On June 15, 2023, the analysis agency Frost & Sullivan (Frost & Sullivan) Toubao Research Institute released the "2023 Tencent Security Data Security Capability Center Analysis Report" (hereinafter referred to as: the report), the report focuses on Tencent Security's solutions in the field of data security The requirements interpretation and development trend analysis are carried out in the dimensions of ideas, products, security systems, and industry cases, providing enterprise managers with a comprehensive understanding of data security and decision-making support.
Four key products, covering the entire life cycle of enterprise data
In 2023, the State Council issued the "Opinions on Building a Data Basic System to Better Play the Role of Data Elements", marking the transformation of data security from "compliance and responsibility" to "compliance and effectiveness". This shift is propelling the data security industry towards a value-driven direction. Prior to this, the data security industry experienced development stages such as risk-driven and compliance-driven. As data assets become an important part of production factors, the data security industry has entered a value-driven stage. Due to the differences in the form of data scenarios, as well as the diversity of needs and control requirements, enterprise digital governance is facing more and more challenges, such as Lack of effective data classification and classification, lack of risk maps for data and personal information protection, lack of legal compliance identification and mapping, lack of a complete data security governance framework, etc.
According to the report, dozens of individual security products cannot be used to achieve full lifecycle data security. In the face of dynamic, extensive, and differentiated security risks, the optimal product idea for security vendors is to start from the perspective of the enterprise and focus on the most important The security node establishes a security link and "productizes" and "services" the security link.
In the process of ensuring the security of enterprise data, identification and governance of data flow, encryption and decryption of data, protection of data transfer/storage/access security, and internal leakage of operation and maintenance audits are key links. Tencent Security is the pioneer and practitioner of this product idea, and based on this, it has built a matrix of four core products to provide enterprises with comprehensive data security solutions.
Tencent Security's four major product matrices include data security governance center, cloud encryption, CASB cloud access security proxy, and operation and maintenance data security, covering the key links of enterprise data security. At the same time, Tencent Security continues to add other core modules to meet the evolving needs of enterprises in terms of data security.
According to the report, the overall solution of Tencent Security's data security products has the following advantages:
✓ Low/no modification: The product business layer is decoupled from the base, and the abstract platform adaptation layer supports output to different platforms with minimal adaptation work.
✓ Openness and high usability: the platform adapts to API gateway, account system, rights management, container mirroring, and configuration management.
✓ Deployment flexibility: The base supports public cloud, TCE, TCS, etc. at the same time.
The report also mentioned that Tencent Security's development path planning for data security technology will focus on frontier exploration and continuous iteration in three directions: data security governance center, confidential computing, and data security atomic capabilities.
Systematization of products, four-step strategy of data security governance plan
In addition to the productization of governance capabilities in key links of data security, it is also necessary to apply the "systematization" principle of data security products to actual operational requirements.
Tencent Security believes that the focus of data security governance should be based on business and compliance needs, define data security governance objects based on the status quo of the enterprise, implement data asset classification and classification security strategies, implement data security technical protection methods as needed, and rationally use technical tools. Combined with management methods and technical tools to achieve effective control and synchronization of data security policies, we can continuously improve the level of data security protection, help enterprises realize the transformation from passive defense to active governance in the field of data security, and continuously evaluate and formulate data.
Based on customer business scenario protection practices and technical capability reserves, Tencent Security proposed the Tencent Cloud data security governance framework and the "four-step" methodology for the implementation of data security governance, and provided corresponding data security governance solutions step by step. The first step is asset sorting & classification and hierarchical management, the second step is continuous identification and assessment of data security risks, the third step is effective configuration of data security protection strategies, and the fourth step is continuous monitoring and response.
Based on the understanding of the four-step strategy of the data security governance plan, the systematization process of data security products also follows the direction of product integration, lightweight security capabilities, and out-of-the-box transformation-free, always insisting on reducing user effort. The threshold of actual operation, the improvement of the overall data security performance level and the adaptive elasticity of the data environment are the goals of the "systematization" of data security.
The "2023 Tencent Security Data Security Capability Center Analysis Report" also provides a case of Tencent Security's data security implementation in the pan-Internet, financial and government industries. Through in-depth analysis of industry cases, it demonstrates Tencent Security's data security insights and solutions in different industries, and provides practical guidelines for data security governance of enterprises in related industries.