Venustech Group successfully cut over a provincial government cloud of security resource pool business

At present, the China “New Infrastructure” initiative is in full swing. The primary task of the “New Infrastructure” is to upgrade local governments to digital governments and smart cities. The smart government market presents a new blue ocean. Massive user data and privacy protection have become prerequisites for the development of government cloud. Recently, Venustech successfully cut over the cloud security resource pool business of a provincial government cloud, and the first batch of cloud security business of government cloud tenants went online successfully, marking the successful landing of the provincial government cloud security operation plan and opening up the comprehensive construction of cloud security for government business.

Government cloud construction needs to follow the principle of “service provider performs construction and operation, and government purchase services” and adopt a “1+3+N” model, that is, 1 unified supervision platform + 3 cloud service provider cloud platforms + N commissions and bureaus, a private cloud platform. The typical construction situation is generally divided into two parts: the government extranet area and the Internet area. Two core switches are stacked and configured to serve as the perimeter gateways. During the migration of application systems at all levels to the cloud platform, security becomes the first consideration when providing service.

What security challenges are currently facing government cloud?

1.Compliance Risk 

The China Classified Protection 2.0 cloud security extension requires tenant and cloud platform to be responsible for their responsibility subjects. Cloud tenant is responsible for local area network and terminal security, access control between information systems and internal systems; cloud service providers is responsible for application system deployment and management and their own business, data security, client security and other related responsibilities, and must accept the guidance, supervision, inspection and compliance assessment of security work from government cloud management department.

2.Business Risk of Cloud Tenant

In addition to security threat from outside the cloud, the inner threat is also one of the important factors of the government cloud business risk. The dual pressure of cloud external security threat and internal threat has caused government cloud tenants to worry about government cloud security, and their willingness to choose government cloud services will be greatly reduced, which has a greater impact on the rapid promotion of government cloud services.

Venustech Cloud Security Management Platform Escorts Government Cloud Security

Based on the challenges and requirements of government cloud security, Venustech proposed and implemented a manageable, controllable, and trustable defense-in-depth capability system, covering the north-south in-line security, out-of-path detection, and east-west security isolation protection, operation and maintenance in the cloud. Venustech government cloud security solution provides comprehensive security service capabilities, unified security operation and maintenance capabilities, and high reliability of the cloud security management platform to protect cloud tenants and cloud businesses in all aspects.

1.Comprehensive Security Service Capabilities

The north-south traffic protection + east-west (intra-domain) traffic detection capabilities can provide access control services, web protection services, threat analysis services, network audit services, etc. Tenant can purchase on demand to deal with conventional threats and advanced targeted threats in the cloud environment, to realize the flexibility of north-south traffic and expansion of security protection and detection capabilities on demand.

The east-west (intra-domain) traffic isolation protection capability provides a CWPP (Cloud Workload Protection Platform) which realizes the collection, detection, monitoring, defense, and capture capabilities of cloud wordload, and provides comprehensive security protection for cloud hosts.

2.Unified Security Operation and Maintenance Capabilities

Although the government industry is a talent-intensive industry, the technical team is relatively weak. After the speed of cloud migration increases, the government industry will have difficulty facing complex operation and maintenance management. Therefore, from the perspective of customer needs, Venustech Cloud Security Management Platform has a unified security operation and maintenance capability, multiple technologies guarantee the efficient operation and maintenance of the platform, allowing users to focus on their own business, and effectively make up for the lack of professional resources.

● Orchestration for security services, and the service chain is automatically generated after the order is completed, which is convenient for deployment

● One-click security policy push, provides a management configuration interface to configure and issue security product policies, supports calling various security capabilities through APIs, generates corresponding security policy configurations, and delivers them uniformly

● Security event situational awareness, tenants can view current information, security component operation status, security events, and attack situation on the large security situation screen, and check security threat events in time and conduct closed-loop processing

● Security components, single sign-on, tenant log in to each security network element with one click from the cloud security management platform, avoid multiple logins and authentications, effectively prevent security vulnerabilities, and improve operation and maintenance efficiency and experience

3.High Reliability of the Cloud Security Management Platform

From network to security components, from platform to service chain drainage network, Venustech Cloud Security Management Platform can provide tenant with end-to-end reliable security service capabilities. The external network connection provides reliability through link aggregation. The two-layer SDN architecture that realizes the second-level switching of traffic can automate the flow control and ensure the reliability of the basic network.

The construction and maintenance of disaster recovery of information system is the key work related to the continuous operation of the enterprise. The Venustech Cloud Security Management Platform has established a multi-level and highly reliable disaster-resistant system for users from the four dimensions of service, security, data, and network, and ensures the user's business continuity from multiple dimensions and perspectives. Even if the platform fails, it can be quickly restored.

Relied on years of investment in technology research and development and independent innovation in government cloud security, Venustech Cloud Security Management Platform provides tenant with one-click security package services (China Classified Protection), and provides compliance supporting, helps the cloud platform to achieve business value-added, and meets compliance, convenient O&M requirement for tenant; establish a security system architecture supporting government cloud big data application services, extremely innovative and practical to ensure the construction of a unified security guarantee system for digital government, greatly improving the security monitoring and in-depth defense, risk management and emergency response capabilities for government system. 

According to the "China Government Cloud Development Whitepaper (2018)" by the China Academy of Information and Communications Technology, by 2021, the government cloud will account for 43.8% of the total domestic cloud computing market with a scale of 81.3 billion yuan, almost close to half of China's cloud industry. Especially the 2020 pandemic, we have personally experienced the advantages of contactless services, remote and high efficiency brought by the government cloud, which will inevitably become the only way to build a smart government in the future.

Aiming at the complex network environment of cloud data centers, Venustech Cloud Security Management Platform can pool security capabilities to provide tenant with flexible cloud security services and end-to-end solutions for secure operation and maintenance management, with comprehensive protection coverage network, host, application, and data fully meeting the needs of cloud tenant business protection and security compliance. In the future, Venustech Group will continue to deepen the field of government cloud security, accelerate the research on key technologies, and work with users to protect the security of cloud platforms and cloud businesses.