On June 26, the "2023 Big Data Industry Development Conference" jointly sponsored by China Communications Standards Association and China Academy of Information and Communications Technology kicked off in Beijing. The latest research and practical results.
Li Bin, General Manager of Tencent Cloud Security, attended the High-quality Data Security Development Forum, shared Tencent Cloud's own practical experience in data security governance, and released the "Data Security Governance and Practice White Paper" jointly prepared by China Academy of Information and Communications Technology and Tencent Security (below referred to as the "White Paper").
In the white paper, the two parties jointly sorted out the trends and challenges of data security governance, output an implementation framework applicable to enterprise data security governance, and provided a comprehensive practical reference guide for the industry.
Trends and Dilemmas of Data Security Governance
As a new type of production factor, data has become an important asset and basic strategic resource of enterprises. The importance of data value has been highlighted, and data security issues have attracted much attention. The resulting data security governance has also become a core issue in the industry.
The white paper points out that with the continuous development of the digital economy, the demand for data security governance has increased significantly. In the context of the gradual implementation of data security regulatory requirements, the motivation for data security construction in various industries has increased significantly. At the same time, the rapid development of data security single-point technology has led to the budding of data security platform technology. This work has entered the stage of gaining momentum, and the demand of enterprises for the construction of data security governance system is showing a booming trend.
However, it cannot be ignored that data security governance is facing some pain points and challenges due to the complexity of the circulation of data elements and the blurring of the main responsibility boundary of data security. By analyzing the evolution of information technology, regulatory and regulatory requirements, etc., the white paper deeply analyzes the dilemma in the process of data security governance from the three levels of compliance, enterprise management and technology.
From the perspective of compliance, data security governance mainly faces difficulties in data security governance covering the entire life cycle, continuous refinement of laws, regulations and regulatory requirements, data value mining in compliance scenarios, and challenges in data cross-border compliance. Pain points: From the perspective of management and implementation, data security governance mainly includes pain points in the implementation of data security responsibilities, outdated data security management models, and difficult implementation of management systems; technically, the challenges of data security governance are mainly reflected in information technology. The speed of iteration continues to accelerate, enterprises have relatively limited choices in data security technology, and technical difficulties brought about by the era of big data, etc.
Overall, the demand for data security governance is becoming increasingly prominent, but data security governance is a long-term and complex task with many challenges. Enterprises need to carry out comprehensive and systematic construction to ensure the implementation of data security governance.
The five major systems "prescribe the right medicine" to build a sound governance framework
Li Bin believes that data is distributed in all aspects of enterprise production and circulation, and has the characteristics of complex scenarios, diverse forms, huge volume, and continuous generation of new data. Means and other levels to ensure the implementation.
The white paper divides the data security governance system framework into five layers: legal compliance system, organizational security system, process system, technical system, and security infrastructure.
Among them, the legal compliance system is the top-level guarantee of Tencent's data security governance system framework, and it is the laws, regulations and standards that enterprises should abide by in the process of data processing and management; the organizational security system is an important support for the enterprise data security governance system framework, which needs to be followed. The principles of top leadership participation, clear responsibility, and cross-departmental collaboration ensure the efficient operation of data security governance; the process system is the key to the operation of Tencent's data security governance system framework, and the process system refines the processing steps of the entire data security governance. It can help enterprises to better implement; the technical system is the core pillar of the governance system framework, a series of technical means and measures established to ensure data security; the security infrastructure is the solid foundation of the data security governance system framework.
The white paper also shares several typical data security governance practice cases for industry reference.
With the transformation of the driving force of enterprise production, the motivation of enterprise data security construction is gradually strengthened. More and more enterprises are paying attention to data security and taking measures to strengthen data security governance. Tencent Security has a lot of experience in data governance based on its own practice and customer service, and has mature technical solutions in key areas such as data classification and classification, data access proxy, confidential computing, and operation and maintenance management and control. Tencent Security is committed to delivering cutting-edge data security governance concepts and practical methodologies to the industry, helping companies improve their governance levels.
The implementation of data classification and grading is the basic premise of the dynamic protection of data in the whole process. However, due to the characteristics of complex scenarios, various shapes, huge volume, and continuous generation of new data, the data of enterprises is often classified in practice. Unable to sustain landing effectively.
What are some good ideas and mature methods to solve this problem? At 14:30 on June 29th, Tencent Security held a themed online seminar and invited 3 industry experts to talk about data classification and classification. Please pay attention to the live broadcast.
