"Data security is at the heart and the key to critical protection in the digital age." On December 16, at the "Zero Trust Sub-Forum" organized by the Data Security Working Group of the Computer Security Committee of the China Computer Society, Wu Yunkun, President of Qianxin Group and Member of the Standing Committee of the Computer Security Committee of the China Computer Society, proposed in his keynote speech that based on the zero trust architecture, combined with zero trust and data entity protection, a data security technology defense system should be built.
With the deepening of digitalization, data has become an important means of production. Wu Yunkun pointed out that the development of digital business has changed the information environment and brought new security requirements, and the protection objects in digital scenarios have expanded from the cloud network terminal and operating environment to the core assets of the data, and the data security protection is facing multiple challenges.
First of all, with the development of digital business, data has shifted from static to flow, data security scenarios have changed, and the difficulty of data security protection has increased; second, the protection object has changed, and defense measures and means need to be updated; third, data security management and technology need to be integrated to effectively support the implementation of technology.
Data security does not depend on a single point of technology, but on a system of capabilities. To truly do a good job in data security protection, it is necessary to upgrade from scattered construction to systematic construction, the endogenous security framework is the core of the security system construction, and "one center and two systems" is the specific method for the implementation of the endogenous security framework.
Among them, the situation awareness and operation control center establishes cognitive capabilities to identify threats and block threats to ensure that security capabilities are effective, and the zero trust system and security protection system solve the problems of "internal ghosts" and external attacks respectively.
Specifically, the security protection system is oriented to external attack protection, which can analyze the possible threat attack path of the data center based on the actual attack vector framework, design the data center layered security protection capability framework, carry out the deployment of defense-in-depth measures, and realize the comprehensive coverage and deep integration of security and informatization at all levels.
The zero-trust system is oriented to internal business access control, so that internal legitimate identities can easily access the appropriate data and applications, while preventing abnormal behavior of legitimate identities, combining the "zero trust architecture" with the "data security protection system" to achieve "credible identity of the subject, compliance of behavior and operation, effective protection of the computing environment and data entities", to ensure that the right people, at the right time, in a reasonable way, access the right data.
Wu Yunkun said that the overall protection idea of data security is to protect the entire business flow and data flow, support it based on data security governance, draw data security policies, pull through accurate control and physical protection, and build data security that combines "identity as the cornerstone, rules as the criterion, continuous trust assessment, and dynamic business compliance".
As one of the organizers of this forum, Qianxin also demonstrated the "Qianxin Zero Trust Identity Security Solution" in the exhibition area. At present, the solution has been widely used in a variety of industries, fully helping to build the organization's "endogenous security" capabilities, promoting the practice of zero trust concept in many industries, and has been recommended by well-known research institutions such as Forrester and IDC for many times, and has been highly recognized by the market and the industry.
![The "Computer Museum" will land in Dongyang Hengdian, Zhejiang[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)