post-migration protection strategy is [from basic security protection to in-depth security protection]. There is no need to make major changes to the business, and some data security protection, such as operation audit and data access control, can be realized without affecting the business as much as possible. Then, based on the data flow, data usage, and data assets in the business, data encryption, data desensitization, and differentiated management and control are gradually realized.

Guess you like

Origin blog.csdn.net/a59a59/article/details/108657578
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com