基于威胁风险建模的云安全架构设计

Cloud security architecture design based on threat risk modeling

随着企业数字化转型的不断深入,众多企业纷纷选择业务上云以期带来降本增效等云计算的红利,但业务上云后面临最关键的一个问题就是信息安全。针对不同企业不同业务的上云场景,提出了通过结构化的威胁风险视角,采用了创新的STRIDE-LMG建模的方法,精准识别不同场景的安全需求,量身定做出与之匹配的、基于成本效率考虑的云安全架构。用一个三级甲等医院业务上云的真实案例,来贯穿整个方法论的每一个步骤,通过精准建模来系统化设计一个云安全架构。

With the continuous deepening of the digital transformation of enterprises,many enterprises have chosen to migrate their business into the cloud to benefit from the dividends of cloud computing such as cost reduction and efficiency increase.However,the most critical issue encountered by the business after migrating to the cloud is information security.Aiming at the cloud scenarios of different enterprises and different businesses,a method of systematic threat and risk modeling is proposed,and the innovative STRIDE LMG modeling method is introduced to accurately identify the security requirements of different scenarios and create a corresponding,cost-effective cloud security architecture.Use a real case of a grade-A hospital's business on the cloud to run through every step of the entire methodology and demonstrate the systematic design of a cloud security architecture through precise modeling.