Abstract: Security domain is a kind of effective method to improve the cloud computing cybersecurity. using network segmentation，cloud computing is divided into different security domains ,each security domain has the same characteristics and the unification of the resources of the protective security requirements,appropriate protective measures are deployed in the boundary of each security domain, so as to achieve the purpose of defense in depth.This paper analyzes the level of network security, gives the steps and elements of cloud computing security domain, and provides a typical security domain and control practice of cloud computing.

Key words: cloud computing, security domain, security control, cybersecurity, network segmentation

摘要： 划分安全域是一种提高云计算网络安全性的有效方法，通过网络分割，划分不同的云计算安全域，在各安全域的边界部署适当的防护措施，将具有相同特征和安全需求的资源进行统一防护，使得防护手段更具有针对性，从而达到深度防御的目的。本文分析了网络安全保障层次，给出了云计算安全域划分步骤及安全域要素，并提供了云计算典型安全域及控制实践。

关键词: 云计算, 安全域, 安全控制, 网络安全, 网络分割