In order to effectively cope with network attacks and meet the data sharing requirements of smart intercity railway on the premise of ensuring data security, the architecture of a cloud-based data governance system of smart intercity railway is proposed by combining the current mainstream zero-trust architecture, software-defined boundary technology, privacy computing technology and micro-service technology. This system is composed of a data base, a data sharing platform, a data management and control platform and application services and can achieve dynamic and fine-grained data access control to meet differentiated data security and privacy protection requirements in application scenarios.