With the acceleration of digitalization, the boundaries of enterprise digital systems are constantly expanding, security risks and challenges are increasing, and traditional passive defense security responses are often weak. The digital security era urgently needs to establish a new security paradigm.
On June 13, Tencent Security and IDC jointly released the "Digital Security Immunity" model framework in Beijing, proposing to use immune thinking to deal with the synergistic relationship between security construction and enterprise development in the new era, aiming at enterprise data and business, building resilience, The adaptive and scalable security immune system escorts the high-quality development of enterprises in the digital age.
(Digital Security Immunity Model Framework Released in Beijing)
Ding Ke, vice president of Tencent Group and president of Tencent Security, said that in the new stage of digital intelligence, development-driven has become a general consensus on security construction. Enterprises need to change from passive security to active defense, and build a new set of security paradigms and frameworks to improve digital security. Immunity, with a more positive and proactive security concept, replace "curing the disease" with the idea of "preventing the disease".
(Ding Ke, Vice President of Tencent Group and President of Tencent Security)
Wu Lianfeng, vice president and chief analyst of IDC China, said that the next five years will still be the golden age of digital development, and 2023 will become an inflection point in the digital transformation of enterprises, that is, enterprises will enter the era of digital business from the era of digital transformation. Digital security immunity can continuously provide security impetus for the development of enterprises from the inside out, and help the resilient development of the digital age.
(Wu Lianfeng, vice president and chief analyst of IDC China)
Mao Jiye, Professor of Business School of Renmin University of China, Wen Zhe, Executive Director of China Information Security Magazine Co., Ltd., Yang Jian, Vice President of Tencent Group and General Counsel of Tencent Research Institute, Li Xueying, Chairman and CEO of Tianrongxin Technology Group, and Vice President of Tencent Security Zhou Bin, President, Yang Guangfu, Vice President of Tencent Security, Dong Zhiqiang, Head of Tencent Security Yunding Lab, Wu Shi, Head of Tencent Security Keen Lab, Liu Bo, Deputy General Manager of CNNC Beijing Huahui Technology Development Co., Ltd., State Power Investment Corporation Zhang Chenggang, executive deputy director of the General Technology Department of the Academy of Science and Technology, and other guests from all walks of life in industry, academia and research also attended the forum to witness the release of the "Digital Security Immunity" model framework.
Paradigm innovation in safety construction: from passive safety to development-driven
Mao Jiye, a professor at the School of Business at Renmin University of China, believes that data security and privacy protection are often blind spots in digital transformation. The security consequences are relatively controllable at the stage of low data volume. At the moment when the data volume is exploding, the consequences of data security incidents are "nuclear bombs". Enterprises need to coordinate the relationship between development and security, and create a security paradigm that adapts to the digital age.
( Mao Jiye, Professor of Business School, Renmin University of China)
However, in the specific practice of enterprises, it is always difficult to "go hand in hand" with security and development. According to the "2023 Enterprise Security Construction Level Sampling Survey Report" formed by Tencent Security and Anzai's joint survey of 1,500 CSOs, 70% of enterprises' security investment is below the 5% baseline, and more than half of CSOs believe that security has become a constraint on corporate development. In the past, passive security thinking has become a major limitation for the development of enterprises in the digital age. CSOs generally express their core concerns about security construction.
Behind the fact that the status quo of enterprise security needs to be improved is actually the failure of traditional security paradigms. According to Ding Ke, vice president of Tencent Group and president of Tencent Security, the underlying logic of the status quo of corporate development and security faults is that the driving force for security construction in the digital age has undergone fundamental changes. With the deepening of enterprise digitalization, security construction has transitioned from a single driver in the early stage to comprehensive factors such as offense and defense, events, and compliance. Today, digital business has become the center of the organization, and "passive security" has become "active defense", which is the core consideration of enterprise security.
Wu Lianfeng, vice president and chief analyst of IDC China, also said that the traditional passive security model based on offense and defense and events should be transformed into a security model oriented to future deployment and long-term development of enterprises, and build a comprehensive, risk-based and compliance-based security system . That is to imitate the immune system used by the human body to resist diseases, build a digital security immunity system, and establish a forward-looking security concept. When faced with multi-dimensional threats, a systematic resistance and defense mechanism can be activated in a more timely manner to effectively deal with infrastructure, Combined attacks in the network, data, business, and management domains.
Li Xueying, chairman and CEO of Tianrongxin Technology Group, said that the importance of key information infrastructure drives its security construction to be placed in the highest strategic position, and the security construction of enterprises needs to be in line with their own development status, and the security construction of key information should be conceptualized For your own use, comprehensively create a new paradigm of development and security collaboration.
( Li Xueying, Chairman and CEO of Tianrongxin Technology Group )
The " Digital Security Immunity" model framework is released, and the three-tier immune system escorts the development of enterprises
At the forum site, Tencent Security and IDC released the white paper "Strengthening Enterprise Digital Security Immunity, Helping Resilient Development in the Digital Era", explaining the connotation and practical path of digital security immunity.
The white paper believes that enterprises should establish an in-depth defense system with data and business as the anchor point, specifically to establish two immune "fortresses" of data security governance and business risk control. Establish a normalized security operation management system with people as the core to support the operation of the "central system" of digital security immunity. The outermost layer should remove the "fence" of traditional software and hardware security, and use platform ideas and plug-in ideas to incorporate endpoint security, border security, and application development security into the platform, so that security tools and security technologies can be accessed as needed.
(Tencent Security & IDC "Digital Security Immunity White Paper")
With the support of new technologies, black and gray production attacks will take the lead in impacting the business risk control line of defense. According to Zhou Bin, Vice President of Security at Tencent, the behavior of "human simulation" triggered by AGI will partially invalidate the traditional risk control strategy of "predicting future behavior based on past behavior", and business risk control is shifting from "rule confrontation" to "model confrontation" . In this era, the concept of MaaS (Model as a Service) will become the key for enterprises to strengthen their immunity to risk control.
According to the forecast of IDC, the global data volume will reach 221.2ZB in 2026, with a compound annual growth rate of 21.2%. The revelation of the value of data will undoubtedly trigger the coveting of a large number of black industries. Dong Zhiqiang, head of Tencent Security Cloud Ding Lab, believes that data security is not only a security issue, but also a business issue. As the security DNA of an enterprise's digital transformation, data security governance needs to promote a closed loop from the four key steps of data default security endogenous business, data visibility, manageability and controllability, and intelligent operation.
In terms of security operations and management, threat intelligence is the "brain" that drives the operation of the security system. Wu Shi, head of Tencent Security Keen Lab, said that in the face of massive threats, the traditional rule-based operation method does not have immune characteristics such as self-identification, adjustment and balance, and wide applicability. Threat intelligence is the "inoculation vaccine" in the security immunity system. AI security technology has wide applicability and is an important direction for the development of the future security immunity system.
The accelerated digital transformation of enterprises has broken traditional security boundaries. Yang Guangfu, vice president of security at Tencent, believes that network security has evolved from bounded to unbounded. Enterprises are facing new challenges and need to reshape the trust boundary with the terminal as the core. Not only that, but in order to build a continuously evolving immunity, enterprises also need to practice safety shifting to the left, realize front-end safety work, and build an intelligent safety operation platform to realize human-machine collaboration and improve safety efficiency.
Tencent injects "immunity" into thousands of industries with its own large-scale practice
In fact, Tencent itself is a practitioner of the concept of digital security immunity. In the past 20 years of development, Tencent has followed the idea of elastic, adaptive, and scalable security construction to safely escort its own massive users and business scenarios. According to Ding Ke, Tencent Security has created a number of large-scale security practices: trillion-level classification and governance of Tencent Cloud data, risk control and confrontation of various businesses with a volume of 1 billion users, and zero trust for 100,000 employees working remotely Conceptual practice, cloud-native practice of self-developed business with a scale of 50 million cores and safe migration to the cloud, etc.
At the same time, Tencent's talents, technology, data and other advantages have also accumulated in a large number of security operations in the three atomic capabilities of AI, threat intelligence, and offensive and defensive confrontation, providing underlying security power for its own business and service customers. At present, Tencent Security has served millions of customers in 18 major industries, covering more than 80% of financial companies, more than 90% of leading energy companies, and more than 20 leading car companies. At such an important moment, we provide re-insurance services for live events.
More and more leading companies are also choosing Tencent Security to enhance their immunity. Based on Tencent's rich experience in the field of zero trust, SF Technology and Tencent Security have cooperated to promote an integrated solution for zero trust security and unified threat detection and response across the network, which can not only deal with risks in a timely manner, but also ensure the office experience of internal employees. In cooperation with Bank of Jiangsu, the two parties jointly explored the application method of "federated learning" technology in financial scenarios, and built a series of model matrices that can be continuously updated on the premise that the data of both parties does not go out of the domain, innovatively transforming AI risk prediction from The pre-lending has been extended to multiple business links, which has greatly improved the loan efficiency and the overall risk control level.
Ding Ke said that in the process of deepening the industrial Internet in the past, Tencent Security used the brand-new concept of "development-driven" to help thousands of industries practice security and help customers reconstruct the new paradigm of security in the digital age. In the future, Tencent Security will continue to improve its digital security service capabilities, and continue to work hard to build a security ecosystem from the perspective of security industry development.