近年來，雲端計算服務隨著網路應用的普及與電腦運算技術的提昇而快速發展，無論在何時、何地都能透過網際網路來取得以資訊科技為基礎的服務，確實帶來了多元資訊服務與資源分享的便利性。然而對企業組織而言，許多與企業運作相關的重要資料與參數控制權亦將透過雲端架構提供的服務模式而轉換掌握於雲端服務供應商手中，是以取得雲端服務權的供應商如何設計適合架構運作以確保顧客資料的安全性、完整性與私密性遂成為使用雲端服務的重要議題。因此本文提出一個以架構導向雲端服務資料安全防護機制來加以管控改善，其主要觀念是希望企業在運用雲端架構進行運算的同時，此防護機制將先對企業重要的資料在傳送前先予以有結構化的篩選分類。其分類方式是以架構導向將資料依企業目標與任務做整體性的規劃與結合，亦可經由資料變換排列順序與選擇性資料篩選的機制予以重組，基於變換的規則與方法掌控於企業或使用者本身，且變換篩選機制也可以依據企業目標與策略進行更改成企業需要的格式，以因應不同的需求與條件，故可在雲端服務應用模式中，有效達成企業資料分散式儲存與分散控管的目標，俾能進一步達到企業運用雲端服務之前初步維護資料安全性的目的。

In recent years, accompanied with the network popularized and improved computing techniques, the cloud computing services are developed rapidly. Since the user can get all kinds IT based services whenever or wherever they are, that multidimensional services and resources sharing have bring an unprecedented convenience. However, for the requirement aspect of enterprise, all the using rights for the related data and documents are transferred to the cloud service provider. It is not unsurprising that the information security, the assurance of data integrity and data privacy have become important issues. Therefore, in this study, an architectural-oriented data protection scheme for cloud service is proposed, it is hoped that the enterprise data are reorganized before transferring to the cloud server. Since the way of rearranging or restructuring data are based on enterprise architecture purpose, the mapping rules or formats are designed by business stakeholder, thus can be controlled or adjusted directly. The simulated cases for protection scheme are presented finally; the scheme fulfills except requirements for distributed data storage and control, it provided a good example for primary data protection in cloud service as well.