On April 7 , the medical data security academic seminar organized by Xiamen Health Information Society, the First Affiliated Hospital of Xiamen University, and Xiamen Fuyun Information Technology Co., Ltd. was successfully held.
As a leading manufacturer of cloud-native security in China , SafeDog not only assisted in organizing this event, but also participated in speech sharing as an expert in data security governance.
Xiamen Fuyun Information Technology Co., Ltd. (brand name: Safety Dog) was established in 2013 and is committed to providing related products, services and solutions in the fields of cloud security and (cloud) data security. As the pioneer of cloud workload security (CWPP) products in China and the pioneer of cloud host security SaaS products, Security Dog has created cloud security, security Multiple product lines, such as big data and data security, cover many cutting-edge fields in the network security industry and meet various security needs of different users.
It is reported that the purpose of this event is to explore the idea of building a data security system in the medical industry and promote better development of data security in the medical industry. After the chairman of Xiamen Health Information Society delivered a speech, experts from the medical industry and network security industry also shared their keynote speeches one by one.
Yang Ruting, the solution consultant of Safe Dog, combined her years of experience in security construction, and shared a speech with the theme of "Discussion on the Implementation of Data Security System Construction in the Medical Industry" for the guests .
Why the Medical Industry Needs Data Security Construction
When mentioning why users need to do data security construction, Yang Ruting analyzed that, on the one hand, it is due to the fact that the country has paid more attention to data security in recent years, such as the "Network Security Law" and "Data Security Law", and on the other hand, it is because of 0day attacks , external data sharing risks, data encryption and extortion, and other external threats to user data security are constantly increasing . internal risks . Multiple factors and threat scenarios make it imperative to build a data security system for users , especially for users in the medical industry.
As a medical industry that is related to the people's livelihood and involves a large amount of personal privacy information, its users are also faced with a series of policy requirements such as the "Healthy China 2023 Planning Outline" in implementing the national strategy of "Healthy Power" . At the same time, medical data is facing data security and internal control failure. , Data loss, business stagnation, ransomware virus data encryption and other series of problems, various factors drive the implementation of digital applications in medical institutions .
When introducing the threat scenarios faced by medical data security , Yang Ruting said that it mainly includes data security internal control risks, mobile data security risks, business continuity guarantee risks, and database operation (vulnerability) risks. Due to the high sensitivity and high value of medical industry data, the medical industry is constantly facing the above threats.
How to implement data security construction in the medical industry
When thinking about the practical path of data security construction in the medical industry, Yang Ruting pointed out that it is necessary to achieve the trinity of management, technology, and operation :
01
Step 1: Establish a safety management compliance system
Establish the organizational structure of data security management, clarify the responsibilities of data security management positions and personnel ability requirements, formulate data security management systems, standardize the operation process of daily operation and maintenance of data and security operations, iteratively update data security emergency plans, organize and carry out security training, conduct regular Measurement and Evaluation of Data Security Construction Effect
02
Step 2: Do a good job in data security and life cycle security protection
According to the dynamic changes in the security situation, compliance requirements, technology development and evolution trends, etc., continuously optimize the data security governance system, and implement effective control measures for each link of data collection, transmission, storage, use, sharing, deletion, and destruction , to ensure that the data is in a state of effective protection and legal use
03
Step 3: Build a unified operating system
Establish a data security operation mechanism, carry out data security risk assessment, implement normalized security monitoring, identify sensitive data flow status and abnormal internal and external access behaviors in real time, analyze sensitive data flow risks, perceive the latest security threats, and predict possible network attacks or abnormal operations Behavior, linkage data security equipment for linkage disposal, to prevent major data security incidents
Data security solutions that meet the needs of the medical industry
The data security brand Data Base was launched by Safedog, aiming to create a " compliant, flexible, efficient, and easy-to-use " data security governance solution for users.
In the data security system, the data security protection technology system and data security service system are mainly built around, and various data security scenarios are supported.
Data security system construction
In terms of data security system construction , Safety Dog adheres to the goal of building integrated security protection, including risk inspection, data security resource pool, and data security management and control platform.
Among them, the data security resource pool meets the data security capability requirements of all customers in traditional customers, cloud customers, and even future industrial Internet and container environments. Achieve a great degree of adaptation in technology, and use a unified security operation idea to give full play to the security closed-loop capability of the data security resource pool, and expand the ubiquitous capability of security capabilities, so that data asset sorting, data encryption capabilities, and data Desensitization capabilities, data attack protection capabilities, data audit capabilities, and data leakage prevention capabilities can be integrated into the ubiquitous security resource pool indiscriminately, so as to maximize the provision of indiscriminate unified security capabilities for the customer base.
The data security management and control platform realizes the connection with the resource pool, and supports the access of other multi-source data at the same time, and performs comprehensive analysis, strategy arrangement, and network space collaboration.
Data security service system construction
In terms of data security service system construction , SafeDog provides all-round security services, including overall security construction, daily operation services, and security rectification consulting.
By analyzing the importance of data security construction to the medical industry, providing suggestions for the implementation of data security construction in the medical industry, and sharing SafeDog data security solutions, Yang Ruting's in-depth speech was recognized by the guests on the scene, and also provided data security for users in the medical industry in the future. Provide new ideas to better implement the national strategy of "Healthy Power".
With the continuous deepening of the transformation of the digital economy and the continuous improvement of the economic value of data elements, how to effectively build a data security system to resist various security threats and protect sensitive data is a major challenge that the medical industry needs to solve urgently. Safedog will rely on its own security technology foundation for many years, continue to integrate & optimize security capabilities and levels, and create a security ecological pool that accommodates multi-dimensional security capabilities such as cloud security SaaS, cloud native security, data security, and secure big data. Contribute to user information security including the medical industry, enterprise digital economic transformation, and national network security development.