"Digital economy must do a good job of red line awareness and safe flow of two articles."

At the China Cyber ​​Security Annual Conference in 2021, Qi Anxin Group Chairman Qi Xiangdong pointed out that the total amount of data breaches has exceeded the sum of the previous 15 years, and balancing the relationship between data utilization and data security is the key to the stable and healthy development of the digital economy .

Establish a system and build a system to keep the three red lines of data security

  The promulgation of the "Cyber ​​Security Law", "Data Security Law" and other related laws and regulations has woven a detailed legal net for personal and national data security, and also reminded government and corporate institutions to form a "red line awareness" as soon as possible.

  Qi Xiangdong believes that there are three main "red line awareness": one is to hold the red line of APP collection. Since the beginning of this year, the Ministry of Industry and Information Technology, the State Cyberspace Administration of China and other relevant departments have notified and removed a large number of illegal apps, and canceled thousands of filing website platforms; To maintain the red line of cross-border data flow, the European Union, the United States, India and other countries and regions have relevant laws and regulations to restrict cross-border data flow and ensure data security within their borders. China’s Data Security Law also attaches great importance to cross-border data flow. , And delineated the red line, taking a key step to protect the cross-border flow of data; third, to keep the red line of data storage and protection, data operators, as processors of data activities, must strictly abide by relevant laws and undertake to protect data Responsibility for security, keep the red line of data storage and protection, and ensure data security.

  How to guard the red line to prevent it from breaking?

Qi Xiangdong believes that in order to eliminate data security threats from the inside, it is necessary to take human factors into consideration when designing the security system, detect abnormal behaviors of insiders in time, and detect and block internal attacks in time, so as to effectively prevent the red line from breaking through the system. .

"Nine axes" guards the safe flow of data

  The rapid advancement of digital technology and the vigorous development of the digital economy rely on in-depth exploration of the value of data, and balancing the relationship between data utilization and data security is the key to the stable and healthy development of the digital economy.

  In the digital age, massive data needs to generate value through mobile transactions, but in the dynamic process of data transactions, it faces many security problems. A single point of failure may cause important data to leak and bring severe threats.

  How to protect the safe flow of data?

Qi Xiangdong introduced the "Nine Great Axes":

  The first attack: situational awareness.

Timely early warning and disposal of data security threats, realizing all-round situational awareness and dynamic protection of enterprise data security; second attack: zero trust.

The zero-trust security solution realizes the "minimization" of user access to data, and minimizes the risk of internal personnel leaking data; the third attack: cloud lock.

Effectively detect and resist known and unknown malicious codes and hacker attacks, and prevent the server from being controlled; the fourth trick: secure management of privileged accounts and guard against internal ghosts; the fifth trick: system security for missing and supplementing resources.

Prevent vulnerabilities through four basic security processes: asset management, configuration management, vulnerability management, and hole-filling management; sixth attack: mail threat detection system.

Discover advanced threats and targeted attacks in a timely manner to prevent phishing; seventh trick: review the supply chain.

Tianwen Platform, Code Guardian, and Open Source Guardian products are working together upstream and downstream to detect supply chain security risks as early as possible to prevent sudden supply chain attacks; the eighth attack: Endogenous security framework.

The endogenous security framework proposed by Qi Anxin systematically builds a complete network security system, and uses specific “ten projects” and “five tasks” to guide the planning, construction and operation of the network security system to help government and enterprise organizations better Responding to ransomware attacks; Ninth axe: privacy computing sandbox.

Adhere to the principle of "data does not move, data is available but not visible" to prevent "legal" data leakage.

  Qi Xiangdong said that through the "nine axe", a complete security protection system can be formed for data flow from the aspects of system, personnel management, system protection, supply chain upstream and downstream, and data transactions. Under the premise of ensuring security, the value of data can be measured. Make full use of it to promote the safe and steady development of the digital economy.

  It is reported that this China Cyber ​​Security Annual Conference is hosted by the National Computer Network Emergency Technology Coordination Center, with the theme of "Joining Hands to Address Data Security Threats and Challenges", focusing on the current new situation, new situation and new challenges of cyber security work at home and abroad.

Among them, the "Data Security Sub-Forum" hosted by Qi'anxin is also one of the focuses of this conference. There will be experts from the National Computer Network Emergency Technology Coordination Center, the Security Institute of China Mobile Research Institute, and the Security Institute of China Academy of Information and Communications Technology. , And industry leaders from QiAnXin, Deloitte China and many other units delivered keynote speeches.