Facing challenges from data security and applications, how should enterprises ensure data security and release data value?
Enterprise data security and application challenges
With the surging of emerging technologies such as cloud computing and big data, massive amounts of data are produced every day, and more and more companies are becoming accustomed to using this data to develop products and serve customers. In a sense, data has become the driving force for enterprise innovation and development. A 2023 report from Accenture even pointed out that 90% of business executives believe that data has become a key factor in competition within an organization and across industries.
However, many companies have also found in practice that there is often a contradictory relationship between security compliance and data applications. The compliance team needs to ensure that sensitive data can be effectively identified and reasonably protected and stored; the data + business team needs to collaborate efficiently while ensuring data security; the operations and security team hopes to meet all data security-related requirements within their own scope. needs and respond to the challenges it brings... So in the era of digital economy, how can companies better achieve innovative growth through data assets? How can we maximize the circulation and application of data and further release the commercial value of data assets while ensuring the security and compliance of the data itself?
“Through our daily work observations, we see that users hope that: sensitive data in their own business data can be easily identified and effectively protected; the enterprise’s data consumption team can easily and quickly find valuable data assets within the enterprise and Quickly utilize it; enterprises can carry out safe and efficient data sharing and collaborative analysis with partners and upstream and downstream enterprises in the industry; at the same time, all data operations and security events can be uniformly monitored and managed to help the security team specify Reasonable security incident strategies and rapid response." Chen Xiaojian, general manager of Amazon Cloud Technology Greater China Product Department, told Fun Technology.
Chen Xiaojian pointed out that Amazon Cloud Technology summarizes the challenges faced by enterprises in data security compliance and circulation applications into four aspects, namely the identification, visibility, collaboration of business data, and the operability of security data. Amazon Cloud Technology has been working hard to provide innovative services and solutions for these four scenarios to help users better deal with these challenges.
Data identification
In terms of data identification, how can Amazon Cloud Technology help users identify sensitive data and calmly deal with compliance challenges?
In recent years, data compliance has become a hot topic that more and more companies are paying close attention to. From the European Union's GDPR to the United States' ADPPA, privacy protection bills or related bills to strengthen privacy protection have been introduced in various parts of the world. In particular, China has also formulated the Personal Information Protection Law, the Measures for the Security Assessment of Data Transfer Abroad, and the Regulations on the Management of Network Data Security to protect private data and sensitive data, and has put forward specific provisions on the definition and use of personal data and sensitive data. Require.
Chen Xiaojian pointed out that for enterprises to achieve data security and compliance, they need the cooperation of people, processes, and tools across the entire chain. Providing the most appropriate tools for users' business and computing loads has always been the direction of Amazon Cloud Technology's investment. Including the discovery and identification of sensitive data, Amazon Cloud Technology also works with partners to provide value to users through customized tools, products and solutions such as Sensitive Data Protection on Amazon Web Services (SDP).
Using machine learning, pattern matching and other methods to automatically identify sensitive data, the sensitive data protection solution SDP allows customers to create data directories and define sensitive data types using built-in or customized data identification rules. The solution also provides a centralized management platform that allows customers to visually manage sensitive data assets through web applications. Through sensitive data protection solutions, customers can accelerate business data compliance and pave the way for the next step to unlock data value. This solution can be used in application scenarios where the existing data is large and scattered, and it is necessary to discover scattered data, and when it is difficult to judge the data type, automatically identify the data type according to compliance requirements and improve accuracy, etc. .
data visible
How can we ensure that data can be discovered, shared and collaborated securely and effectively within the organization? Chen Xiaojian pointed out that data visibility is the prerequisite for different roles in the enterprise to effectively mine the value of data, and it is also the basis for efficient collaboration between different governance models.
Regarding the collaboration methods between data teams and business teams, the two most common types are centralized and federated. The centralized type means that the people responsible for governance operations are mainly concentrated in the data team and are responsible for all governance work. This method has a simpler structure, is easy to implement and control, can achieve rapid decision-making and efficient execution, and is more suitable for just starting data analysis. journeys and customers of smaller organizations; while federated is where the overall governance principles/policies have specific teams responsible, but the people responsible for governance operations can be dispersed across business lines, so that business units can own their own data and be under the oversight of the organization Make decisions to meet their specific needs and goals, more suitable for medium and large enterprises with multiple BUs or multinational enterprises. Both collaboration methods require efficient collaboration among multiple roles, especially the federated one, which has an extremely urgent need for "data visibility".
In the context of such customer needs, in order to allow everyone to see and unlock data, Amazon Cloud Technology launched a new data management service in 2022-Amazon DataZone. The service makes it faster and easier for customers to catalog, discover, share and govern data stored in Amazon Cloud Technology, customers' on-premises and third-party sources, while using granular control tools to manage and govern data access to ensure Data access occurs with the correct permissions and under the correct context. The service also allows data developers, data scientists, analysts and business users to easily access data across the organization to discover, use and collaborate on data to gain insights.
Multi-party collaboration
Through multi-party collaboration, data can be safely shared and analyzed, which requires upstream and downstream data collaboration in the industry to innovate quickly, while also injecting vitality into innovation.
Chen Xiaojian pointed out that in actual scenarios, all participants in data collaboration need to face the trade-off between data protection and business value security. Some companies implement data collaboration by providing copies of data to partners and relying on contractual agreements to prevent abuse. But it is obvious that this method still generates data movement, and there is a risk of data misuse and leakage.
In order to solve such problems, Amazon Cloud Technology launched Amazon Clean Rooms, which enables matching, analyzing and collaborating with each other's data without moving or exposing the original data, and safely achieving data analysis collaboration. Through this tool, users can create a secure data Clean Room in a few minutes and achieve multi-party collaboration on data by creating collaborative projects. Data providers can not only protect data through data pre-encryption, but also because all members contribute data directly from their own Amazon S3, only data query and analysis without data movement is truly realized. It is worth mentioning that this tool also provides a dense computing environment. The data provider in the Clean Rooms environment can complete data analysis operations in an encrypted form, and decrypt and return the analysis results. The data is securely obtained. While maximizing protection, it also fully exploits the value of data among collaborators.
In the era of generative AI, companies need more third-party data for collaborative innovation. But for most companies, it is not easy to obtain third-party data. For this purpose, Amazon Cloud Technology provides a tool, Amazon Data Exchange, which allows users to greatly simplify the process of obtaining third-party data. Chen Xiaojian said that Amazon Data Exchange has provided more than 3,500 kinds of third-party data. The data sources include finance, weather, geospatial, health care and many other industries and fields, allowing users to easily find, subscribe and use it on the cloud. The third-party data you want. The tool also supports multiple access methods including Amazon S3 injection, query tables, and API calls. In addition, due to the integration of Amazon Cloud Technology's identity and access control management system (IAM) to set permissions and monitor the actual access process, all data is encrypted when stored and transmitted in Amazon Data Exchange, effectively protecting users of data security.
Data is actionable
For security data, Amazon Cloud Technology advocates achieving data operability, that is, unified management and analysis of security logs.
"All customers will face a problem after their business develops: the IT systems behind them are becoming more and more complex, and more and more IT suppliers are required. Looking at the overall background, we see an increasingly obvious The trend is that customers are paying more and more attention to security work, and are also focusing on how to do this work more efficiently. In the 2022 key network security trends released by Gartner, the integration of security suppliers ranked 4th. In 2020 In 2017, 29% of customers were seeking the integration of security suppliers. Just two years later, this number will become 75% in 2022." Chen Xiaojian revealed.
Chen Xiaojian pointed out that it is quite challenging and difficult for enterprises to integrate security vendors in a short period of time. Amazon Cloud Technology’s solution is to establish a security data paste to uniformly manage logs from different vendors and allow these Logs can be used for analysis of security events.
For users, Amazon Security Lake can automatically centralize security data from multi-cloud, local and third parties into a specially built data lake, and has multiple features: First, it can automatically collect and store Amazon Cloud Technology security products ( Such as Amazon GuardDuty, Amazon Security Hub) logs, as well as the logs of third-party and offline security devices, and use the OCSF unified format; second, use Amazon S3 to centrally store logs, which can make full use of the storage performance of Amazon S3 and divide the logs into Third, like other services provided by Amazon Cloud Technology, the security of the data lake itself is guaranteed by Amazon Cloud Technology. For example, it integrates Amazon Cloud Technology’s encryption service Amazon KMS, which can realize automatic encryption. manage.
"Today is an era of data explosion. After entering 2023, cloud businesses will become more and more complex. The business development of enterprises and the expansion of data scale will also bring about the identification, visibility, collaboration, and operability of data, etc. challenges. Only by truly realizing data security can the value behind the data be released." Chen Xiaojian said, "Amazon Cloud Technology has made security our highest priority from the first day, and has relied on cloud-native security features and powerful Data analysis tools provide full protection for enterprise users to go to the cloud and achieve data security, compliance and data collaboration, and create a future together with users."
