Foreword: In the previous issues, we talked about the methodology of digital transformation and the consideration of going to the cloud. So, who is responsible for security issues? Vendors know the truth. We have the best technology, the strictest process planning, and the best security experts. But why is data security still the biggest issue in the digital age?
If you don't know what the cloud series of security issues are, just read the recent hot topics.
hot topic
"Am I going to give you money so you won't reveal my personal information?"
"You know your user agreement sucks?"
"Did Facebook discuss informing users after the Cambridge Analytica incident?"
"Is Facebook the victim of the whole thing? What about 87 million users?"
"How long will the data be kept after the user leaves the platform?"
At this moment, Facebook CEO Zuckerberg is in a state of turmoil. He is accepting a series of questions from members of Congress about the "Facebook data leak scandal". His unconvincing answers clearly cannot convince members of Congress, the media, and other members of Congress. The general public is satisfied.
Coincidentally, the famous former drug dealer aka.Big Time in Birmingham, England complained in an interview at the end of his four-year sentence: "A smartphone in a trouser pocket is like a time bomb tied to the body, it is even bigger than a mother. Get to know you. We only use old Nokias, stay away from those messy apps, stay away from the internet and big data.”
If the big British drug dealer knew about the recent big data killing incident in China, he would probably feel more empathy. The frequent outbreaks of data privacy leaks or abuses at home and abroad in recent years have sounded the alarm for the public, enterprises, and government agencies: in the face of an emerging and growing digital world and cloud world, what should be done about data security and data privacy? be protected?
2B and 2C boundaries are different
"The Economist" said in "Data is the Oil of the Future" that data is the advantage of the digital age, and Facebook and Google are all data-centric companies that provide customers with various services for free. At the same time, it also collects as much data as possible, manages data, and makes money through data. As these companies have more and more control over data, consumers' weak position in data has become more and more obvious.
Here's a point to make. The purpose of Internet companies to provide services to consumers in a "free" way is to monetize through "data", which is a common practice in the 2C field. At present, the boundaries of laws and regulations are relatively blurred, and it is generally necessary to promote the improvement of laws after a problem occurs. The cloud services in the 2B field have perfect legal and regulatory boundaries. They only provide data services, but cannot "steal" the data of partners or final consumers. This is the bottom line. If this bottom line is broken, or the boundary is consciously blurred, then there is a problem with the security of this cloud computing manufacturer, such as...Which one do you think of? If these manufacturers operate 2B customers with the idea of 2C, then quickly stay away.
Precisely because it is in the ambiguity of security issues, Facebook can not even discuss whether to inform users after the "Cambridge Analytica incident" broke out; Amazon considers sharing the audio data in Alexa devices to third-party developers without consulting users; Because of this, Some domestic OTAs and travel companies can recklessly use the data and big data technology in their hands to frantically kill consumers...
progress little by little
Today, all walks of life are moving towards digitalization, which means that more and more of our behaviors and trajectories will be digitalized in the future. From a personal point of view, the data generated by various behaviors actually represent their own data privacy. Of course, online service providers such as Facebook can exchange the data of individual users through free services, but the dominance of data does not It should be completely dominated by these big companies, and individuals at least need to have the right to know their data and know where their data will be used by service providers.
At the same time, government agencies need to speed up the new anti-monopoly legislation on data monopoly to make the data collection and use process of these online service giants more transparent; at the same time, it is also necessary to make the data rights belonging to individuals more clear and fairness. It is worth noting that on May 25 this year, the General Data Protection Act, the world's first act to protect personal data privacy in the era of big data, will be officially implemented. This regulation was formulated by the European Commission. Today, with frequent data privacy incidents, the launch of this program is of great significance and will lay the foundation for future global data privacy protection.
It has become a general trend for government agencies to strengthen the supervision of data privacy. In the future, tech companies' tricks of putting data usage instructions into dictionary-thick user agreements are sure to not work.
Tighten this string all the time
The current popular digital transformation and digital economy are essentially the integration of traditional industries with new-generation information and communication technologies such as cloud computing, big data, artificial intelligence, and the Internet of Things. remodeling.
Therefore, digital transformation is the only way for all enterprises to move towards the future, and data, as a new type of production factor, will be the foundation of the entire digital economy. Important assets accumulated and precipitated by enterprises. However, in the process of digital transformation of enterprises, it is also necessary to beware of the pitfalls of data privacy.
First, pay attention to data security . Data is the most valuable resource. Enterprises need to collect, process and use data under the premise of legal compliance to improve their own data privacy and self-discipline. When supervision is gradually improving, if enterprises do not pay attention to data privacy, they will blindly pursue The so-called data value will eventually pay a painful price for it. In addition, the external environment faced by enterprises in data protection will also become more complex. Cyber attacks using big data and artificial intelligence technologies have begun to increase, and some traditional data protection security measures will be at a loss.
As someone said: believing in industry self-discipline is equal to believing in an illusory mirage. This fully shows the fragility of human nature in the face of the temptation of interests. Will there be a cure-all approach to better avoid data privacy pitfalls?
Second, adopt more advanced technology to constrain behavior and build security with advanced technology. Taking the blockchain as an example, some technology companies have begun to try to use the decentralized and immutable blockchain technology to prevent data leakage and attack, and use the blockchain to build a highly secure data privacy guarantee system. It is believed that in the future, there will be more and more complete data privacy protection solutions.
In addition, technology giants like IBM are also developing new security technologies. This technology, called lattice encryption, hides data in complex algebraic structures and is fully homomorphic encryption, which enables files to be encrypted and data to be encrypted. Computing, this technology effectively prevents hackers from various advanced attack methods, so that enterprise data can be protected.
Third, this is a systematic project. According to the survey, many enterprises have three major problems: inability to ensure business continuity due to attacks, insufficient security planning and preparation, and lack of cybersecurity incident response plans. Enterprises are required to have full life cycle management of data security and data risks, covering five stages of definition, protection, detection, response and recovery. Starting from the identification and definition of enterprise network security risks, it can quickly assess the current state, process and situation, and make overall plans. Schedule and automate monitoring, operations, and recovery. Only in this way can the system engineering of enterprise data security play an important role.
One methodology is Cyber Resiliency, which provides users with a complete data security solution based on a full life cycle framework, from risk definition and rapid assessment, to terminal and network protection, detection of unknown threats and weaknesses, to security. The fast processing and response mechanism provided by the fault caused by the event, as well as the fast reply of key data, systems and applications, effectively meet the needs of enterprise users for the full life cycle management of data security, and provide a system and a system for user data security. Comprehensive coverage.
The above five dimensions are the main security problems faced by enterprises in 2018. In fact, from a broad perspective, the security of hybrid cloud is also worth noting.
In the future, data will be linked to government agencies, enterprises, organizations, and individuals. Data privacy should not only be paid attention to by individuals, but also by enterprises and organizations. Those companies that only focus on short-term interests and try the law will inevitably end in a dead end in the future; and those companies that respect data privacy and are good at using advanced technology to mine data value and build security will inevitably take the lead in completing digital transformation in the future.
Past
review
﹀
﹀
﹀