Security policy enforcement system and security policy enforcement method

I claim: 1. A security policy enforcement system comprising: at least one central processing unit (CPU) configured to execute a plurality of sections, comprising: a plurality of policy enforcement sections, each policy enforcement section being configured to execute a security measure on user information, the user information being transmitted from a client to a server along with a service identifier identifying one of a plurality of services; a policy storing section configured to store policy information indicating the security measure to be executed on the user information, each piece of the policy information including the service identifier and information on the security measure to be executed on the user information; a measure-arrangement storing section configured to store measure arrangement information indicating the security measure executable in each of the policy enforcement sections; a policy determining section configured to select, on the basis of, the service identifier transmitted from the client to the server along with the user information, the policy information and the measure arrangement information, one or more of the policy enforcement sections that execute the security measure on the user information among the plurality of policy enforcement sections; and a load-state storing section configured to store load information indicating load states of the policy enforcement sections, wherein each of the one or more policy enforcement sections executes the security measure on the user information and outputs, on the basis of a selection result of the policy determining section, the user information, on which the security measure has been executed, to the other policy enforcement sections among the one or more policy enforcement sections or to the server, along with the service identifier; and the policy determining section selects as a transfer destination of the user information, on the basis of the load information, a policy enforcement section having a smallest load state among the policy enforcement sections that can execute the security measure corresponding to the policy information. 2. The security policy enforcement system according to claim 1 , further comprising an order-constraint storing section configured to store order constraint information indicating a constraint on execution order of a plurality of the security measures, wherein the policy determining section selects, on the basis of the order constraint information, the one or more policy enforcement sections such that the security measure is executed according to the constraint. 3. The security policy enforcement system according to claim 1 , wherein the server includes a virtual machine monitor configured to virtualize hardware, and one or more of the plurality of policy enforcement sections are realized using the hardware virtualized by the virtual machine monitor. 4. The security policy enforcement system according to claim 1 , wherein the policy enforcement section that has received the user information from the client among the plurality of policy enforcement sections transmits a selection request for the one or more policy enforcement sections to the policy determining section, the policy determining section transmits, in response to the selection request, selection results of all of the one or more policy enforcement sections to the policy enforcement section that has received the user information, and the policy enforcement sections other than the policy enforcement section that has received the user information among the one or more policy enforcement sections do not transmit the selection request for the policy enforcement sections to the policy determining section and output, on the basis of the selection results, the user information to the other policy enforcement sections among the one or more policy enforcement sections or to the server. 5. The security policy enforcement system according to claim 1 , further comprising a network-state storing section configured to store network information indicating a state of a network among the plurality of policy enforcement sections, wherein the policy determining section selects, on the basis of the network state, the policy enforcement section efficient for transfer of the user information among the policy enforcement sections that can execute the security measure corresponding to the policy information. 6. A security policy enforcement method comprising: storing, in a policy storing section, policy information indicating a security measure to be executed on user information, each piece of the policy information including a service identifier and information on the security measure to be executed on the user information; storing, in a measure-arrangement storing section, measure arrangement information indicating the security measure executable in each of a plurality of policy enforcement sections; selecting, on the basis of, the service identifier transmitted from the client to the server along with the user information, the policy information and the measure arrangement information, one or more of the policy enforcement sections that execute the security measure on the user information on which the security measure has been executed among the plurality of policy enforcement sections, along with the service identifier; storing load information indicating load states of the policy enforcement sections; and each of the one or more policy enforcement sections executing the security measure on the user information and outputting, on the basis of a selection result, the user information, on which the security measure has been executed, to the other policy enforcement sections among the one or more policy enforcement sections or to the server, along with the service identifier; wherein a policy enforcement section having a smallest load state among the policy enforcement sections that can execute the security measure corresponding to the policy information is selected as a transfer destination of the user information, on the basis of the load information. 7. A non-transitory computer-readable storage medium storing a program for causing a computer to realize a function of selecting, on the basis of: (i) policy information, stored in a policy storing section, indicating a security measure to be executed on user information, the user information being transmitted from a client to a server along with a service identifier identifying one of a plurality of services, and (ii) measure arrangement information, stored in a measure-arrangement storing section, indicating the security measure executable in each of a plurality of policy enforcement sections, and (iii) load information, stored in a load information storing section, indicating load states of the policy enforcement sections; one or more of the policy enforcement sections that execute the security measure on the user information, and outputting, on the basis of the selection, the user information on which the security measure has been executed, to the other policy enforcement sections among the plurality of policy enforcement sections, along with the service identifier; wherein a policy enforcement section having a smallest load state among the policy enforcement sections that can execute the security measure corresponding to the policy information is selected as a transfer destination of the user information, on the basis of the load information. 8. The security policy enforcement system according to claim 1 , wherein the security measure includes at least one of an encryption, anonymization, log recording, conversion into a provisional identifier, and an anti-virus measure.