|
|
I. Data security compliance requirements 1) Data access logs are audited and retained for a period of not less than 6 months (Article 21); 2) Classification of data, distinguishing sensitive data from ordinary data (Article 21); 3) Backup of important data for disaster recovery (Articles 21 and 34); 4) Encryption of important data (Articles 21, 31); 5) Desensitization of personal information (Article 42)。 The data covered by the Cybersecurity Law includes general network data (Article 21), and the basic information infrastructure data (Article 34), user information and personal information (Article 42) are separately protected。 |
|
Ii. Hierarchical protection system
1) Must be deployed: Personal privacy protection (numberDatabase audit, database firewall), log audit system, host malicious code prevention, web tamper prevention, unified identity management (fortress machine), electronic authentication services, etc.; 2) Recommended deployment: vulnerability scanning device, network leak prevention device, storage data leak prevention device, database encryption device, mail encryption device, document security management, encryption device and so on。 |
|
|
|
|
Third, GDPR
The GDPR aims to protect EU citizens from privacy and data breaches, while reshaping the way organisations in the EU approach privacy and data protection。According to the results of a survey provided by PWC, 92% of enterprises believe that GDPR will become the most important data protection requirement and objective。
|
四、Databases face major security risks
五、Security requirement
六、solution
Data security situational awareness as the core,Visualize and manage the distribution, access, and exposure of data assets,In the process of planning, construction and operation,Consider data security policies that "visualize and manage the distribution, access, and exposure to data assets.,Establish a data security situational awareness system。
(1) Data security situation awareness
Artificial intelligence is used to establish the data flow model from source to end, timely detect the abnormal situation of data flow and early warning, and establish the data traceability mechanism。
(ii) Comprehensive audit of data activities
1Comprehensive monitoring and recording of data access and activities to facilitate post-audit and tracing;
2With the help of artificial intelligence analysis method, the abnormal activity and risk of the data are found in time, and the alarm is generated;
3Output visual reports for easy analysis。
(3) Fine-grained access control
Access filtering to block abnormal queries and access to prevent sensitive data leakage;Abnormal and illegal data modification and deletion operations are blocked to prevent unauthorized modification of sensitive data。
4. Encryption of sensitive data
Selectively encrypt sensitive content to prevent loss and theft of online data and backup data storage media resulting in sensitive data leakage;Enhance permission management on encrypted sensitive data to prevent data leakage caused by unauthorized permission abuse, permission theft, and legal permission abuse。
(5) Sensitive data desensitization
Provide real-time desensitization of sensitive data for operation and maintenance environments;For test and development environment, it provides quasi-real data after desensitization。
I. Data security compliance requirements
1) Data access logs are audited and retained for a period of not less than 6 months (Article 21);
2) Classification of data, distinguishing sensitive data from ordinary data (Article 21);
3) Backup of important data for disaster recovery (Articles 21 and 34);
4) Encryption of important data (Articles 21, 31);
5) Desensitization of personal information (Article 42)。
The data covered by the Cybersecurity Law includes general network data (Article 21), and the basic information infrastructure data (Article 34), user information and personal information (Article 42) are separately protected。
Ii. Hierarchical protection system
1) Must be deployed: Personal privacy protection (numberDatabase audit, database firewall), log audit system, host malicious code prevention, web tamper prevention, unified identity management (fortress machine), electronic authentication services, etc.;
2) Recommended deployment: vulnerability scanning device, network leak prevention device, storage data leak prevention device, database encryption device, mail encryption device, document security management, encryption device and so on。
Third, GDPR
The GDPR aims to protect EU citizens from privacy and data breaches, while reshaping the way organisations in the EU approach privacy and data protection。According to the results of a survey provided by PWC, 92% of enterprises believe that GDPR will become the most important data protection requirement and objective。
四、Databases face major security risks
五、Security requirement
六、solution
Data security situational awareness as the core,Visualize and manage the distribution, access, and exposure of data assets,In the process of planning, construction and operation,Consider data security policies that "visualize and manage the distribution, access, and exposure to data assets.,Establish a data security situational awareness system。
(1) Data security situation awareness
Artificial intelligence is used to establish the data flow model from source to end, timely detect the abnormal situation of data flow and early warning, and establish the data traceability mechanism。
(ii) Comprehensive audit of data activities
1Comprehensive monitoring and recording of data access and activities to facilitate post-audit and tracing;
2With the help of artificial intelligence analysis method, the abnormal activity and risk of the data are found in time, and the alarm is generated;
3Output visual reports for easy analysis。
(3) Fine-grained access control
Access filtering to block abnormal queries and access to prevent sensitive data leakage;
Abnormal and illegal data modification and deletion operations are blocked to prevent unauthorized modification of sensitive data。
4. Encryption of sensitive data
Selectively encrypt sensitive content to prevent loss and theft of online data and backup data storage media resulting in sensitive data leakage;
Enhance permission management on encrypted sensitive data to prevent data leakage caused by unauthorized permission abuse, permission theft, and legal permission abuse。
(5) Sensitive data desensitization
Provide real-time desensitization of sensitive data for operation and maintenance environments;
For test and development environment, it provides quasi-real data after desensitization。