Compared with traditional data centers, cloud data centers face new vulnerabilities and new types of attacks due to resource sharing, VM migration, and random change of service applications made by tenants. At the same time, according to the requirements of " China's Internet Security Act" and " Network Security Classification Protection Ordinance”, all IDCs and cloud platforms need to pass the safety level protection three-level authentication to allow Internet access and external services. Therefore, the cloud platform needs to meet the following requirements:
1. Meet the requirements of the safety-level protection regulations and provides tenants with the same level of security service capabilities.
2. Support the security devices to be mounted beside gateways, support functions such as internal and external firewalls, load balancing, flow cleaning, VPN, WAF, and IPS, and support one virtualized device to generate multiple devices.
3. Deploy the fort machines in the operation and maintenance management area, including systems such as log audit, database audit, security management, and vulnerability scanning.
For the security issues in the cloud computing environment, ZTE provides complete security solutions from infrastructure, network, management, virtualization and data, including key technologies such as operating system hardening, trusted booting based on TPM (Trusted Platform Module) to provide tenants with comprehensive security assurance. At the same time, ZTE also provides data center border security protection and tenant security protection to effectively protect tenant information and improve system-level security. In addition, ZTE has established a professional cloud data center security service team and built a complete security service guarantee system to protect tenants' secure use of cloud data centers.
ZTE cloud security solution customer value is as follows:
The security devices are mounted beside gateways to provide boundary protection functions such as external firewall, traffic cleaning, online behavior management, antivirus gateway, and IPS.
The cloud platform supports tenants' rights/domain-based management and provides unified security access, authentication and auditing for the tenants, eliminating all kinds of illegal intrusions and ensuring the safe operation of the system.
Based on ZTE SDN controllers, the cloud platform provides tenant-grade vFW, vIDS, vIPS, vVPN, vWAF, cloud host anti-virus, cloud database audit, cloud bastion machine, website anti-tampering and other security services in a multi-tenant network environment.
To protect the privacy of tenants, the cloud platform provides a variety of data security services such as data isolation, data encryption and preservation, and residual information protection to ensure that tenant data cannot be illegally leaked under any circumstances.