When it comes to traceability, a series of security incidents such as "websites being hacked, business being hacked, firewalls being bypassed... etc." will immediately appear in everyone's minds. This has become a long-term investment in the IT industry. Human instinct reacted. Today, Master Hologram is also coming to the hotspots of data security, talking about data traceability in the field of data security. In addition to the traceability function in the traditional sense, the importance and function of data traceability are also being extended.
1. Traditional network security traceability
When we talk about the traceability of cybersecurity incidents, it mainly includes two aspects. On the one hand, we need to trace the source of security incidents and clearly define responsibilities so as to be able to hold accountable responsibilities; on the other hand, we need to review the entire incident and analyze the incident. The cause of formation is to conduct a complete security assessment and inspection of the entire IT environment, check for omissions, and prevent similar incidents from happening again.
Enterprises invest a lot of resources in network security protection to ensure that their IT environment is safe and stable. The probability of security incidents is relatively small. In terms of traceability and auditing requirements, in many cases companies only deploy some equipment provided by a certain equipment supplier. A system with log function or a simple log server; on the other hand, retrospective is a series of actions for what has happened. The characteristics of “after the fact” determine that the company is The degree of attention and resources invested in the retrospective link is relatively much less, which is the current general situation.
With the rise of cloud computing, the Internet of Things, 5G, and artificial intelligence, when human society has stepped into the digital era, various shocking data security incidents have followed, pushing data security to the forefront of information security. The importance of traceability is slowly changing.
2. In the digital age, three trends surrounding data
1) Data security incidents are more harmful
The core cornerstone of the digital transformation of enterprises is data. From the business system of the enterprise to the entire upstream and downstream industrial chain associated with it, a large amount of data is continuously generated. These data can bring unlimited opportunities to enterprises. Data is regarded as the new economic era. Upstart: "oil" and "gold".
Compared with the impact and loss caused by network security incidents, the harm caused by data security incidents is greater, which is determined by the capitalization of data. In network security incidents where data is not threatened, the recovery and damage of the corporate network is relatively controllable, while in data security incidents, data damage or theft is usually irreversible, and its harm is far-reaching and unpredictable of. Therefore, in a practical sense, the ultimate goal of network security is data security. Divorced from this substantive goal, the investment in network security will get twice the result.
2) The importance of data traceability has become increasingly prominent
Countless security incidents show that the core goal of *** has turned to steal or destroy valuable data. In the face of the existing complex and systematic network security protection system, data security incidents occur frequently, indicating that the company’s network security protection system cannot effectively respond to various security threats targeting data. In the future, companies need to focus on Data is the core security system.
On the one hand, the importance of data determines that data security incidents (such as data breaches) have a wider range of impact, greater losses, and more stringent accountability. Corresponding traceability, evidence collection, definition of responsibilities, and accountability are more urgent, and the importance of data traceability is increasingly apparent.
On the other hand, retrospective bias in the traditional sense is a bit like making up for it. Data itself is characterized by abstraction, fluidity, and dynamic changes in sensitivity along with the complex life cycle. This determines that in the digital age, data is not just retrospective, but real-time and periodic data retrospective audits should be carried out to detect sensitive data. Be fully visible throughout the cycle.
3) Regulations and policies become more detailed, and supervision becomes stricter
The concept of "data as an asset" has become a consensus, illustrating the value and importance of data. With the in-depth development of the digital economy, various types of data have grown rapidly and gathered massively, which has had a major and profound impact on economic development, social governance, and people’s lives. Data has gradually realized the transformation from "assets" to "factors of production" In the "Opinions on Building a More Complete Factor Market Allocation System" on March 30, 2020, the Central Committee of the Communist Party of China and the State Council clearly included data as a new type of production factor in the policy document. At the same time, data security has become a major issue related to national security and economic and social development. Last year, the state successively promulgated the "Data Security Law (Draft)" and the "Personal Information Protection Law" to implement data security protection responsibilities. The provision of support and promotion measures can foresee that more supporting regulations and policies related to data security, as well as various norms and standards will be introduced in the future, and enterprises need to attach great importance to the construction of a data-centric security system.
3. Data traceability
1) Current status and challenges of data traceability
Enterprises are generating large amounts of data every day, and data security covers how to classify, identify, control, monitor, and trace all kinds of data. According to the investigation report of a third-party organization, most companies currently do not deploy data security protection measures and means, let alone a data traceability system, which makes companies face a severe data security situation. Once a data security incident occurs, traceability and evidence collection cannot be performed. . Many companies still use log systems to deal with data traceability. If the company does not deploy DLP products, it is difficult to effectively identify sensitive data, and it is impossible for log systems to talk about data traceability; for companies that have deployed EDR or NTA products, it is also The same problem exists.
Compared with network security traceability, the data traceability function has many extensions. Sensitive data can be efficiently identified in the flowing data and traced back to the full flow path of sensitive data. It is not only the IP address path, but the user account and device of the data in real time. , Applications, etc. to make all-round associations to discover sensitive data leakage and illegal use. These are all covered by data traceability. Only with the aforementioned functions can it be traced efficiently when a data security incident occurs.
Current DLP products basically identify sensitive data based on static rules, and record sensitive data matching rules for traceability. However, data is continuously generated anytime and anywhere, and its sensitivity may also change over time. Therefore, for the data traceability function, it is necessary to be able to trace all data, including sensitive data and non-sensitive data, without any rules. Only in this way can the traceability be guaranteed without omission. Most DLP products do not have or when the configuration rules enable full identification data, the performance will drop sharply and it is difficult to achieve full traceability.
2) Holographic data traceability
Holographic data traceability inherently has full traceability, efficient and high-performance processing capabilities to support the identification of sensitive and non-sensitive data from the mass data. The data is the core, and it is associated with multiple other dimensions to provide a 5W1H portrait for each sensitive data (What : For the active data object, When: When did it happen, Who: Who did it, Where: Where did it originate, Where did it do it, Which: What equipment, How: How did it do it), the purpose is to secure complex data The tracing process is as simple as possible, and can be quickly traced to the source, providing a detailed and complete chain of evidence, clarifying the relevant persons of the safety accident, and holding accountable and dismissing responsibility.