Dynamic transparent isolation protection based enterprise data asset protection method

Abstract

The invention discloses a dynamic transparent isolation protection based enterprise data asset protection method. The dynamic transparent isolation protection based enterprise data asset protection method comprises the steps that user mainframe groups are into a risk mainframe group and a trusted mainframe group, wherein the trusted mainframe group is provided with a safety protection terminal, and enterprise core data asset can be accessed; the risk mainframe group cannot be accessed; progresses of mainframes of the trusted mainframe group are divided into risk progress domains and trusted progress domains, and the risk progress domains are converted into trusted progresses when sensitive data asset is accessed on purpose; transparent isolation protection processing is conducted on storage resources depended by the progresses to run, local OS environments and the like in the trusted processes, meanwhile a network and external access are under the control of a safety management strategy, and the risk progresses cannot access any data of a transparent isolation protection environment. By means of the dynamic transparent isolation protection based enterprise data asset protection method, the trusted processes and the risk progresses coexist, data leakage is avoided, local computing resources are applied to the maximum extent, and dependency on the network is reduced. The dynamic transparent isolation protection based enterprise data asset protection method has good adaptability and robustness.

Description

technical field [0001] The invention relates to the field of computer system security methods, in particular to an enterprise data asset protection method based on dynamic transparent isolation protection. Background technique [0002] In recent years, with the continuous advancement of informatization construction, the degree of informatization of enterprises has become higher and higher, and electronic data has become an important asset of enterprises, and the security and integrity of these data assets are directly related to the competitiveness of enterprises . Therefore, the security and leakage prevention of data assets has become an important part of the information security field, and it has also attracted the attention of more and more enterprises. Among the current data leakage prevention methods, the most widely used ones include control methods, encryption methods, filtering methods, and centralized control methods. [0003] The core idea of ​​the control metho...

AI Technical Summary

Problems solved by technology

This method can ensure that no secrets are kept locally, but it has high requirements on network bandwidth, and at the same time, when a failure occurs, the impact area is too large, which may easily cause long-term interruption of the operation of the enterprise information system

[0004] All in all, in terms of enterprise data asset protection, the existing solutions either use the idea of ​​"blocking" to control sensitive information transmission channels, without considering the security protection of data production and consumption ends, making it difficult to achieve comprehensive and effective control; or It is difficult to perform targeted encryption on the processes and data in the host. Only sensitive data and sensitive processes are processed, which affects system performance. At the same time, it is difficult to achieve personalized customization; or adopt the method of separating calculation and data Centralized data storage has high requirements on network performance, which changes the user's operating habits and increases the complexity of security management

Images