Cognitive managers decided to build enterprise data security can really play value
Q1: data security incidents occurred in recent years can say that the degree uncommon, present and future, in your opinion a longer period of time, enterprises are faced with what critical data security risks and challenges?
A1 : First of all I think it is actually not a new topic for businesses' data security. "
Why do you say? Enterprise exists in the society, in order to ensure their continued normal operation, there will be a series of internal staff collaboration from the date of birth, foreign will and other personal and business dealings occur. So inevitably there will be in the process of information exchange, information exchange will naturally have a data security risk.
Why do we have to mention this subject? Because the exchange of operational information for businesses persist.
With the evolution of modern society, science and technology, rapid development and application of information technology, making the extent of the industry of information technology to enhance the data society as a whole is growing at an unprecedented rate of rapid growth, showing a number of large, wide source and variety the characteristics of the data to infiltrate all walks of life, and gradually become an important factor of production enterprises.
The age data has been everywhere, go hand in hand, the subject we are discussing today is the big data as the background to start to discuss issues related to data security, data security is not traditional. From this perspective, it would be a new topic.
Although the concept of comparative point of view in a single data security this topic, but in fact wide coverage, full content, but also involves a number of important factors.
So for businesses, security risks and challenges which face is actually a relatively large topic, from my own point of view, can be divided into three areas:
The first is the regulatory aspects of the process . With cloud computing, the gradual application of big data technology, its own form of data, how the data are used in the growing and changing, and this trend will become faster and faster. Then the business in this trend on how to ensure a systematic regulatory process, are elements of contemporary priorities.
Second, the system construction . Data Security itself does not generate value, so a lot of time at the beginning of the construction of the system in order to quickly build, often related to the ability to secure lower priority, even in the absence of a long period of time. Streaking data in the system, once the data leak will cause unpredictable losses.
On the other hand due to the neglect of the security capabilities of the system at the beginning of the construction, resulting in increased security capabilities of the latter will become more difficult, or even need to adjust the system architecture, the invisible increased input costs.
Finally, managers cognition . With this year to large and small data security incidents occur frequently, to businesses and individuals brought serious consequences, corporate management in the basic agreement on the highly secure data.
If you are ready to join the big data and big data regarding the current 2019
[Prospects] poke me read
[Jobs] poke me read
[Salary] Big Data poke me read
[Line] complete learning poke me read
Focus on micro-channel public number itdaima get a full set of development tools, as well as large data entry learning materials
But only on the cognitive ideology it is not enough to do, even for the safety of construction enterprises counterproductive. If managers focus only on the data itself, it will lead to the construction of the security system of one-sided, and ultimately unable to achieve the effect of data security management and control. As everyone knows not only to protect data security at the data level.
Conversely, if data security managers go large construction route, this goal may always be in the water, Flower in the Mirror, Looks good, but can not reach. I think the last point is the most important point, which determines the ability of the business to really implement the construction of data security and play their value.
How to develop data security governance program is truly effective
Q2: the face of these data security risks, you developed and implemented really have any suggestions on safety management program to be effective in?
A2 : As I said before, building enterprise data security system is a very big topic, I combine my work done, talk about some specific issues and challenges in the process of building large data centers face and solve ideas and programs.
With the company's development, adjustment of product form, product coverage more widely, the data level data showing massive, decentralized storage, versatile features.
Large data center midfield department as the company's data, in addition to building their own data platform and service capabilities, but also the face of data analysis requirements from various business units, security-related problems encountered during the processing of the various data needs of these.
Centralized data storage, how do the right data management and data access platform separation? Each business unit has multiple roles, each corresponding data permissions may be different, how to control? Once the data leakage risk, if done traceable? How secure data sharing across the product?
There are many issues like this, these issues to the development of large data centers presents a number of challenges, it can be summarized in four aspects:
Platform-level protection : the traditional access control systems usually function as the center of the design by controlling user access to functions to achieve the purpose of access control. This control method has been stretched in a large data center, such as analysis of data for the same function, the analyst only operation data of different products of the product;
Data protection level : large data center for all the company's products provide the ability to be responsible for data processing, then the business data flow on the platform every day, how to control data access platform engineer to business data;
Audit and risk prevention : business forms product determines its system design, in its ongoing evolution, the data model is also evolving, will inevitably continue to produce some of the dirty data, to ensure data quality, data governance will add more links much human intervention, but also increase the risk of data leakage;
Processes and systems : what data can be made public, the scope of disclosure is a multi-wide? Who can use the data for? A business unit wants to use the data to another business unit, what kind of process should go? Deal with these things in a very long time are adopted piecemeal, it looks very flexible in fact no rules at all.
With the development of large data center operations, the impact of these issues have been brought increasingly evident, then how effective solution, so get rid of large data centers more efficient to support the entire company's products?
Actually, the problem "thousands and thousands", the data are "angered disaster." We want to use the data, analyze the data, maximize the value of data, it is inevitable to exposure data, data security issues have consequently.
Begin with the End, we are clearly in the guidance to build a data security system of principles "make the data more secure by using the" goal to create a "data" as the center, with "platform capabilities", "Privacy Management", "regulations process, "three elements, build a data security system with the characteristics of the company, systematic solve data security problems, play a greater value of the data.
It should be noted here that data security risks will always exist, the construction of the security system is to reduce as much as possible the chance of risk, so that data analysts can use more data, allowing developers to focus as much as possible the data in the data application itself.
360 Big Data platform security capacity building
Q3: Can the 360 own experience as an example to analyze its big data platform design ideas in terms of security capabilities, infrastructure construction, as well as practical applications?
A3 : change will certainly bring pain, making safety capacity building big data platform at the beginning, we have encountered many difficulties.
First of all, in terms of governance norms . Data security governance capacity building contains safety regulations, which is bound to solidify governance practices related to data security procedures.
Changes in the process of product departments will be perceived, while the value of the security capacity building and very difficult to be presented to the product, how to balance the middle of contradiction?
Now that the entire company is big data center midfield department, responsible for company-wide support data services, security norms adopted the strategy of top-down governance, joint corporate counsel and privacy-related departments to formulate, finalize the 360 Group Data Security Practices make reasonable use of the data, compliance, legal, governance it also allows us to work more than an understanding, less some resistance.
Secondly, the system of governance . Large data center system construction has reached a certain stage, in accordance with the new system is clearly not suited to design, data security capabilities of the current system and how to smoothly blend is a test for us.
Here to explain many companies at the beginning of the development system, tend to preferentially develop business functions in the system, the security capabilities of lower priority or do some simple security reinforcement capability, when I wanted to wait until the construction of systematic security capabilities has been found not so simple, stay out of the system can transform the space is very limited.
Recalling the system of governance of the process, we did a major reconstruction of two dimensions:
First, the data assets of the system was centered service transformation;
Second, around the whole life cycle of system construction data security data.
Service capabilities allow the system to high cohesion, low coupling, easy to expand system functionality, increased security capabilities, while also reducing the intrusion of the original system; data application lifecycle management to make security a clear range of criteria, which the maximum extent possible to ensure the full coverage of security capabilities.
, Big data security capabilities throughout the platform was a transformation from "point" to the "face" of the original architecture is based on the design.
In the sharing of data , we know that generally the system allows users to save data in a file or in the form of images, and add watermark information to save a file for traceability after the information is illegal distribution, if the user is a single data replication spread the words, systems are often not effectively controlled,
For example, copy and paste the information forwarded by data query results page. There are many similar scenarios, data sharing for these scenarios, we have introduced a plain-text digital watermarking technology to ensure data traceability in the smallest granularity level.
Finally rights management system as an example to talk about a single system . As mentioned above, the old system is mainly to complete the system permissions and authentication function control, unable to support large data centers existing business scenarios, such as data-level access control to different dimensions.
So how to extend and build upon existing permissions model, to fit the current business scenario? We permission to do the expansion, which is defined as "resource + Operation" combination for the menu, page, buttons, tables, fields, tasks, topology, etc. generalization, collectively defined as the resources, both to ensure the data Kam the right to a stable process, but also to respond flexibly to the type of data due to the uncertainty caused by many.
Combined with positioning data center functions and business scenario, the application menu, service, four dimensions of data into the rights management system, the system gives authority to the new location - a one-stop permission control center.
Cool moment on the cloud, a cloud of frost on impulse
Q4: In addition to the construction of big data platform within the enterprise, under the cloud of a general trend in the data, how to ensure data security on the cloud?
A4 : Ten years ago, Amazon launched cloud computing services when the cloud service also few people interested. Now a decade later, with the rapid development of cloud computing, more and more enterprises begin to cloud transition.
Even so, I think the company should first answer a few questions before deciding whether cloud of: Why the cloud? What short-term goals to be achieved by the cloud is? What long-term goal is?
To think through these questions cloud of whether you really need it for their own. Practical applications, cloud based on the value of some companies bring far less than their investment, they can not even support the continued operation and maintenance of late, so this time may need additional resources planning optimization mode.
Is ready for the cloud of enterprises, we must first determine what kind of cloud scheme. Choose public cloud, private cloud or hybrid cloud, different schemes of its data security policy is not the same.
Second, do not rely solely on the data management capabilities of cloud service providers. Cloud platform help achieve centralized management of data, improve data sharing capabilities of enterprises, but also increase the risk of data leakage and loss. The data must have a backup plan to minimize security risks, such as cloudy or off-site storage.
Finally, establish a sound comprehensive cloud service agreement. The cloud of enterprise cloud just beginning, the future of enterprise systems will continue to run in the cloud, cloud platform in the process itself will inevitably not without problems. How to ensure service response speed and efficiency of problem-solving cloud platform, which does not rely solely on the cloud provider service standard itself, but rather with their own business requirements and cloud service providers together to complete the development of the service agreement, so that enterprises, especially small and medium after business problems can have more right to speak, to minimize the loss of business as much as possible.
If you are ready to join the big data and big data regarding the current 2019
[Prospects] poke me read
[Jobs] poke me read
[Salary] Big Data poke me read
[Line] complete learning poke me read
Focus on micro-channel public number itdaima get a full set of development tools, as well as large data entry learning materials
about the author
Xu Hao
Technical Director Ren Qihu now 360 large data centers, data center planning and construction technology team leader, responsible for data center platform work, led and participated in data center platform for a whole new generation of research and development. He Worked Huawei Technologies Co., Ltd., engaged in related research and development platform, involving large data, middleware, cloud and other related fields.