2005-2024
Living our mission to make data safer and more valuable
Meichuang has been building a base for 19 years, with users in different industries
Together, build a solid foundation for numbers
Meichuang 19th Anniversary Case Exhibition
Walk into the promenade of this time
Explore the data security practices of Micronics and its partners in various industries
1. Systematic construction of data security
Zhejiang Province is a pioneer in digital reform. Led by digital reform, a provincial unit relies on the provincial government cloud platform to promote the construction of the "Internet +" management model and public service platform as a whole, and in order to further build the integrated data security guarantee on the cloud, the unit and Meichuang jointly carry out:
Data classification and grading: With the help of the data security classification and grading platform, sensitive assets can be automatically sorted out and classified.
Data security technical protection system, including: identity authentication, permission control, interface audit, data desensitization, data watermarking, data encryption, etc.
Cloud security situation control: Deploy a data security management platform, realize multi-cloud environment monitoring through security protection gateways and probes, and report data to the platform in real time for centralized management, so as to achieve unified asset sorting, unified identity governance, unified risk monitoring, unified analysis and evaluation, unified policy issuance, unified risk management and control, and unified observation based on classification and grading.
Data security operation: Establish a security operation service framework, and form a security operation guarantee system with active defense and collaborative operation capabilities through various security services such as security assessment, security inspection, security reinforcement, penetration testing, vulnerability scanning, and security training.
In the "China Government Cloud Security Leader Practice, 2023" released by IDC, an international authoritative IT consulting organization, this case was selected as a leader practice in the data security category. Not only government agencies, but also as a domestic manufacturer with professional data security and a complete product and service system layout, Micronics continues to help the systematic construction of data security in various industries.
2. Data classification and grading and management platform linkage protection
In order to consolidate network and data security and implement the data classification and grading management system, a provincial department is a typical unit for the digital transformation of government affairs in the province, and selects the Micronics data security classification and grading platform to sort out more than 10 sets of systems for the existing five key businesses, and draw a map of data asset classification and grading.
At the same time, the data security classification and grading platform supports the effective linkage control of data security classification and grading results and the data security management platform, and automatically matches security policies, so as to realize the hierarchical protection of data security and implement a set of practices for refined data protection.
As a pioneer in data classification and grading, Micronics has been deeply involved in the practice of various industries, and its self-developed data security classification and grading platform is highly in line with the classification and grading framework, methods and processes specified in the national standard "Data Security Technology Data Classification and Grading Rules".
Micronics also continues to promote the linkage between data classification and grading and data security product systems, opening up the last mile of classification and grading applications.
3. Supervision and construction of the full-link use side of public data
In the context of the vigorous development of the digital economy, public data is a key factor of production, and it is urgent to strengthen security supervision and ensure safe use.
In this regard, the Data Resources Management Bureau of Linping District, Hangzhou City, has deployed the Micronics API security monitoring system, data desensitization platform, and permission control system to strengthen the data use-side supervision capabilities in scenarios such as "data operation and maintenance, development and use, daily business use, API call use, and batch data call use", so as to realize the closed-loop control of the whole process of data violation monitoring, response, disposal, and rectification in the whole district, as well as the insight of data flow situation. Implementation:
Intelligent identification of illegal (unauthorized) applications
Interface secondary encapsulation, forwarding identification and interception capabilities
Share open data multi-node dense storage
Effectively restrict the illegal use of batch shared data
In 2023, the "Data Security Community Plan", jointly initiated by the China Academy of Information and Communications Technology (CAICT) and universities, research institutes, enterprises and institutions, officially announced the results of the 2023 data security "Spark" case selection. The case jointly declared by Micronics Technology and Hangzhou Linping District Data Resources Management Bureau was successfully selected!
Micronics API security monitoring and secure access control system
In the acceleration of digitalization, APIs, as a high-speed channel, make the flow of data more free, but also bring new challenges to data security. The Micronics API security monitoring and access control system aims to strengthen the access and security monitoring of sensitive data on API interfaces, so that data can flow and release value on a secure basis.
In the "IDC Perspective: China API Security Market Insights, 2022" report released by IDC, an authoritative consulting organization, Micronics was selected as a recommended vendor in the API security field in China by IDC for its outstanding performance!
4. Governance consulting helps data security go straight to the extreme
In the process of strengthening the improvement of data security capabilities, Shanghai Gas is faced with the lack of effective combing of the use authority of data assets, the failure to implement the classification and hierarchical management of data and the formulation of corresponding permission control measures, the lack of effective data security system and process for massive data assets, and the difficulty in the specific implementation of data security protection construction.
Micronics data security governance consulting services, with DSMM as the starting point and data flow and application scenarios as the entry point, help Shanghai Gas conduct current situation research, asset combing, risk assessment, and construction planning, providing a basis for the implementation of data security refined protection strategies, so that security can be directly improved.
Micronics data security governance consulting service process
This case was selected as IDC's "Best Practice for Data Security Protection of China's Industrial Internet"
Focusing on solving a series of problems such as "unclear needs, unclear responsibilities, non-standard management, and mismatched construction" of data security existing in users, as one of the top ten data security service enterprises in China, Micronics has taken the lead in launching data security governance consulting services and has been widely practiced, and has formed special services including data classification and grading consulting, data export security governance, data security risk assessment, personal information risk assessment, data security inspection, data security capability assessment and certification, etc., to meet the needs of data security planning and construction, landing guidance, Emergency support, continuous optimization and other different needs.
At the same time, Micronics has developed its own data security comprehensive assessment system (DCAS), which can efficiently complete data security capability analysis, compliance assessment and risk identification, and achieve continuous improvement of agile capabilities.
5. Construction of data security management platform in multi-cloud scenarios
At present, the big data bureau of a city has collected the business data of various government units and commissions in the district to form a multi-dimensional and massive data warehouse.
In order to strengthen the data security guarantee capability, the system grasps the operation status of the cloud platform, the data security construction of each subordinate unit, the security risk protection, etc., and uses this as the basis to supervise and guide, and at the same time, through the servitization of security capabilities, the multi-dimensional security capabilities are integrated to improve resource utilization. The big data bureau chose to deploy the data security management platform to achieve unified management, data isolation, secure subscription, and visual presentation in multi-cloud/hybrid cloud scenarios.
Automatic discovery, classification and grading of massive data assets to achieve efficient sorting of sensitive assets;
By subscribing to a variety of endpoint security capabilities such as audit module, encryption module, and waterproof dam module, the security control in the process of data access and flow sharing can be realized.
Through data isolation capabilities, the security capabilities of different commissions and bureaus/subordinate units can be quickly subscribed, avoiding duplicate construction, improving the overall security construction efficiency and reducing deployment costs.
Provide a multi-dimensional situational awareness screen to display the access status of assets and the risk status faced by them in real time.
In the IDC MarketScape: China Data Security Management Platform 2023 Vendor Assessment, Micronics is listed as a "Leader" in the China Data Security Management Platform Market.
In response to the increasingly complex challenges of data security protection, management and sustainable operation in the localized and hybrid multi-cloud environment, Micronics has released a new generation of data security management platform based on the "1+N" cloud technology architecture, which integrates N lightweight endpoint protection capabilities and truly converges the management complexity of the endpoint itself into a cloud management center to achieve integrated data security management and monitoring, real-time control and protection, continuous perception and operation.
6. The big data platform of the Provincial Rural Credit Union is desensitized
A provincial rural credit union has set up offices in more than 10 districts and cities in the province, with nearly 100 county-level legal person banks under its jurisdiction, nearly 5,000 business outlets, and more than 10,000 village-level service points such as harvest stations.
In order to avoid the leakage of sensitive data in scenarios such as development and testing, data exchange, etc., the provincial rural credit union has deployed data desensitization products as early as 2017, but with the rapid development of business and the increasing complexity of business types, the original data desensitization system is no longer enough to meet the desensitization requirements of the provincial rural credit union, such as:
For XML files and Transwarp TDH big data platform, the original desensitization system cannot support it.
In addition, the original desensitization system still has the problem of old operation interface and simple desensitization function, and the user experience is difficult to meet the needs of users for some complex data environments.
In this context, the provincial rural credit union deployed the Micronics static data desensitization system, which effectively solved the challenges of data desensitization, and realized the efficient desensitization of scenarios such as Transwarp TDH big data platform, rapid desensitization of massive XML files, sensitive discovery of complex data, and desensitization of large fields.
As a mainstream manufacturer of data desensitization, Micronics static data desensitization system is the first desensitization product in the industry to support the information innovation environment, and has successively completed compatibility and adaptation with domestic databases such as Dameng, Nanda General Motors, Renmin Jincang, Huawei FusionInsight, Transwarp big data platform, and domestic CPU, operating system, and server manufacturers such as Kirin, Uni-President UOS, Sugon, Inspur, and Huawei Taishan.
In response to the current new challenges such as localization, large tables, large files, heterogeneous desensitization, business docking, and high availability, Micronics continues to improve its product capabilities, and continuously adapts to the diversified desensitization needs of multiple industries with broader adaptation capabilities, complete desensitization algorithms, simple user operations, high performance and stable desensitization processing capabilities.
7. Database audit for high-traffic and high-concurrency scenarios
In recent years, with the expansion of outpatient business volume and business system, the number of databases has reached more than 200, and the number of database visits has continued to increase.
With its excellent processing efficiency and perfect and leading audit functions in high-traffic and high-concurrency scenarios, the security audit system of Micronics helps the hospital "shift gears and upgrade":
The packet loss and leakage audit mechanism is greatly optimized, and the audit and storage processing capacity is stronger, which can easily meet the audit requirements of the hospital's users for "maximum peak 1.4Gbps database traffic and stable traffic 1.2Gbps".
Comprehensively optimize and improve the audit retrieval rate, whether it is a search based on common conditions such as IP, application name, database type, etc., or a complex search for keywords in SQL statements, the rate can reach "15 million messages per second".
Comprehensive and accurate audit, to achieve full coverage of the audit of operation records of more than 200 sets of databases (types covering MySQL, Oracle, SQLServer, Sybase, PostgreSQL, etc.), and accurately identify access identities, depict the complete link of each operator, terminal and application used, the scope of assets accessed and specific behaviors, and provide sufficient storage space to store audit logs to meet the requirements of online storage for at least 180 days.
The database security audit system is an important product that Micronics first invested in research and development, and has always maintained a leading edge based on more than ten years of technology accumulation in the field of database security.
According to the "China Database Security Audit and Protection Products Market Research Report (2023)" released by CCID Consulting, in 2022, the database security audit system of Micronics Technology will rank first among specialized manufacturers with a share of 2.6%!
8. "Zero transformation" database encryption of Internet hospitals
An Internet hospital is the first Internet hospital in the city to pass the approval, relying on the Internet medical service platform established by the physical hospital, covering three major systems: online diagnosis and treatment services, one-click integrated services and telemedicine services. At present, the data on the Internet hospital business system is stored in the database in plaintext, and for criminals who steal data, they can query and export data in batches, resulting in sensitive data leakage.
In order to cope with this risk, some hospitals use applications to encrypt and decrypt data, but this method has certain drawbacks: it affects the performance of the application, affects the performance of data retrieval, cannot achieve fine-grained authorization, and the algorithm is fixed and inflexible.
In this regard, the hospital deployed the transparent encryption system of the Micronics database, on the premise of ensuring the transparent access of the business system, encrypted all kinds of commonly used data types in the database, and stored the encrypted data in ciphertext, and enhanced access control to prevent illegal identity plaintext access, so as to achieve the goals of high data security, complete application transparency and efficient access to ciphertext.
It is worth mentioning that the Internet hospital business has a large number of patient visits every day, and the continuity requirements are high, requiring 24×7 hours of uninterrupted operation. The "lightning encryption" mode developed by Micronics Database Transparent Encryption System can encrypt Internet business databases without modifying business program codes, and the encryption and decryption process has no impact on business access, support non-stop business encryption and decryption, and do not need to suspend business during the encryption and decryption process, and fast and high-performance encryption and decryption of massive data, which is flexibly adapted to scenarios such as high performance requirements, huge amount of encrypted data, and short online time window.
Micronics Database Transparent Encryption System focuses on data storage encryption scenarios, providing transparent encryption technology for the storage layer, enhanced encryption access control at the network layer, and offline encryption and decryption capabilities for data file export, so as to realize data from ciphertext storage, on-demand access to clear/ciphertext, and encryption of dragged files, effectively preventing data leakage caused by plaintext storage.
At present, the product is compatible with a variety of national cryptography algorithms and a variety of international standard algorithms, and has the "Commercial Cryptography Product Certification Certificate", which continues to meet the requirements of future cryptography evaluation in various industries through the confidentiality and integrity functions of important data at the storage layer.
9. DRCC solves the "scattered and messy" bank disaster recovery
However, with the continuous advancement of cloudification and localization, the construction of financial disaster recovery is becoming increasingly "scattered, complex, multiple, and chaotic", which brings challenges to disaster recovery control and daily disaster recovery operations. This is exactly the case with a provincial branch of a bank:
In terms of disaster recovery control: assets are scattered and messy, the risk of misoperation is high, the business system is complex, the disaster recovery status monitoring is difficult, the technical personnel are demanding, and there is a lack of visual monitoring.
In the handover exercise: dare not cut, high requirements, must cut, invisible.
In this context, the bank chose Micronics' integrated disaster recovery platform (DRCC) based on "cloud-device architecture":
· DRCC presets the adaptive database and centralizes the management and control of DB2 disaster recovery technology and system middleware MQ disaster recovery technology.
· DRCC provides one-click handover drills and standardizes, automates, and visualizes the handover process to realize the perception of disaster recovery status, the control of disaster recovery drills, and the command of disaster switching, helping the bank to conduct one-click disaster recovery drills and failbacks in the face of surprise disaster recovery drill tasks, one-click disaster switchover and fallback in the face of disaster scenarios, and provide a large screen for leadership and command with visual switching, and submit tasks for the drill process evidence required by the head office, and automatically generate drill reports that meet the specified requirements.
Since its establishment, Micronics has continued to cultivate the field of disaster recovery, releasing the database disaster recovery system in 2008, the full-service disaster recovery system (DBRA) in 2017, the official launch of the disaster recovery centralized management and control platform (DRCC) in 2021, and the innovative "resilient security protection system" in 2023, and the new generation of disaster recovery integrated platform (DRCC v3.0) was released.
Today, DRCC has been successively applied in government, finance, medical and enterprise industries such as the Examination Institute of the Ministry of Education, China Foreign Economic and Trade Trust, the First Affiliated Hospital of Zhengzhou University, Zhejiang International Trade Group, etc., and continues to be recognized by the market. In addition, DRCC has helped hundreds of users in various industries to normalize disaster recovery drills, solving the problems of difficulty in verifying disaster recovery availability and lack of daily compliance drills.
The digital economy with data as the core is being further promoted, and data security, as an indispensable main line, is becoming more and more shining. In the past 19 years, Micronics has always guarded with the same original intention, and the journey is not endless, and Micronics will continue to shape stronger resilience and security capabilities to better serve the high-quality development and security of users in various industries in the digital era.
Hangzhou Meichuang Technology Co., Ltd