Since the promulgation and implementation of the "Data Security Law", it has become an industry consensus to conduct differentiated management and protection of data based on classification and grading.
The financial industry is a data-intensive highland, and security is the top priority. In view of the variety and content of financial data, facing the increasingly strong security requirements such as large-scale data usage, inclusive data usage, and cross-institutional data sharing, according to regulatory norms And standards, classification and grading measures for data have become a key link in effectively promoting data security construction.
A domestic rural commercial bank (Bank A for short) is the largest local financial institution with the most outlets. As the main financial force in deeply cultivating the region and serving the local “agriculture, rural areas and farmers”, Bank A has paved the way with digital technology in recent years. Through data ecological sharing, customer group deep cultivation and operation, and scenario application access, it has innovated a new business development model and realized the transformation from a departmental bank. Upgrade to process bank and then to open bank for leapfrog development.
With the continuous expansion of business and the rapid increase of data volume, with the increasing data security compliance requirements and the continuous change of data security risk threats, it has become an important task to further strengthen data security management and control capabilities, and to adhere to the synchronization of security and digital development.
At present, there are a large number of different types of data in different business systems of Bank A, and there are many highly sensitive dark data. With the rapid iteration of business, the data usage scenarios are increasing day by day, and the changes of sensitive data are more frequent, which brings great harm to the protection of sensitive data. It is more difficult, and adopting a "one size fits all" data security protection requires a lot of security investment, which is easy to cause waste of resources and burdens data security management.
Based on this, Meichuang Technology provides Bank A with a data security management and control construction plan based on classification and classification.
In terms of the specific implementation process, at present, Meichuang’s dark data discovery and classification and grading system has been based on a large number of industry practices and standard research. It has built-in data classification and grading templates for rural commercial banks, rich business types and discovery rules, and a large number of financial data standards. use.
Through the automatic scanning and identification of the data source of the core system of Bank A, information such as the number, IP, port, and type of the database is found, and after the identification of the business type of the field is completed, the data classification and classification is intelligently completed according to the classification and classification strategy.
Data classification and grading results are linked with database waterproof dams and data desensitization products to match fine-grained security policies, realizing database operation and maintenance security management and control and efficient and precise desensitization capabilities centered on "identity + data", effectively reducing The overall construction cost of the implementation of data security technology capabilities, and the quality and efficiency of data security management capabilities will increase.
Intelligent tool support
Complete efficient data classification and classification
Classification and grading are the basis for the implementation of the entire data security measure, so intelligent and accurate data identification capabilities are the most important capabilities.
The dark data discovery, classification and grading system relies on natural language processing, feature analysis, machine learning and other technologies to realize accurate automatic data identification, classification and grading, saving a lot of labor costs. Finally, according to the affected objects and the degree of impact after the data security is damaged, the data security level is divided into 5 levels from high to low.
During the classification and grading process, the dark data discovery and classification and grading system are visualized to display the classification and security level of each field, and at the same time display the classification and grading results in the form of reports, including sensitive data distribution, data classification, data grading, etc.
Classification and classification linkage
Build a refined security management and control system
◼︎Realize fine-grained operation and maintenance security management and control based on classification and classification
The data operation and maintenance environment of Bank A is complex, involving a large number of personnel, and there are risks such as unauthorized access to sensitive data, misoperation of operation and maintenance, and high-risk instructions.
The database waterproof dam integrates multiple functions such as sensitive data discovery and management, multi-factor identity access mechanism, dynamic access control, sensitive data desensitization, misuse recovery, and compliance auditing. Sensitive data security access and operation and maintenance operation behavior control.
In this practice, the database waterproof dam accurately identifies the identity of the front-end operator through multi-factor authentication, and through linkage with the classification and grading system, based on the classification and grading results, it effectively provides a basis for subsequent access control strategies and accurately identifies the sensitive level of the operated data , to restrict the operation of sensitive data at level 3 and above (refer to the "Financial Data Security Data Lifecycle Security Specification"), to achieve fine-grained security control of sensitive data down to columns, and to ensure the security of data operation and maintenance scenarios.
◼︎Improve data desensitization efficiency and accuracy based on classification and grading
A large amount of production data in line A often needs to be accurately desensitized and then transferred to a non-production environment for development and testing. It is easy to cause inaccurate information such as sensitive data tables and fields obtained, and then cause the desensitized data to fail to achieve the expected goals of "usable, compliant, safe, and efficient".
Meichuang’s static data desensitization system has a built-in flexible and rich desensitization algorithm. Through linkage with the dark data discovery and classification and grading system, it can accurately identify level 3 and level 4 data in the core database, which greatly reduces the risk of sensitive data remaining after desensitization. field phenomenon. When data is needed in the development and testing process, the data desensitization system can desensitize and deform different types of data in different ways by defining precise and flexible data desensitization strategies, so as to ensure that the characteristics of the desensitized data are consistent to the greatest extent consistency, logical consistency, and business rule relevance, thus improving the efficiency and accuracy of desensitization with differentiated desensitization methods.
In the mighty wave of digital transformation, the premise of unlocking the value of data is to build a solid line of defense for data security. As an important step towards refined data security management, data classification and classification are imperative.
As a pioneer and practitioner, Meichuang Technology has helped users' data classification and classification to be implemented quickly and effectively in the fields of big data bureaus, human resources and social organizations, energy, finance, medical care, real estate, enterprises, transportation, and education. Based on rich industry practice, Meichuang Technology is also constantly promoting the exploration and practice of data classification and classification, in order to protect the acceleration of digitalization with security and make data The elements circulate freely.