In the big data environment, through the data generated by individual users' network activities, the user's age, occupation, behavioral patterns and interests can be clearly analyzed. Especially with the application and popularization of e-commerce and mobile networks, individual users' addresses, contact information and bank account information can also be obtained through big data mining or web crawlers. Therefore, the pressure on personal information security management has increased, and user personal information leakage incidents occur from time to time. Unexplained sales calls, fraudulent calls, and stolen bank deposits, among other illegal activities, have been repeatedly banned. Therefore, as data persons, it is necessary for us to understand the key technologies for personal information security under big data and provide protection for personal information security.
Recently, the central bank issued a draft of the "Data Security Management Measures in the Business Areas of the People's Bank of China" (hereinafter referred to as the "Management Measures"), which fully integrates the "Data Security Law" in the form of departmental normative documents and details the People's Bank of China Bottom line requirements for data security compliance in business areas. As a company with finance as its core business, how to implement it is an important issue for the data governance team.
1. Classification and grading
The "Management Measures" emphasize that data processors should establish data classification and classification system procedures and standardize classification and classification work operating procedures; refer to industry standards, establish business classifications based on business development, sort out and refine the data resource directory, and identify whether each data item is personal information. , Data source (generated by production, operation and processing, external collection, etc.), list of information systems that store the data items and the business category of the application.
The "Management Measures" further propose specific grading requirements for data sensitivity tiers and data availability tiers. In terms of data classification requirements, data are divided into three levels: general, important and core according to accuracy, scale and impact on national security. On the basis of data classification, data processors should refer to industry standards and further divide the sensitivity of data items into five levels from low to high, from one to five.
Data classification and grading is a basic project for refined data protection and data value enhancement.
To this end, we have formulated and released data classification and grading standards, clarified the four-level data management mechanism from L1 to L4, and carried out unified marking and management through the star map metadata system. Data assets are automatically scanned periodically through the Changan system to target different Security-level data adopts a strict data application approval process, and the permissions, operations, flow direction, etc. of sensitive data are monitored afterwards, achieving closed-loop management of enterprise data classification and classification.
2. Data usage security control
The "Management Measures" emphasize that data processors should strictly manage the establishment and permissions of various business processing accounts, database administrators and other privileged accounts in the information system in accordance with the principles of minimum necessity and separation of duties, encourage the construction of technology platforms, and adopt unified authentication and unified authorization strategies. Further strengthen management and control. And establish unified log specifications to clarify the information required for traceability that should be fully recorded in data processing activity logs.
The "Management Measures" further propose risk prevention measures involving the export and use of data items above the third level. In principle, security protection measures such as encryption, digital watermarking or desensitization should be given priority. When the information system interface displays data items above the third level, in principle, priority should be given to desensitization before display. Data processors should establish terminal device security management and control strategies, and encourage the adoption of security protection measures such as security sandboxes and terminal behavior control for terminals that use data items above the third level.
We analyzed the security risks in the data life cycle and proposed corresponding technical measures. The data life cycle includes stages such as data collection, data transmission, data storage, data processing, data exchange and data destruction. During the data collection stage, data collectors must prevent personal information subjects from collecting and illegally obtaining data without authorization, and personal information owners must prevent unauthorized collection. During the data transmission stage, the implementation of the security policy during the transmission of personal information is monitored to prevent leakage of sensitive data and denial of identity of both parties to the data transmission that may occur during the transmission process. During the data storage stage, the security of data storage is ensured. Data desensitization or encryption can be used to ensure data storage security and minimize sensitive data content. During the data processing stage, only legitimate personnel can see legitimate data, and unauthorized users cannot see unauthorized personal information data. In the data exchange stage, the data transfer and sharing process must have clear records and approval processes to understand the data flow process. In the data destruction stage, in order to avoid data leakage caused by incomplete information elimination, if the original data cannot be restored, the data should be forcibly erased or desensitized. Network protection technologies are required at every stage of the data lifecycle. The relationship between life cycle stages and protection technologies is many-to-many, that is, one stage corresponds to multiple technologies, and one technology provides security protection in multiple stages. The corresponding relationship between the life cycle of personal information in big data and protection technology is shown in Figure 1.
Figure 1 Life cycle and protection technology of personal information in big data
Regarding the correspondence between the life cycle of personal information and protection technologies in big data shown in Figure 1, each data protection technology corresponds to one or more life cycle stages. "Security audit" corresponds to 6 life cycle stages. Access control “corresponds to five life cycle stages.” "Authorization", "traceability audit" and "data desensitization" correspond to the four life cycle stages respectively. "Leakage plugging" and "regional restriction" correspond to 3 life cycle stages respectively. Data encryption "corresponds to two life cycle stages". Data backup" and "secure erasure" each correspond to one life cycle stage. Data protection technologies corresponding to more than 4 or equal to 4 life cycle stages are defined as key technologies. Therefore, this article focuses on elaborating on the key technologies for personal information security protection under big data, including "authorization", "access control", "security audit", "traceability audit" and "data desensitization".
2.1 Authorization
A license is a business deployment in which one person allows another person to use their products, services, or certain information. An individual can be an individual, unit, organization, company, enterprise, etc. The specific content of the license is based on the consensus reached by both parties on the basis of equality and voluntariness, and it also needs to adapt to the relevant provisions of the law.
There are three types of licenses commonly used in big data application fields: First, certification technology. Confirm the identity of the operator in the computer and network system to determine whether the user has access to a certain resource and usage rights, so that the access policy of the computer and network system can be reliably executed. Prevent attackers from impersonating legitimate users to obtain resource access rights, ensure the security of systems and data, and protect the legitimate interests of authorized visitors. Second is the Kerberos protocol, which provides authentication services to client/server applications through a key system. The implementation of the authentication process does not rely on the authentication of the host operating system, does not require trust based on host addresses, does not require the physical security of all hosts on the network, and assumes that data packets transmitted on the network can be read, modified and inserted arbitrarily. Third, multi-tenancy, which is a software architecture technology that shares the same system or program components in a multi-user environment while still ensuring data isolation between users.
2.2 Access control
Access control policies are security measures for possible illegal operations and are the basis for preventing, controlling, and alerting illegal operations. Unlike the access standards of traditional control methods, big data access control has a certain degree of flexibility, and standards can be quickly adjusted under different access environments to meet the sensitivity requirements of the access control model. The access restriction policy stipulates the time range and IP address range that the platform allows access to. All access within the disallowed scope will be denied. Access control is performed by proxies. Agent service is a very important part of the big data platform and is also the only way for users to access the big data system. Access authentication, control, certification, and operation records are all completed by the agent.
The API access proxy is a component that actually sends operation requests to the big data platform. All user operations on the portal big data platform are forwarded by the agent, and the agent determines whether the operation is authorized before execution. Unauthorized, no action is performed, user is prompted through the portal. At the same time, the agent analyzes whether the operation content contains sensitive data. If the content contains sensitive data, the proxy blocks or allows the request based on preset sensitive data access policies. The agent service receives the user permission information configured by the management platform, determines the user permissions based on the permission information, and controls the user's access to the big data platform. Users access the big data platform through the unified access portal, and the unified view forwards specific operation requests to the agent service. If the user does not have operation permission, the proxy service will block the access request. If the user has relevant operation permissions, the proxy service forwards the access operation to the corresponding big data platform component and returns the access operation result to the user.
2.3 Data desensitization
Data desensitization is to convert some sensitive information through desensitization rules to achieve reliable protection of sensitive private data. Its essence is to collect a large number of original samples in a large database and screen them. When customer security data or some commercially sensitive data is involved, real data will be transformed and provided for testing without violating system rules, including personal information such as ID number, mobile phone number, card number, and customer name. Data desensitization is completed by the data desensitization management platform, and the architecture is shown in Figure 2.
Data desensitization technology can be roughly divided into two categories: static data desensitization and dynamic data desensitization. Static data desensitization is generally performed on non-real-time access data. Before desensitization, set the desensitization strategy uniformly and import the desensitization results into a new file or database. The data desensitization tool performs a full scan of the static data and uses the sensitive data feature library formed after sampling to match and desensitize the data. Dynamic data desensitization generally refers to desensitizing the accessed data or data flow. Desensitization rules can be modified in real time. Masking only applies to the data passed by the data masking tool, and the masking results will be displayed to the user. On the basis of static desensitization, explore real-time desensitization technology, expand structured data, and explore dynamic desensitization of unstructured data, including large database platforms and text files.
Data desensitization will lead to increased operation and maintenance costs. Companies need to set realistic desensitization goals based on actual circumstances. Masking technology includes sensitive information fields, sensitive information names, sensitivity levels or types, etc. These must be determined when data is masked to ensure better customer service. Desensitization strategies are collectively referred to as desensitization rules, specifications, desensitization methods, and desensitization restrictions. First, users need to formulate desensitization rules for sensitive data, which can be achieved with the help of global data and user settings, as well as personal settings. Desensitization specifications actually require users to follow relevant specifications and laws during desensitization work, which ultimately makes management more convenient or further improves security.
Figure 2 Data desensitization management platform architecture
3.Risk monitoring, assessment auditing and incident handling
The "Management Measures" emphasize that data processors should establish a security risk monitoring and alerting mechanism for data processing activities, strengthen data security risk intelligence monitoring, verification, processing and sharing with the industry, formulate data security incident grading and determination standards and emergency plans, and standardize emergency drills, Incident handling, risk assessment and auditing, etc.
The "Management Measures" further propose that data processors should refine and control the permissions of data security risk assessors and auditors to use data, and take effective measures to ensure the safety of the implementation process. Encourage data processors to establish technology platforms and establish unified security management and control strategies for data security risk assessment and auditing.
We can comprehensively collect user data usage behavior, data security level, personnel information, permission allocation and other link monitoring information through security audit and traceability audit to build data security situation awareness capabilities. When we find that there are accounts, interfaces, data access behaviors, data When copying screenshots and data export risks, an alarm prompt will be issued according to the corresponding alarm rules, and the account that triggered the alarm, the alarm content, and all previous operations of the account can be displayed, so that the account can be traced to the source of risks.
3.1 Security audit
Big data audit means that the audit agency follows the big data concept, uses big data technical means and tools, and uses massive economic and social operation data from scattered sources and diverse formats to conduct in-depth cross-level, cross-regional, cross-system, cross-department, and cross-business Mining and analysis to improve the audit's ability to detect problems, evaluate problems and macro analysis. Compared with data auditing, big data auditing uses more heterogeneous data sources, uses more complex and advanced technical methods, and has more keen and profound insights into the data.
In the era of big data, security auditing has undergone fundamental changes, from sampling analysis to full data analysis, from discovering the causal relationship of things to utilizing the correlation of things, and from pursuing data accuracy to improving data usage efficiency. In the process of using big data technology to conduct security audits, a large amount of data needs to be analyzed and collected to ensure the quality of heterogeneous data processing. The use of big data technology to build a security audit system optimizes the following points: improving storage, collection, and analysis capabilities. Improve your ability to process unstructured data. Analyze historical information data more deeply and mine valuable information for users from large amounts of data.
The log-based audit method mainly combines Hadoop component logs and metadata for combined analysis. Restore the user's operations without the big data platform being aware of it. The corresponding log file collector is deployed on the server of the big data platform, does not analyze the log data in depth and imposes a relatively small load on the server. However, this approach relies on the accuracy of logging.
Network traffic audit collects, filters and analyzes network traffic data in and out of the server to restore user operations. Network traffic data can be collected and analyzed through deep packet inspection technology, which is an application layer-based traffic detection and control technology. When IP data packets, TCP or UDP data flows pass through the bandwidth management system based on DPI technology, the application layer information of the OSI seven-layer protocol is reassembled by reading the IP data packet payload content to obtain the content of the entire application program. Then perform traffic shaping according to the management policy defined by the system. Because this mode requires the capture and analysis of network packets, it is very difficult to implement and will also increase the load on the server.
3.2 Traceability audit
Traceability auditing is to find out the evolution process of data products, form metadata that can accurately express data characteristics and object history, and provide structured guidance for the analysis and understanding of complex data in data-intensive systems. Traceability audit focuses on the data source detection, data creation and dissemination process in data-intensive systems. By recording the derivation process information and workflow evolution process of data products, metadata is formed that contains object historical information and accurately expresses data characteristics, presents structured data, and promotes information disclosure and the derivation of actionable information. Analyzing and understanding complex data in big data systems is of great value.
Traceability information collection technology includes three aspects: traceability collection, traceability elements and traceability models. Traceability collection focuses on how to collect traceability information from the object system, including collection intensity, collection method, collection time and data version control. After the traceability elements collect reliable data from different terminals, they mainly solve the key data that should be included in the traceability information, and summarize the data from different sources to form standardized data. The traceability model is a formal description of standardized data. With the help of the traceability model, correlations between data can be mined from standardized data in sequence, mapping between standardized data and structured data can be achieved, structured data can be presented and persisted, and information disclosure and derivation of actionable information can be promoted.
3.3 Event handling
Incident handling is a management mechanism that includes monitoring and early warning of data security risks, emergency response, and subsequent investigation and evaluation. For personal information leakage incidents, we must first determine the basic situation of personal information leakage, investigate the cause of the leakage from the IT level, and take measures to strengthen security and eradicate the cause of the incident.
Relevant business departments will investigate the causes of leaks from the business level. If there are non-compliant operations or unreasonable processes that lead to data leaks, they will make rectifications in a timely manner.
The public relations department determines the disclosure standards for personal information leakage incidents and organizes relevant departments to disclose personal information leakage incidents; the company's legal affairs department reports relevant information about personal information leakage incidents to regulatory authorities as appropriate; the customer service department follows the public relations standards and conducts consultations on security incidents related to customer service calls. Answer the questions unanimously; notify the personal information subject of the personal information leakage by sending group text messages to customers; the relevant business R&D team updates the personal information leakage announcement on the system in accordance with the public relations caliber; the risk management department reports illegal activities to the public security organs Report the crime and hold relevant personnel accountable.
4. Summary
In the new era of complete digitization of personal information, with the development of big data technology, security issues have become increasingly prominent. The more individual activities in the online world, the more data are generated, and the more resources and resource values can be mined from personal information collections. The "Management Measures" issued by the central bank focus on personal information security risks in the financial industry, strengthen asset control capabilities through data classification and classification, clarify management and technical requirements covering the entire life cycle of data, strengthen endogenous security capabilities, and combine assessment, disposal, and audit measures to Realize continuous iterative optimization of data security system work. On the basis of bridging existing laws and regulations, we will effectively ensure the orderly development of data security in the financial industry. The "Management Measures" not only reflect the financial industry regulatory authorities' in-depth observation of the industry's data security construction work, but also systematically promote the data security construction path from the compliance level, which is of great significance to the practical work of data processors in the financial industry. We have adopted relatively advanced technologies in some aspects and achieved certain results, such as classification, classification and access control; however, some aspects still need to be strengthened, such as authorization, traceability audit, etc. It is hoped that this article can promote the application of key technologies for personal information security protection, improve the data security factor, ensure the security of users' personal information, create a compliant data sharing and use environment, and promote the value of data assets.
references
[1] How does Jidian Technology implement the "Data Security Management Measures in the Business Areas of the People's Bank of China". https://www.sohu.com/a/708329020_121292904
Author: JD Technology Li Ranhui
Source: JD Cloud Developer Community Please indicate the source when reprinting
Broadcom announced the termination of the existing VMware partner program . Site B crashed twice, Tencent's "3.29" level one incident... Taking stock of the top ten downtime incidents in 2023, Vue 3.4 "Slam Dunk" released, Yakult confirmed 95G data Leaked MySQL 5.7, Moqu, Li Tiaotiao... Taking stock of the (open source) projects and websites that will be "stopped" in 2023 "2023 China Open Source Developer Report" is officially released Looking back at the IDE 30 years ago: only TUI, bright background color …… Julia 1.10 officially released Rust 1.75.0 released NVIDIA launched GeForce RTX 4090 D specially for sale in China