In recent years, there have been frequent cases of data leakage, and the resulting harm is too numerous to mention. According to the Identify Theft Research Center, the number of actual reported data breaches in the first quarter of 2022 increased by 14% to 404 compared to the same period in 2021. In China, cases of legal sanctions due to data leakage are also emerging in an endless stream.
It can be said that for some important basic industry systems and some large and medium-sized enterprises with a high degree of informatization, intranet security and internal data control have become the top priority of their information security construction.
Recently, the second season of [Network Security New Horizons] gave a lecture. Gong Lei, head of Jidun Technology Solutions, started from the status quo and challenges of data security internal control, and shared the idea of building a data security internal control system and practical cases.
Current status and challenges of enterprise data security internal control
The importance of data security internal control is beyond doubt, so what is the current state of enterprise data security? Analyze from two perspectives: the full life cycle of data and the spatial flow of data.
The full lifecycle perspective of data:
- From the perspective of data protection: the data itself is divided into dynamic and static, and most of the risks come from the dynamic flow and use of data.
- Exposure angle: Data is the most complex in the process of use, the exposure is the largest, and the risk is relatively highest.
- At the basic level of construction: The protection measures for data use and sharing are weak, and the rest of the construction is relatively low in difficulty and has a good foundation.
The spatial flow perspective of data:
From a spatial perspective, around the entire data transfer process, data security protection needs to take into account the security of the terminal domain, application domain, storage domain, hardware domain, and the flow and transmission process among them.
Since the application domain involves a large number of systems and scenarios, the current market generally lacks good solutions in the application domain.
According to the current situation of data security, enterprises still face some difficulties and challenges in the construction of internal control of data security.
1 ) Capabilities are scattered and fragmented: current data security capabilities are relatively scattered, all based on single-point capability building in a single scenario in a single domain, without paying attention to system planning, and unable to form unified management and in-depth correlation analysis.
2 ) High cost and long path: The construction of data security internal control involves a complete set of process systems such as data asset discovery and sorting, behavior collection, scenario-based monitoring and analysis, and response control. Each link requires a lot of manpower and material resources, and the cost is high and the cycle is long .
3 ) The effect is difficult to guarantee: The essence of security internal control is to achieve actual and effective scene-based monitoring effects, but limited by scene-based experience and data analysis capabilities, the construction effect often fails to meet expectations, and internal risks cannot be truly and accurately identified.
4 ) Balance between security and business: Security construction needs to consider the impact on normal business operations to avoid additional costs and greatly increase business complexity. Traditional solutions often require a large number of business system transformations, which are costly and affect the development and maintenance of normal business systems.
The essence of data security is to use data safely for business services. Facing the great challenge of the current data security internal control construction, how does Jidun Technology, an emerging network security company, respond?
The construction path of data security internal control system
First of all, in the construction of data security internal control, on the one hand, the enterprise does not want to greatly affect the normal operation of the entire business, and at the same time, it does not want to invest a lot of transformation costs and development costs to cooperate with the security internal control construction.
In order to balance the multiple needs of security, cost and business, Jidun Technology constructively proposed the construction path of data security internal control system according to the construction path of data security governance. The construction path of the data security governance system is divided into 7 steps:
Step 1 : Survey on enterprise status : including enterprise architecture, network topology, security management status, business process, data process, etc.
Step 2 Data asset sorting : Discover data assets through business research and automatic scanning, formulate data classification and grading standards, and sort out and mark data assets at the same time .
Step 3 Security risk assessment: conduct risk assessment around the data life cycle, and conduct benchmarking analysis according to various laws and regulations .
Step 4 Security system design: Based on risk assessment, organizational structure, business process, and data process, design data security management and technical systems, and establish a management system .
Step 5 Implementation of technical tools: Based on classification and risk assessment results, build data security technical tools, sensitive data identification, desensitization and encryption tools, access control, log audit, etc.
Step 6 Rapid pilot verification: Through the pilot operation, possible management loopholes and technical defects are discovered in time, and possible operational deficiencies are found through regular audits .
The seventh step is continuous optimization and improvement: set up operational indicators, conduct regular audits, and continuously optimize and improve, feed back the management, technology, and operation systems, and continuously increase the level of data security in a spiral manner.
The Data Security Law clearly states that enterprises must establish a sound data security governance system. According to the construction path of data security governance, the "four-step" strategy for internal control of data security came into being :
Step1 Asset identification and sorting: The risk object/object is enterprise data assets. Firstly, assets are sorted and marked through sensitive data identification, data classification and classification, etc., to provide a basis for subsequent security protection.
Step2 Behavior collection: Risk subjects come from internal employees, and follow-up security analysis is carried out by collecting dynamic data usage behaviors and static personnel (department, position, on-the-job status) information in each security domain and between domains.
Step3 Security Analysis: Based on the sensitivity of user behavior and operational data, build a scenario-based real-time monitoring model to accurately identify data usage risks.
Step4 Security Defense: Based on the results of security risk analysis, flexibly formulate response control measures, link internal alarm handling tools, and improve security operation efficiency.
The overall framework of the data security internal control system
Second, according to the current situation, one of the core challenges of data security is that it is not systematic enough. So how can it be systematized?
In the path of data security construction, combined with unified policy management, unified asset management, security analysis and emergency response capabilities, and a technical framework built around the data life cycle, the overall framework of the data security internal control system is constructed.
Practical cases of data security internal control
Everything is ready, but it doesn't make any sense to talk about it on paper. Based on Jidun Technology's self-developed non-sensing IT risk management and control platform - Jidun· Mizong , a large enterprise and Jidun Technology jointly created a set of scenario-based UEBA data security internal control system , and identified the customer service system of the enterprise Time, region, device, content, authority, and business process risks .
The following figure shows some risk cases:
So, how does all this work?
Jidun·Mizong is a non-sensing IT risk management and control platform developed by Jidun Technology. It is committed to analyzing the business operation behavior of the internal personnel of the enterprise, detecting in real time whether there are abnormalities and violations of the personnel, and then discovering whether there is any leakage or leakage of sensitive data. and other security risks. Combined with the modular risk index algorithm, the enterprise internal control strategy model (UEBA) is constructed to effectively reduce and control the risk of data leakage caused by internal personnel in the enterprise.
The UEBA data security internal control system based on Extreme Shield and Tracking has four main modules:
The first stage is the access of security devices: directly adopt the company's own DLP and DPM for data access at the terminal domain level; use the data security gateway introduced by Jishidun Mitrace to realize the collection of traffic at the application level and the system level Collection of operation behavior; at the database level, the operation log of the database can be connected; there is also behavior information of related attributes of each security domain.
The second stage is intelligent data security risk identification: after data collection and standardized processing, a complete feature system is constructed. Based on the built features, policy control and model analysis are used to identify security risks in various scenarios.
The third stage is the response module: implement a series of security response actions for various responsible security scenarios through flexible script arrangement and disposal script settings.
The fourth stage is to identify the continuous mechanism at the effect level: take the risks identified based on strategies and models as samples, and then conduct scenario-based verification, including the continuous accumulation of bad samples in some scenarios. Then optimize the features, including the optimization of the model, and continue to carry out strategy analysis and iteration of the model, so as to further improve the identification efficiency of the entire risk.
The key to the successful implementation of the UEBA data security internal control system based on Jidun·Mizong lies in the implementation of UEBA . UEBA is User Entity Behavior Analysis. This concept has been used in the security industry for a long time, but UEBA is very rarely implemented, and even fewer are successfully implemented.
If the implementation of UEBA is only based on pure expert strategy rules, it will definitely not be enough. Jishidun Technology has introduced a machine learning capability to implement real UEBA , mainly two major capabilities of unsupervised analysis model and supervised analysis model .
Unsupervised analysis: Assuming that the full population is discretely distributed in multi-dimensional space, a global space is constructed.
⭐️ People who deviate from the normal population at multiple latitudes become outliers in the space and need to be focused on.
- ⭐️ Abnormal people with certain intentions often have certain similarities in behavior, thus reflecting a certain aggregation in space.
- ⭐️ Unsupervised can identify possible risks by finding outliers and abnormally clustered people without knowing which are the target groups.
⭐️ Unsupervised does not rely on target population samples, which helps to identify risks not found by traditional rules.
Supervised analysis: Assuming that the target population must have certain characteristics, find out people who are similar to the known target population by learning the characteristics of the target population, and at the same time continuously input new target samples for continuous learning.
⭐️ Construct monitoring features of multiple latitudes, learn typical features that the target population generally has or are highly correlated, and build models.
⭐️ Through the continuous input of manual verification results and new target samples, the key monitoring features are optimized, so as to continuously update the model and improve the final recognition effect.
Jidun Technology looks forward to helping more companies build data security internal control systems, prevent data leakage, and help companies do a good job in data security compliance.