This year, “ The two sessions ” period ,“ Digital economy ” Become a high-frequency hot word . In the digital economy , Data has become a driving force for industrial transformation and upgrading 、 It is an important factor of production to speed up the construction of digital society .
however , While the digital economy brings new opportunities for development , The situation of data security is not optimistic . Disclosure of information ,2020 The average economic loss of global data leakage was 1145 Thousands of dollars .
Faced with the risk of data leakage , Relevant domestic laws and regulations are constantly improved . According to the national laws and regulations and relevant standards, the data security protection compliance requirements of enterprises are put forward , How to deal with ？ How to efficiently pass the new challenge of password compliance ？ By Tencent security joint cloud + Community built 「 Industrial safety experts 」 Issue 28 I'm invited to Xie can, senior researcher of Tencent security Yunding laboratory , Comprehensive analysis of enterprise data encryption strategy and planning , And share the landing application of Tencent to ensure the security of data elements .
Q1： It ended not long ago “ The two sessions ” On ,“ Digital economy ” Become a hot word mentioned frequently . So what role does data play in the development of digital economy ？
Xie can ： In a broad sense , All direct or indirect use of data to guide resources to play a role , All economic forms that promote the development of productive forces can be included in the category of digital economy .
2020 year , The world has stood the great test of COVID-19 . Under such a test , Digital Government 、 The new retail 、 New culture and tourism have been further developed in China , It also fully demonstrates the great potential of digital economy . We said , capital 、 Technology is the key factor of industrial economy , that Data is the key factor of production in the era of digital economy . Enterprises and institutions should make good use of , Give full play to the value of data , It is business innovation in the era of digital economy 、 The main driving force for productivity improvement .
Q2： The importance of data is increasing , In recent years, enterprise data security incidents are also common , So what are the main risks of data security ？
Xie can ： The core of digital economy is the integration of data and industry , The premise is the application of data . Data acquisition 、 share 、 analysis 、 Flow and use will face different levels of risk , This includes data ownership 、 Data flow 、 Cross border transmission and security protection .
From the perspective of single data security , In the process of data input and upload , You may run the risk of identity fraud ; During transmission , Not properly encrypted data is facing external threats such as being hijacked by hackers ; After massive data is uploaded to the big data platform , Maybe we'll face the drag library 、 Storehouse 、 Big data platform risks such as misoperation ; Processed data , It will flow to all kinds of office workers , There may also be personnel leakage in this link , Sensitive data out of control and other internal leakage problems . so to speak , The risk of data security actually runs through the whole life cycle of data , It needs to be based on Information Security Technology , Achieve end-to-end confidentiality of data 、 integrity 、 Authenticity 、 The protection of non repudiation .
Q3： at present , What are the rigid compliance requirements of national laws, regulations and relevant standards for data security protection of enterprises ？ How should enterprises respond to ？
Xie can ： In terms of compliance requirements , International standards are more mature in developing data privacy compliance standards , Such as GDPR 、PCI DSS Or is it ISO27001 etc. . But in recent years , In China, some laws and regulations have been continuously introduced in the field of data security , From the initial 《 Network security law 》 To 《 Cryptology 》, And what's being worked out 《 Data security law 》、《 Personal information protection law 》 etc. , Both in terms of data security and personal information systems .
among ,《 Cryptology 》 as well as GB/T 39786-2021《 Information security technology Basic requirements for password application of information system 》 This paper puts forward normative requirements for data security protection based on cryptographic technology . meanwhile , For key infrastructure and three-level system of equal protection , Launched 《 Security evaluation of commercial password applications 》 requirement , Ensure that under the premise of developing the digital economy , Data security is effective .
government affairs 、 Extensive financial 、 traffic 、 Education, central enterprises and other industries , Will be the first to face the corresponding norms and requirements . For these industries , We suggest that the relevant compliance requirements should be analyzed first , At the same time, sort out their own data , And then analyze how to use the corresponding safety protection methods , So as to form a systematic landing scheme .
Q4： Just mentioned the implementation of data security protection based on cryptographic technology , What are the advantages of using cryptography to protect data , What are the difficulties for enterprises to make good use of passwords ？
Xie can ： The essence of information security is actually to protect the confidentiality of information - Don't let it out , integrity - Not tampered with , Authenticity - The identity is not used falsely , And non repudiation - Non-Repudiation , All of these can be well protected by cryptographic technology . For example, bitcoin, which we are already familiar with 、 Digital RMB, etc , They also have a name called “ Cryptocurrency ”, It is also the use of cryptographic technology to achieve a high degree of information security . so to speak , Cryptography is the core technology and basic support for building network security and trust system .
Actually , Cryptography seems far away from us , But it is often used in daily life . But when you look at cryptography from a mathematical perspective , It's more complicated to use .
From the domestic password market situation , Cryptography faces three major difficulties —— difficult to do , Difficult to use , Difficult to manage . Hard to do is High development threshold , Need technical personnel to have a certain grasp of cryptographic technology ; Difficult to use is cryptographic algorithm 、 Password products 、 Password application is out of line with the three , It takes a lot of development work ; It's difficult Password applications are scattered , The industry lacks uniform standards , We will have some difficulties in operation and maintenance management .
Q5： Aiming at the difficulties and challenges of enterprise password transformation , What capabilities and solutions does Tencent have ？
Xie can ： Finance 、 government affairs 、 traffic 、 energy 、 Manufacturing and other key industries 、 And the corresponding government cloud 、 Financial cloud 、 Big data platform and other system platforms are the key requirements of data security protection .
Aiming at the data security challenges of users and the difficulties of password application compliance , We're launching compliant password application solutions , The core goal is Help users to meet some requirements of data security protection and password compliance with minimum cost ; The basic idea is to integrate cryptography Service oriented 、 The way of componentization , Provide data security services to the outside world , Provides authentication from the terminal 、 Transport security 、 Storage security, operation and maintenance management, etc , Realize data from acquisition to transmission 、 analysis 、 Use 、 Data security protection in the whole process of consumption , Help enterprises deal with some data security challenges in the era of digital economy .
Q6： Can it be combined with relevant practical cases , Talk about the advantages of compliant password application solutions ？
Xie can ： First of all , Security Convergence . The foundation of digital economy is network infrastructure and intelligent information technology , Our data security system can be seamlessly integrated into the infrastructure , Realize the security of the infrastructure ;
second , Password as a service . We mentioned some difficulties in the application of cryptography , Based on Tencent cloud compliance password application solution , We transform complex cryptographic operations and cryptographic design into data security services , Greatly reduce the difficulty of password application ; Storage security , Our cloud access security agent CASB service , The confidentiality and integrity of data storage can be protected by simple configuration , And it can meet the relevant compliance requirements of the State Password Administration ;
Third , Default compliance . Identity authentication based on cryptography in data security 、 Transport security 、 Secure storage 、 Manage security and other components to ensure commercial password product certification ; Security architecture design , Based on fusion design , Achieve default compliance for the infrastructure , Reduce compliance costs for users .