Industry security experts talk about the rapid development of digital economy, how to guarantee the security of data elements?

Tencent security 2021-04-07 19:03:12
industry security experts talk rapid

This year, “ The two sessions ” period ,“ Digital economy ” Become a high-frequency hot word . In the digital economy , Data has become a driving force for industrial transformation and upgrading 、 It is an important factor of production to speed up the construction of digital society .

however , While the digital economy brings new opportunities for development , The situation of data security is not optimistic . Disclosure of information ,2020 The average economic loss of global data leakage was 1145 Thousands of dollars .

Faced with the risk of data leakage , Relevant domestic laws and regulations are constantly improved . According to the national laws and regulations and relevant standards, the data security protection compliance requirements of enterprises are put forward , How to deal with ? How to efficiently pass the new challenge of password compliance ? By Tencent security joint cloud + Community built 「 Industrial safety experts 」 Issue 28 I'm invited to Xie can, senior researcher of Tencent security Yunding laboratory , Comprehensive analysis of enterprise data encryption strategy and planning , And share the landing application of Tencent to ensure the security of data elements .

Q1: It ended not long ago “ The two sessions ” On ,“ Digital economy ” Become a hot word mentioned frequently . So what role does data play in the development of digital economy ?

Xie can : In a broad sense , All direct or indirect use of data to guide resources to play a role , All economic forms that promote the development of productive forces can be included in the category of digital economy .

2020 year , The world has stood the great test of COVID-19 . Under such a test , Digital Government 、 The new retail 、 New culture and tourism have been further developed in China , It also fully demonstrates the great potential of digital economy . We said , capital 、 Technology is the key factor of industrial economy , that Data is the key factor of production in the era of digital economy . Enterprises and institutions should make good use of , Give full play to the value of data , It is business innovation in the era of digital economy 、 The main driving force for productivity improvement .

Q2: The importance of data is increasing , In recent years, enterprise data security incidents are also common , So what are the main risks of data security ?

Xie can : The core of digital economy is the integration of data and industry , The premise is the application of data . Data acquisition 、 share 、 analysis 、 Flow and use will face different levels of risk , This includes data ownership 、 Data flow 、 Cross border transmission and security protection .

From the perspective of single data security , In the process of data input and upload , You may run the risk of identity fraud ; During transmission , Not properly encrypted data is facing external threats such as being hijacked by hackers ; After massive data is uploaded to the big data platform , Maybe we'll face the drag library 、 Storehouse 、 Big data platform risks such as misoperation ; Processed data , It will flow to all kinds of office workers , There may also be personnel leakage in this link , Sensitive data out of control and other internal leakage problems . so to speak , The risk of data security actually runs through the whole life cycle of data , It needs to be based on Information Security Technology , Achieve end-to-end confidentiality of data 、 integrity 、 Authenticity 、 The protection of non repudiation .

Q3: at present , What are the rigid compliance requirements of national laws, regulations and relevant standards for data security protection of enterprises ? How should enterprises respond to ?

Xie can : In terms of compliance requirements , International standards are more mature in developing data privacy compliance standards , Such as GDPR 、PCI DSS Or is it ISO27001 etc. . But in recent years , In China, some laws and regulations have been continuously introduced in the field of data security , From the initial 《 Network security law 》 To 《 Cryptology 》, And what's being worked out 《 Data security law 》、《 Personal information protection law 》 etc. , Both in terms of data security and personal information systems .

among ,《 Cryptology 》 as well as GB/T 39786-2021《 Information security technology Basic requirements for password application of information system 》 This paper puts forward normative requirements for data security protection based on cryptographic technology . meanwhile , For key infrastructure and three-level system of equal protection , Launched 《 Security evaluation of commercial password applications 》 requirement , Ensure that under the premise of developing the digital economy , Data security is effective .

government affairs 、 Extensive financial 、 traffic 、 Education, central enterprises and other industries , Will be the first to face the corresponding norms and requirements . For these industries , We suggest that the relevant compliance requirements should be analyzed first , At the same time, sort out their own data , And then analyze how to use the corresponding safety protection methods , So as to form a systematic landing scheme .

Q4: Just mentioned the implementation of data security protection based on cryptographic technology , What are the advantages of using cryptography to protect data , What are the difficulties for enterprises to make good use of passwords ?

Xie can : The essence of information security is actually to protect the confidentiality of information - Don't let it out , integrity - Not tampered with , Authenticity - The identity is not used falsely , And non repudiation - Non-Repudiation , All of these can be well protected by cryptographic technology . For example, bitcoin, which we are already familiar with 、 Digital RMB, etc , They also have a name called “ Cryptocurrency ”, It is also the use of cryptographic technology to achieve a high degree of information security . so to speak , Cryptography is the core technology and basic support for building network security and trust system .

Actually , Cryptography seems far away from us , But it is often used in daily life . But when you look at cryptography from a mathematical perspective , It's more complicated to use .

From the domestic password market situation , Cryptography faces three major difficulties —— difficult to do , Difficult to use , Difficult to manage . Hard to do is High development threshold , Need technical personnel to have a certain grasp of cryptographic technology ; Difficult to use is cryptographic algorithm 、 Password products 、 Password application is out of line with the three , It takes a lot of development work ; It's difficult Password applications are scattered , The industry lacks uniform standards , We will have some difficulties in operation and maintenance management .

Q5: Aiming at the difficulties and challenges of enterprise password transformation , What capabilities and solutions does Tencent have ?

Xie can : Finance 、 government affairs 、 traffic 、 energy 、 Manufacturing and other key industries 、 And the corresponding government cloud 、 Financial cloud 、 Big data platform and other system platforms are the key requirements of data security protection .

Aiming at the data security challenges of users and the difficulties of password application compliance , We're launching compliant password application solutions , The core goal is Help users to meet some requirements of data security protection and password compliance with minimum cost ; The basic idea is to integrate cryptography Service oriented 、 The way of componentization , Provide data security services to the outside world , Provides authentication from the terminal 、 Transport security 、 Storage security, operation and maintenance management, etc , Realize data from acquisition to transmission 、 analysis 、 Use 、 Data security protection in the whole process of consumption , Help enterprises deal with some data security challenges in the era of digital economy .

Q6: Can it be combined with relevant practical cases , Talk about the advantages of compliant password application solutions ?

Xie can : First of all , Security Convergence . The foundation of digital economy is network infrastructure and intelligent information technology , Our data security system can be seamlessly integrated into the infrastructure , Realize the security of the infrastructure ;

second , Password as a service . We mentioned some difficulties in the application of cryptography , Based on Tencent cloud compliance password application solution , We transform complex cryptographic operations and cryptographic design into data security services , Greatly reduce the difficulty of password application ; Storage security , Our cloud access security agent CASB service , The confidentiality and integrity of data storage can be protected by simple configuration , And it can meet the relevant compliance requirements of the State Password Administration ;

Third , Default compliance . Identity authentication based on cryptography in data security 、 Transport security 、 Secure storage 、 Manage security and other components to ensure commercial password product certification ; Security architecture design , Based on fusion design , Achieve default compliance for the infrastructure , Reduce compliance costs for users .

本文为[Tencent security]所创,转载请带上原文链接,感谢

  1. 01_Nginx下载安装
  2. Spring Boot + Vue3 前后端分离 实战wiki知识库系统
  3. 01_ Download and install nginx
  4. Spring boot + vue3 front end and back end separation practical wiki knowledge base system
  5. vue实现tab选项卡
  6. 【vue】v-for倒序显示/JSON数据倒序
  7. 【vue】三种获取input值的写法
  8. 【vue】class、style的用法
  9. 「开源免费」基于Vue和Quasar的前端SPA项目crudapi后台管理系统实战之动态表单设计器(五)
  10. VSLAM前端:双目极线搜索匹配
  11. VSLAM前端:金字塔光流跟踪算法
  12. Vue realizes tab
  13. VSLAM前端:图像特征提取
  14. [Vue] V-for reverse display / JSON data reverse
  15. 独家对话阿里云函数计算负责人不瞋:你所不知道的 Serverless
  16. Three ways to get input value
  17. The usage of class and style
  18. "Open source and free" dynamic form designer of crudapi background management system of front end spa project based on Vue and Quasar (5)
  19. VSLAM front end: binocular epipolar search matching
  20. VSLAM front end: Pyramid optical flow tracking algorithm
  21. VSLAM front end: image feature extraction
  22. Exclusive dialogue with the person in charge of Alibaba cloud function computing: what you don't know about serverless
  23. 「开源免费」基于Vue和Quasar的前端SPA项目crudapi后台管理系统实战之序列号自定义组件(四)
  24. "Open source and free" serial number customization component of crudapi background management system of front end spa project based on Vue and Quasar (4)
  25. JavaScript 相似度排序
  26. Springboot项目搭建(前端到数据库,超详细)
  27. Less than 150 lines of code to write a python version of the snake
  28. 02_Nginx部署服务
  29. vue 快速入门 系列 —— vue 的基础应用(上)
  30. JavaScript similarity ranking
  31. 基于Vue和Quasar的前端SPA项目crudapi后台管理系统实战之布局菜单嵌套路由(三)
  32. Springboot project construction (front end to database, super detailed)
  33. 02_ Nginx Deployment Services
  34. vue 快速入门 系列 —— vue 的基础应用(上)
  35. Vue quick start series basic application of Vue
  36. Layout menu nested routing of front end spa project crudapi background management system based on Vue and Quasar (3)
  37. Vue quick start series basic application of Vue
  38. 一个好用的Visual Studio Code扩展 - Live Server,适用于前端小工具开发
  39. 基于Vue和Quasar的前端SPA项目实战之用户登录(二)
  40. css常用选择器总结
  41. Behind the miracle of the sixth championship is the football with AI blessing in the Bundesliga
  42. An easy to use Visual Studio code extension - live server, suitable for front-end gadget development
  43. 用 Python 抓取公号文章保存成 HTML
  44. User login of front end spa project based on Vue and Quasar (2)
  45. Summary of common selectors in CSS
  46. Using Python to grab articles with public number and save them as HTML
  47. To "restless" you
  48. 【免费开源】基于Vue和Quasar的crudapi前端SPA项目实战—环境搭建 (一)
  49. 【微信小程序】引入阿里巴巴图标库iconfont
  50. layui表格点击排序按钮后,表格绑定事件失效解决方法
  51. Unity解析和显示/播放GIF图片,支持http url,支持本地file://,支持暂停、继续播放
  52. 【vue】 export、export default、import的用法和区别
  53. [free and open source] crudapi front end spa project based on Vue and Quasar
  54. [wechat applet] introduces Alibaba icon library iconfont
  55. Layui table click Sort button, table binding event failure solution
  56. Element树形控件Tree踩坑:修改current-node-key无效
  57. Unity parses and displays / plays GIF images, supports HTTP URL, supports local file: / /, supports pause and resume playback
  58. Element树形控件Tree踩坑:修改current-node-key无效
  59. The usage and difference of export, export default and import
  60. Element tree control: invalid to modify current node key