水利业务系统数据加密方案实践

随着水利信息化的部署推进和等保 2.0 及数据安全法的实行，数据加密成为水利行业新系统设计或老系统改造时面临的一个重要问题。从架构设计角度出发，对业务系统中应用层、中间件层、数据库层、文件和存储层等各个层面的数据加密方案进行分析，从加密粒度、加密性能、数据处理能力、实施成本等方面进行对比，给出不同层面数据加密方案适用的场景，同时重点针对数据库层加密，结合水利业务分析透明加密、硬加密 2 种方案的加密算法和性能，为水利业务系统架构设计提供参考。分析结果表明：不同的业务需求适合不同的数据加密方案，其中， 数据库层透明加密适用于大部分水利业务场景。

Data encryption based on Database

As the core system of data management, the security of database directly affects the security of information system.It analyzes the importance of database data security,introduces the concept of data encryption, the principle of data encryption and the algorithm of data encryption.It introduces data encryption technologies such as application layer encryption, middleware encryption, database layer encryption, file encryption and storage encryption.It focuses on the encryption technology of database layer encryption, including database transparent encryption, database combined with transparent gateway encryption, database combined with host encryption card and encryption machine encryption.For each encryption technology, it elaborates the encryption principle, advantages and disadvantages of encryption technology and suitable use scenarios are described.Finally, it puts forward some suggestions on the selection of mainstream data encryption technology, which provides a reference for users who are choosing data encryption technology.