Under cloud computing architecture, sharing of network and business resources creates a scenario where the environment is more complex and with more variables, and bring unique security concerns.
Thus, some new security issues become more prominent, such as the secure operations of multiple tenants on the virtualized platform and secure storage of the massive data, etc.
The key focus of Venustech security protection are:cloud platform, cloud tenants, cloud business systems, etc. to meet the different customer's security needs.
Based on the basic requirements of the Classified Security Protection Standard 2.0 and the expansion requirements of cloud computing, Venustech proposed to focus on the realization and evaluation of cloud security level protection capabilities from the four dimensions of organizational construction, system processes, technical tools, and personnel capabilities.
● Introduction to North-South Traffic Protection
Cloud infrastructure deploys perimeters protection products such as firewalls and anti-DDOS for denial-of-service attack protection, access control, intrusion detection, intrusion prevention, WAF, antivirus, VPN, and border isolation to protect against North-South traffic.
Next to the core switch, deploy a secure resource pool for multi-tenants. The security resource pool contains professional and powerful security products to protect, detect, and audit the north-south traffic, as well as protect cloud tenants and cloud business systems.
● Introduction to East-West Traffic Protection
By config policy routing on the core switch, east-west traffic is redirected to the secure resource pool for access control and security protection;
Establish a software-defined range of virtualized security products to achieve East-West protection to protect traffic between tenants using virtual firewalls, virtual IPS, and other virtual security products.
At the same time, the security products in the tenant’s cloud security resource pool can be further analyzed and interacted to realize the overall closed-loop system.
The Cloud Security Management Platform provides a management portal for both tenants and cloud providers.
Compared to traditional network architectures, the cloud environment has changed dramatically in terms of technology architecture, management architecture, service architecture, and security boundaries. It has brought new challenges and requirements to integrated security monitoring and management.
The cloud security management platform will integrate the characteristics of cloud computing, from a two-point perspective; build a comprehensive protection system, unified management of security capabilities.
The platform establishes a visual operation and monitoring response system to meet the requirements of cloud computing classified protection and to achieve cloud security centralized monitoring, operations management, security services, and other capabilities.