Background and Customer Demands
Ensuring security of the government cloud platform and government systems running on it has become the core demand of the government cloud. The government cloud needs to meet the compliance demands for the national classified information security protection, and prevent new security risks caused by the physical boundary blurring in the cloudification environment and the security management risks caused by separated construction and management. Meanwhile, it needs to support APT defending and anti-extortion to ensure information security.
ZTE Government Cloud Security Solution, which is an important part of ZTE Government Cloud Solution, provides security assurance for the government cloud. The government cloud security solution meets the classified information security protection requirements to thoroughly guarantee the government cloud information security through security management, security services, and secure technologies (including physical security, network security, host security, application security, and data security). In addition, in combination with features and demands of cloudification, it provides the security virtualization solution to support the security function virtualization and security service chain independent orchestration. Based on the network behavior perception, host behavior perception, and smart analysis, ZTE provides the APT defending and anti-extortion solution.
ZTE Government Cloud Security Solution, which is an important part of ZTE Government Cloud Solution, is applied in the government cloud and smart city cloud platforms.
ZTE provides the omni-directional solution for security protection, including physical security, network security, host security, application security, data security, and management security.
In combination with the features of the cloud platform, the solution provides traditional data center boundary protection and cloud tenant security protection, including protection of rental boundaries such as vFW/IPS, vVPN, and vLB, as well as east-west tenant protection such as security group protection.
Based on the OpenStack frame and SDN technology, ZTE provides the security virtualization solution to integrate various professional software/hardware security resources in the industry, and provides self-defined orchestration of security service chain and unified control of security policies.
By integrating the security vendors in depth, ZTE provides the borderless protection solution such as VM non-proxy anti-virus to realize the VM protection automation, significantly reduce the anti-virus resource consumption, and improve the anti-virus efficiency.
ZTE, based on the traditional security solution, provides the intelligent anti-extortion solution.
The solution can detect the extortion attacks based on the operation and process behavior features to block the extortion in real time, make predictive backup of files that have not been infected before extortion attack, and recover the files after virus blocking and killing.
(1) Meet the national classified information security protection requirements and provide various levels of protection solutions according to project requirements.
(2) Support the automatic deployment and centralized control of security resources to improve the cloud platform security and reduce security management and O&M cost.
(3) Provide the smart APT defending and anti-extortion solution to support the before-attack backup, daily detection, warning, blocking, and recovery.
(4) Provide the omni-directional data backup and disaster recovery active-active solutions to ensure service continuity and data security.