The essence of cloud computing is service. If computing resources cannot be scaled up/shared on a large scale, and if they cannot be provided in the form of services, it is not considered
cloud computing at all.
Level protection rating process
Grading is the "basic starting point" for the development of network security level protection. Virtualization technology has blurred the traditional network boundaries, making it difficult to rationally split the boundaries of platforms/systems using cloud computing technology when grading.
The reasonable grading of
cloud computing hierarchical protection objects plays a decisive role for the cloud computing system/platform responsible party in implementing the hierarchical protection system.
Network Security Level Protection 2.0 In the process of grading, network security operators independently grade, and then organize security experts and business experts to review the rationality of the grading results and provide expert review opinions.
The general expert review process is as follows:
The responsible subject (network security operator) of the hierarchical protection object shall explain the grading object;
Report to the review experts the grading status of the grading protection object, and elaborate on the basis of grading, the process of independent grading, the overview of the preliminary determination of the grade, the system description of each information system, the focus of risk, the security of business information and the security of system services, etc. ;
After the experts listened to the report on the proposed grading status of the grading protection objects, they discussed and inquired, and finally formed an opinion review form for the grading level, which was printed on-site and signed by the experts, and the expert review work was completed.
When grading the objects of hierarchical protection, network operators should make reasonable grading based on the system business conditions, service objects, and the actual situation of their own information system construction. In order to ensure the rationality of grading, the party responsible for the system must first clarify the object of grading protection and the level of security protection.
Cloud computing grade protection object
In the cloud computing environment, hierarchical protection objects can be divided into three categories:
(1) Cloud computing platform
The combination of the cloud infrastructure provided by the cloud service provider and the service layer software on it. Cloud service providers can classify cloud computing platforms into different grading objects according to different cloud computing service models, such as: cloud computing basic service platform (IaaS platform), cloud computing data and development platform (PaaS platform), and cloud computing application services Platform (SaaS platform).
When clarifying whether the hierarchical protection object is applicable to the cloud extension requirements in hierarchical protection, it is first necessary to ensure that the cloud computing platform class object must have the following characteristics, otherwise it should not be regarded as the cloud computing platform class hierarchical protection object:
(2) Cloud service customer business application system
The cloud service customer business application system includes the business applications deployed by the cloud service customer on the cloud computing platform and the application service provided by the cloud service provider to the cloud service customer through the network.
The cloud service customer business application system is separately regarded as the grading object.
(3) Business application system built by cloud computing technology
A combination of business applications and the independent provision of underlying cloud computing services and hardware resources for this business application. There is no cloud service customer in this type of system.
The business application system constructed by cloud computing technology is regarded as the grading object alone.
In the cloud computing environment, the classification of cloud computing systems/platforms can be roughly divided into the following categories:
Security protection level
The level of network security protection is divided into five levels: Level 1, Level 2, Level 3, Level 4, Level 5. The security protection level is determined by two elements: the object infringed when the object of level protection is destroyed and the degree of infringement on the object.
The determination of the security protection level has a certain degree of "objectivity", which is determined by the importance of the business data it handles and the service object. which is:
The object of infringement;
The degree of infringement on the object.
The security of the grading objects mainly includes business information security and system service security. The infringed objects and the degree of infringement on the objects may be different. Therefore, the security protection level should also be determined by business information security (S) and system service security ( A) Two aspects are determined. Determine the business information security level according to the importance of the business information and the damage after it is damaged; determine the system service security level according to the importance of the system service and the damage after the damage;
After separately determining the security level of business information security and the security level of system services, the higher level of the two determines the security level of the level protection object, such as:
Business information security: level two, system services: level three, the final level of protection: level three;
Business information security: level 4, system service: level 3, the final level of protection: level 4;
Business information security: the third level, system services: the third level, the final level of protection: the third level.
