What is the data? Micronet believes that it may be music, time, 1234, or hard disk, system, binary code... It is defined in Wikipedia that data are digital characteristics or information obtained through observation. More professionally, data is a collection of the quality or quantity of one or more people or things.
Information technology is changing with each passing day, and technology is developing vigorously. Information has become a strategic material as important as water and electricity. Micronet believes that it has become the core asset and lifeline of enterprises. With the continuous promotion and deepening of the national big data strategy, how to manage data security has become a serious challenge. Among the numerous data security capabilities, it is difficult for us to build our own security system, and there is also a lack of instructive data security products in the industry.
In March 2010, the national standard GB/T 37988-2019 Information Security Technology Data Security Capability Maturity Model clearly proposed the basic concept of data security management, that is, data centric, from the perspective of the data life cycle within the business scope of the organization, combined with the security requirements of the organization after the development of various types of data business, Carry out data security work.
Integration of Huawei Cloud Core Data Protection Capability by Huawei Cloud Data Security Center
DSC (Data Security Center, or DSC for short) is a blockbuster service launched by Huawei Cloud this year. Starting from the entire life cycle of data, it is built around the stages of data collection, transmission, storage, processing, use, exchange and destruction. Today, the data security functions of the cloud have actually been dispersed in various services, such as VPN, security group, SSL certificate, and integrated encryption functions such as ECS, RDS, and OBS. The Data Security Center is responsible for integrating decentralized data security capabilities and providing a unified perspective from the perspective of tenants.
Data security means that data security at each stage of data transmission is composed of data security at different stages. In other words, if data security at one stage is strong and there are no protection measures at the other stage, the overall impact on data security will be small. Each specific stage is explained below.
Data collection: refers to the generation of new data within an organization's internal system and the collection of data from outside. The security focus of this stage is to identify and prevent, identify whether there is sensitive information in the newly collected data, whether there is risk after leakage, and decide what technical means to protect sensitive data. By building an automatic data identification engine, Huawei Cloud Data Security Center can present the overall risk when generating data, support 200 data formats, support structured data and unstructured data, and truly achieve full coverage of scenarios.
Data transmission: refers to the flow of data from one entity to another within an organization. Security at this stage focuses on authentication and encryption. The most common attacks in the data transmission process are eavesdropping, sniffing and man in the middle attacks. The common feature of these attacks is that they take advantage of the insecurity of the transmission channel, such as the lack of authentication, verification and encryption of message information. In this way, SSL/TLS encrypted communication and public and private certificate identity verification (certificate link) are open Can effectively prevent data security risks at this stage. By connecting VPN, cloud connection, certificate and other services, the data security center can continuously monitor the status of the transmission channel.
DataStore: The stage of physical storage or cloud storage of data in any digital format. The security of this phase is to ensure the availability of data and reasonable access permissions. At this stage, the data security center mainly monitors the encryption status of files in the OBS bucket. The OBS files support transparent encryption by default and ciphertext storage on the cloud to ensure the security of data on the cloud.
Data utilization: refers to the stage in which the organization calculates, analyzes and visualizes data internally. Data is flowing, and many risks are generated in the process of data flow. Through behavioral analysis of data use, some possible leakage events can be identified in advance. For example, an employee who is about to leave the company downloaded a large number of confidential documents before he left, hoping to bring them to the next company. This batch downloading behavior is an abnormal behavior, which deviates from the inherent work path of employees. By building a deep learning behavior recognition capability, the data security center can identify abnormal behaviors in advance and give an alarm in time, thus blocking data leakage events to the source.
Data exchange: refers to the stage of data exchange between organizations and external organizations and individuals. Exchange of data means that the data will flow out of the system or organization, which is difficult to control. Therefore, the risk of data leakage needs to be controlled before the outflow. Huawei Cloud Data Security Center provides data desensitization and watermarking functions, which not only ensure that sensitive information can be desensitized during data exchange, but also mark the exchanged data streams, files, pictures, etc. with watermark information to ensure data leakage traceability.
Data destruction: refers to the process of data destruction. It refers to the operation of data in an appropriate way through data and data storage media, so that the data will disappear completely and cannot be recovered. In the destruction phase of customer content data, Huawei Cloud will completely clear the specified data and all its copies. After the user confirms the deletion, Huawei Cloud first deletes the index relationship between the user and the data, and then performs the zeroing operation before reallocating memory, block storage and other storage space to ensure that the relevant data and information cannot be recovered. When the physical storage media is scrapped, Huawei Cloud ensures that the data on the storage media cannot be recovered by degaussing, breaking or breaking the storage media.
The above is the micro network for How to ensure the full life cycle security of enterprise data assets summary I believe that the friends who have read this article should also be right How to ensure the full life cycle security of enterprise data assets With a deeper understanding, about Full life cycle security of enterprise data assets Your fear should not be so great 。 If you want to know more about it, please follow the industry news channel of Micronet News Center or contact us. Micronet will serve you wholeheartedly.
