The development of data security products can be roughly divided into two categories: document encryption products and sandbox (or environment encryption) products. The design concepts and functions of the two types of products are quite different. Judging from the application situation in the past few years, in order to successfully implement the data leakage prevention project, in addition to choosing suitable products, it needs the attention and cooperation of customers. If you choose a product and implement it hastily without understanding the product, the project failure rate is almost 100%. There are countless negative cases like this. For sandbox products, all data will be transmitted and applied in clear text without any controlled policies. When going offline, the administrator only needs to uninstall the encryption software to quickly eliminate the impact of the encryption system on the original information system, and the risk of going offline is extremely low. For sandbox security products, I personally recommend Sangxinda SDC sandbox. For large and medium-sized R&D and manufacturing enterprises, the concept of overall protection products is more applicable. In the final analysis, the overall protection products pay more attention to the matching and integration with the existing information system and management system, and the document encryption products pay more attention to the influence and change of the operator's usage habits. Therefore, the former requires enterprises to make certain investments and concessions. Ensure the smooth launch of the anti-leakage system , but once it is launched, the operation will be smoother, and later management and maintenance will be easier; the latter is more in line with the current customer's general view of encryption products that "do not leak data and do not affect work", but The potential risks are great; the former is more like a system, the latter is more like software, the former is more suitable for the overall management needs of large and medium-sized enterprises, and the latter is more suitable for the rapid application of small-scale enterprises.
Project risks are divided into the following categories:
1. The risk of cracking encrypted files
Document encryption is to control the application software. The generated document is written into the key when it is saved, but when the ciphertext is opened on the computer installed with the encryption product client, the encryption software will automatically decrypt the ciphertext before it can Open normally, that is to say, the encrypted file still exists in plaintext in the memory, and the plaintext can be directly extracted by "reading memory", bypassing the encryption, and the security level is low; sandbox encryption adopts overall protection, and the client computer is in the The file cannot be taken out of the sandbox environment when using it, but it does not affect local use. The file can only be circulated in the sandbox environment, which is quite difficult to crack and has a high security level.
2. Risk of hardware debugging
Now more and more customer needs involve hardware debugging and development, including development board programming , app development, etc. More and more hardware devices have also caused an increasing risk of leaks. File encryption encrypts the content of programming and debugging. If normal debugging is required, the file must be decrypted for debugging, which will cause risks such as counterfeiting hardware devices, debugging and taking away files. Because the sandbox product takes over the file export of the entire computer, when it is necessary to connect and debug, the whole process is still in a protected state, and the debugged files and burned files will be recorded clearly, reducing the risk of leaks.
3. Risk of Data Corruption
Encryption requires decryption, which will cause the risk of decryption failure, which will cause data damage, greatly affect the work of employees, and cause the product to fail to go online. In this regard, sandbox products are far superior to document encryption. Document encryption has direct and frequent encryption and decryption of files, and the data damage rate is high. Encryption of environmental encryption products is performed at the boundary of data transmission. The file itself is not processed, and the file will not be damaged. Judging from previous project experience, file destruction has almost become a synonym for file encryption products and an insurmountable bottleneck (especially in R&D and manufacturing enterprises with complex terminal environments), while such situations will not occur in environmental encryption products.
For sandbox products, all data will be transmitted and applied in clear text without any controlled policies. When going offline, the administrator only needs to uninstall the encryption software to quickly eliminate the impact of the encryption system on the original information system, and the risk of going offline is extremely low.
Through the above comparison, it can basically be concluded that for large and medium-sized R&D and manufacturing enterprises, the concept of overall protection products is more applicable. In the final analysis, the overall protection products pay more attention to the matching and integration with the existing information system and management system, and the document encryption products pay more attention to the influence and change of the operator's usage habits. Therefore, the former requires enterprises to make certain investments and concessions. Ensure the smooth launch of the anti-leakage system, but once it is launched, the operation will be smoother, and later management and maintenance will be easier; the latter is more in line with the current customer's general view of encryption products that "do not leak data and do not affect work", but The potential risks are great; the former is more like a system, the latter is more like software, the former is more suitable for the overall management needs of large and medium-sized enterprises, and the latter is more suitable for the rapid application of small-scale enterprises.