Introduction: The release of data Security Law puts forward higher requirements for enterprises to use and manage data security. Dataphin provides sensitive data identification and protection capabilities based on data classification and desensitization to help enterprises establish compliant data security systems and ensure enterprise data security. In this article, we will talk about Dataphin’s data security capabilities.
Author: Longyi
1. Data security challenges of enterprises
“The Data Security Law of the People’s Republic of China (referred to as the ‘Data Security Law’) was adopted at the 29th session of the Standing Committee of the 13th National People’s Congress on June 10, 2021 and will come into force on September 1, 2021.”
In recent years, with the rise of consumers’ personal awareness and attention to privacy, data security has become an increasingly hot topic. The country has also issued some relevant regulations to regulate the collection and use of data. The official release of the Data Security Law marks that the development and utilization of data and the security of data have officially entered the legal category, thus putting forward higher requirements for the data security control of enterprises.
In the development process of enterprises, if they do not pay attention to the protection of sensitive data and the construction of data security system, then once there is a sensitive data leakage event, the reputation of enterprises will be damaged, the business will be affected; The heavier will contact the law directly, be punished and sanctioned by the competent department. For enterprises, the following measures can be considered to build a compliant data system:
1. Establish a comprehensive data compliance concept. Pay attention to and timely respond to laws and regulations related to data security, and establish an internal security compliance team to design and audit all aspects of enterprise data security.
2, in advance: do a good job of data classification and classification and sensitive data protection. Based on laws and regulations, requirements of competent authorities and the needs of its own industry and business, the enterprise shall establish a data classification and classification system, and formulate corresponding protection strategies for sensitive data.
3, event: risk audit and risk identification. Set up a special data security team, regularly carry out data security risk assessment, timely discover risks, eliminate risks.
4, afterwards: do a good job of accident traceability and remedial measures, strengthen safety measures. After the occurrence of a safety accident, it is necessary to immediately pursue responsibility, and at the same time, according to the severity of the impact, report to the competent department, and immediately stop loss, the impact will be reduced to the minimum.
In this article, we focus on data asset security capabilities, which provide Dataphin with a unified ability to identify and protect sensitive data throughout the data lifecycle. Through data classification and classification, sensitive data identification, sensitive data desensitization and other measures, we help customers establish a sound data security system to ensure the security compliance of data use.
2. Data security capability of Dataphin
As data security is so important, of course, it cannot be governed only by people, but requires a mature set of products and processes to carry out security control. At this time, enterprises are generally faced with the decision of self-built systems and procurement of third-party security systems.
Choosing enterprises to build their own data security products has more disadvantages:
1. Consuming a lot of RESEARCH and development resources, and continuously investing resources for maintenance and upgrading
2. There may be loopholes in the design and implementation of the product, resulting in hidden security risks
3, there is a deviation between production and actual, resulting in unable to fall into the actual production. For example, data security products and data production platform are not closely combined; Product functions do not meet the national data security standards.
Dataphin has the following advantages over self-built data security products:
1, Dataphin data security capabilities, out of the box, to help you quickly build a low-cost data security system
2. The Dataphin data security capability is closely integrated with the data development process to ensure data security on the whole data development link
3. Dataphin tracks policy and industry trends in real time, constantly upgrading security capabilities to ensure that your enterprise has always enjoyed the protection of advanced technology
4, Dataphin has a complete expert consultation and professional services, to help you build a better data security system in the enterprise
Dataphin, as an intelligent data construction and management platform and a core engine in the digital transformation of enterprises, attaches great importance to data security in the process of data production and management. Dataphin provides complete product capabilities to ensure data security in data construction, and the entire security system is closely integrated with data development and production to ensure that data is safe and controllable from entering Dataphin to the whole link of output from Dataphin.
Figure 1: Dataphin security Overview
Dataphin security capability diagram
In the big picture of Dataphin’s capability, the security module appears in the asset management module, but in the actual security system, from the security of the base of the system, the security of data processing in the research and development process, to the security of data assets management and data consumption, all involve and provide security guarantee.
Dataphin currently provides the following security capabilities to secure customer data:
1, base security: to ensure the underlying system security and network security, this part is mainly provided by the cloud base security. In addition to base security measures, Dataphin provides security functions such as tenant isolation, network control, and secure, encrypted storage of sensitive information to ensure underlying system security.
2. Platform security (permissions) : Dataphin provides a complete role system, as well as permissions application and approval functions. This enables enterprises to implement fine-grained authorization management and control of users to prevent permission vulnerabilities.
3. Data security: Dataphin provides data classification and classification, sensitive data identification and desensitization functions to ensure data security in the process of data transfer. The sensitive data protection function ensures that the data displayed in daily circulation is encrypted and desensitized without changing the underlying data, ensuring that sensitive data is not leaked.
4. Security services: In order to help customers build a better data security system, Dataphin also integrates a number of ecological products, expert services and document services to ensure that customers establish a sound data security system.
Figure 2: Dataphin security capability diagram (simplified version)
The diagram above shows the overall security capabilities of the Dataphin, with the detailed functions inside the module simplified for ease of understanding. It can be seen that Dataphin provides a comprehensive data security guarantee for the entire data production and management system.
3. Dataphin Data security application scenario
First of all, let’s take a look at the application scenario of data security module, so as to have a more intuitive understanding of the value of data security. Here are some typical data security scenarios using Dataphin:
Scenario 1: Protect sensitive data in data services
In the daily operation of data business, warehouse engineers/data r&d, data analysts/business analysts need to be in frequent contact with data, including data query, statistics, modification, etc. In this process, there are a lot of risks of data leakage, such as the user’s name and mobile phone number can be queried directly. Although the data permissions of personnel can be strictly controlled through authorization, there is still the risk of data leakage because of the sensitive information in plaintext.
The sensitive data identification and protection capability based on Dataphin enables sensitive data to be displayed as desensitized data in daily circulation and query. For example, the name [Zhang SAN] is displayed as [* SAN], and the mobile phone [18612345678] is displayed as [186****5678], ensuring that the data is in circulation. No abnormal leakage.
Scenario 2: Flexible use of desensitization whitelist
The first two scenarios briefly introduce the protection of data in normal scenarios. In some scenarios, there is a need to see the most original data, so it is necessary to use the desensitization whitelist function, and open the original data to specific users or roles at a specific time.
Scenario 1: For some sensitive data in the enterprise, such as the financial data of listed companies, special personnel (such as high-level employees and macro-decision support analysts of the company) can see the plaintext in a certain period of time (such as one month before the release of the company’s financial statements), but ordinary personnel or these personnel can not at other times. Desensitization can be set by the white list and effective time to achieve.
Scenario 2: For the daily sales of e-commerce, the real numbers cannot be displayed under normal circumstances, and the desensitization is generally displayed as *** yuan. However, in the special scenario of double 11, the real sales need to be displayed for promotion, you can open the one-day whitelist and see the sales data of the day.
4. How to use Dataphin to realize sensitive protection
So how to take advantage of Dataphin’s security capabilities to ensure enterprise data security?
In Dataphin, the realization of sensitive data protection can be divided into the following three steps:
1. Identification of sensitive data: that is, setting data classification, data classification, identification rules and other contents
2. Set the protection mode of sensitive data: select the appropriate desensitization algorithm and set desensitization rules for the identified sensitive data
3, data consumption: desensitization of data consumption in impromptu query, development data writing production and other scenarios
For details about how to implement data security architecture using Dataphin, see: How to Implement Sensitive data protection based on Dataphin
Figure 3: Dataphin data security core operation flow chart
5. Future prospects
Although Dataphin already has a relatively complete data security system, based on the diversity of customer needs and the research and response to policies, the following functions and optimizations will be successively supported in the future, so as to help customers build a better data security system and achieve security and compliance of business development.
1. Data security audit: security audit function is provided to record in detail every query and download operation of sensitive data by users, so as to discover risky operations, and carry out accident accountability and system optimization.
2. Automatic risk discovery and alarm: Based on rules and algorithms, the system automatically discovers abnormal user operations and generates alarm prompts to discover and block risks in time to minimize the impact of data risks
3. Security desensitization in more business scenarios: support data desensitization in the process of data integration and data service, ensure that every consumption and use of data is safe and controllable, and eliminate the risk of sensitive data leakage from the source.
4. Integrate more ecological products and expert services to help customers better establish a sustainable, operational, efficient and effective data security system.
In the new legal environment and data security challenges, Dataphin will continue to think about what customers want, take creating greater customer value as its own responsibility, and continue to enhance data security capabilities to help customers establish a sound data security system, escort the business development of customers.
The original link
This article is the original content of Aliyun and shall not be reproduced without permission.