On April 26, Tencent Security jointly held a data security seminar in Shenzhen with the "Data Security Promotion Plan" of the China Academy of Information and Communications Technology. Bai Xiaoyong, the founder and CEO of Lianshi Network, was invited to attend and shared the topic of "practice and thinking on data security without modification", and Gong Shiran, senior business director of the Cloud Computing and Big Data Research Institute of China Academy of Information and Communications Technology, and general manager of Tencent Cloud Security Li Bin, Tencent enterprise standard expert Liu Zhenyu and other guests discussed how to make the key data assets of enterprises more secure under the new situation.
Digitalization provides an important driving force for the transformation and upgrading of enterprises and industries. There is a popular view that even compares data to "oil" in the digital economy era, which shows that data is a valuable core asset for enterprise development. However, frequent data leakage incidents and security threats also pose challenges to enterprises at the level of data security governance.
Based on the above background, the "Data Security Promotion Plan" of Tencent Security and ICT Academy invited several industry experts, scholars and business managers to discuss and share the basic principles, best practices and actual cases of data security governance to help Enterprises better protect their critical data assets.
Data security risks in the new situation
Governance Thoughts and Suggestions
Today, data breaches, breaches, and misuse are global issues. Gong Shiran, senior business director of the Cloud Computing and Big Data Research Institute of China Academy of Information and Communications Technology, believes that formulating a comprehensive risk assessment mechanism in advance must be an important way to control data security risks, and in this process, identify data security risks based on key elements especially important.
Gong Shiran suggested that enterprise data security risk management should first focus on the enterprise's key data assets, key data processing activities, and enterprise data security management and technical conditions to conduct risk investigation and assessment. Risks are unknown and ubiquitous, and securing your critical data assets is half the battle.
(Gong Shiran, Senior Business Director, Institute of Cloud Computing and Big Data, China Academy of Information and Communications Technology)
Tencent Cloud Data Security
Governance Framework and Practice
With the transformation of the new environment, new technologies, and new industries, data has become one of the contemporary core productivity elements, and data security also affects the development and survival of every organization. At the seminar, Li Bin, general manager of Tencent Cloud Security , analyzed the construction process of enterprise customer data security system based on the data security governance experience of Tencent Cloud platform.
Li Bin introduced that the ultimate goal of data security governance is to maximize the value of data under the premise of security. If an enterprise wants to establish a complete data security governance framework, it should first fully consider the requirements of policies and regulations, and formulate a digital security governance policy for the entire organization on the premise of ensuring the realization of business strategies. After the leadership framework for data security is established, further improve the workflow of enterprise data security governance, including data asset inventory and business inventory, data security risk assessment, data security risk governance, and continuous operation and response.
(Li Bin, General Manager of Tencent Cloud Security)
Retrofit-free data security
practice and thinking
Bai Xiaoyong, the founder and CEO of Lianshi Network , looks at the essence of security from a business perspective. Analyzing security is actually a business requirement, which comes from the risk mapping of business processing, and the security boundary also depends on the business boundary. The focus of data security requirements is the confidentiality and integrity of data. Data, a new type of production factor, is the main carrier for realizing business value. Data can only reflect value when it flows, and flowing data is bound to be accompanied by risks, and data security threats accompany business. Production is everywhere. However, in the process of integrating data security and business scenarios, it usually faces pain points such as high cost, high risk, and long cycle of transformation and application.
Based on this, Bai Xiaoyong further introduced the data security capability of Lianshi Network, which is characterized by "no transformation" as an innovative feature. Through high-coverage data control points, horizontal coverage is widely used, and vertical superposition discovers identification, encryption, de-identification, detection/ Response, audit and traceability and other security capabilities are quickly implemented and launched without affecting the business, decoupling security and business in technology, but integrating and interweaving in capabilities, creating a practical data security protection system.
(Bai Xiaoyong, founder and CEO of Lianshi Network)
Tencent Data Governance
Enterprise standard construction sharing
According to Liu Zhenyu, an expert on Tencent's enterprise standards , the standardization work of data governance enterprises is very important to the implementation of data security and data governance. After three years of construction and development, Tencent's data governance series of enterprise standards are promoting technical collaboration, promoting the efficiency of production and research, and driving security. Governance has played its due value.
Tencent established a standard affairs center in 2016 to coordinate standard affairs and support the standard requirements of each product line. At the beginning of 2020, Tencent's standard team and the company's data governance open source collaboration team jointly established data governance enterprise standards, and initially established Tencent's data governance enterprise standard system, realized standards and platform coordination, reduced redundant construction, and improved the data governance level of each BG .
In terms of network security and data security, up to now, Tencent has led and participated in the development of more than 100 international, national, industry and group standards in the security field.
(Liu Zhenyu, Tencent Enterprise Standards Expert)
At the seminar, both the on-site audience and the online audience actively exchanged views on hot topics such as how data security does not affect business availability and cross-border data.
The article comes from: Industrial Security Talk Official Account