With the development of the digital economy, "connection-online-data" will be the eternal theme of the digital society. The result of connectivity and online is the digitization of all human behavior and economic activities. Data is both the result of past human behavior and the basis for predicting future human behavior. Therefore, taxi-hailing companies will collect user travel data, music companies will collect data on users’ music listening habits, search engines will collect user search data, mobile payment manufacturers will collect user payment data, and so on.
The biggest difference between data and other resources is that it is non-competitive and can be copied and reused indefinitely. On the one hand, non-competitiveness means that data assets can bring more economic value to society than traditional competitive physical capital, but on the other hand, it also creates a large number of privacy issues. The data contains a large amount of users' sensitive information, which leads to ethical and legal risks when exchanging data. Therefore, in modern society, not to mention between companies, even different departments of the same company are extremely cautious when exchanging data. Cooperation between different companies on the premise of sharing data is often difficult to achieve. In the process of digital transformation, many enterprises have difficulty adapting to many laws and implementation standards related to data security, and they have no way to meet data security requirements.
Moreover, the value benefits of establishing data security are not obvious. In addition to avoiding fines and gaining customer trust, it is difficult to create value at the operational level, so data security will not be promoted hard, and There is no in-depth integration.
The fundamental reason is that many corporate legal internal control departments only design and control different processes and objects within the company in accordance with the law, but these only remain in the literal interpretation and satisfaction of legal provisions. However, when building an enterprise's IT technical team, tools or technical algorithms are only considered from a practical perspective. As a result, the legal and technical aspects are not integrated and two skins are running, making it impossible to carry out overall security management and control.
Traditionally, most companies have basically done security governance related content at the IT level, that is, they have built basic security facilities and established security organizations, and have also implemented corresponding security technologies for IT facilities and systems. Complete. However, in the process of digital transformation, what needs to be considered more is a user-centered security management system from a data and product perspective to meet the control and privacy requirements of laws and regulations related to data security.
In the process of enterprise digital transformation, data is faced with security risks from collection to extraction, conversion, loading, analysis, flow, etc., mainly in the following aspects:
1 , risks of data flow. Digital transformation has brought about the sharing and exchange of large amounts of data, between systems, between departments, between internal and external, and even between industries. While the flow of these data brings huge value, it also brings There are huge security risks, and enterprises will have increasingly weaker control over data in motion.
2. Data assets are unclear. The digital transformation of enterprises is accompanied by a large number of system applications and a large amount of data flowing in the network. Only by knowing what you have can you manage, classify and secure them. If even these are not clear, it is undoubtedly a very big safety hazard.
Once a security incident occurs, one of the challenges faced by enterprises is the difficulty of traceability and evidence collection. A swift investigation is needed to identify the leaker and the full extent of the incident. Doing so helps prevent similar incidents from happening again and establishes accountability and accountability.
4. Risk of user violation. In recent years, data breaches caused by internal users have emerged one after another, and according to the "2021 Data Breach Investigation Report" released by Verizon, 85% of data breaches are related to human factors. This all shows that internal threats have become the enemy that breaks through corporate security defenses.
1. Continuous risk assessment. From the perspective of data asset value, assess the access frequency and risks of different sensitive levels of data, data desensitization level risks, data transmission risks, data flow compliance risks and other aspects and scenarios, and output a risk assessment report based on the risk assessment results. .
2. Data discovery, classification and grading. Continuously restore files and sensitive fields from network traffic in an automated manner, and perform in-depth content scanning. At the same time, based on our built-in and customized rules, we automatically classify data and divide sensitivity levels. This enables users to clearly see the composition and type of data flowing in the network at any time.
3. Early warning, alarm, and traceability. By continuously collecting and processing network traffic, we can evaluate whether the event has abnormal behavior in the context and the extent of the abnormality, sort the importance of the event and its possible impact on the business, and provide pre-warning and mid-event alerts to high-risk users and entities. , traceability afterwards.
4. Continuous optimization and improvement. Data security governance is a long-term process, through automated data discovery, continuous updating and statistics of data assets; regular risk assessment, adapting to changes in business and environment, discovering potential risks and vulnerabilities; continuous monitoring and detection to ensure that no data is omitted and comprehensive Monitor various behaviors; early warning, alarm and traceability, handle and respond to security events efficiently and timely, and also provide a very valuable reference for defense strategies and system optimization. As this closed-loop process continues, data can be protected and used Good data.
5. Continuous monitoring and detection. 7×24 uninterrupted monitoring, with data as the core, discovering and identifying data, monitoring data flow process, detecting data sensitivity level, etc.; user monitoring and auditing, comprehensive monitoring of user behavior, account activity time, access business conditions, Data sensitivity level, etc., specific data operation behaviors, discover data risks and user violations.
Data security solutions mainly include data identification (data classification and classification), data audit (including API level), data protection, data sharing, identity Authentication, encryption and other sub-directions. Commonly used technical methods in these sub-directions:
① Data recognition: natural language processing (NLP), image recognition, knowledge graph (KG), etc.
② Data audit: User abnormal behavior analysis (UEBA), full-link analysis.
③ Data protection: desensitization algorithm, watermark algorithm, network DLP, terminal DLP, privacy computing.
④ Identity authentication: IAM, zero trust, bastion host.
⑤ Encryption: transparent encryption, public key infrastructure PKI.
① Data identification: active scanning of IP ports, word splitting and classification.
② Data audit: agent traffic analysis, network traffic analysis.
③ Data protection: desensitization (masking, replacement, encryption, hash, etc.), watermarking (pseudo rows, pseudo columns, spaces), network DLP (parsing SMTP, HTTP, FTP, SMB, etc.).
④ Identity authentication: temporary password, multi-factor authentication, etc.
⑤ Encryption: key management service, digital authentication service, password calculation service, timestamp service, hardware security service.
① High-efficiency data classification and classification, predicate segmentation and semantic recognition technology.
② Full-link mapping and risk monitoring.
③ Homomorphic encryption, multi-party computation, federated learning, privacy intersection, etc.
Data is fluid, and the challenge is to solve the inherent contradiction between data flow and data security. This is completely different from the exposure convergence approach commonly used in network security.
The collection, transmission, storage, processing, exchange, and destruction defined in the DSMM maturity model are all involved. Data security governance prioritizes addressing security in data collection, data storage, and data processing scenarios.
① The relationship between data classification and data lineage.
② There are two difficulties in full-link data analysis: how to correlate and analyze information at the three levels of terminal, application, and data assets; how to map data flow and discover risks from data flow.
③ Privacy computing. It refers to a collection of technologies that realize data analysis and calculation on the premise of protecting the data itself from external leakage, achieving the purpose of making data "available and invisible", and realizing the transformation and release of data value.
The above is the detailed content of Data security solutions in digital transformation. For more information, please follow other related articles on the PHP Chinese website!