The "Data Security Law" is about to land, and this billion-dollar market has become a new outlet

  As my country's first special law on data security, the "Data Security Law" will come into effect on September 1. It will become a vital legal basis in the national big data strategy, and it will become the field of data security and digital economic development. Important cornerstone of

  The implementation of the "Data Security Law" means that the regulation of the digital economy has become more stringent. At the same time, it also brings new business opportunities for the development of the data security industry.

  According to Article 16 of Chapter 2 of the Data Security Law, the state supports data development and utilization and data security technology research, encourages technical promotion and business innovation in the fields of data development and utilization and data security, and cultivates and develops data development and utilization and data Safety products, industrial system.

  "2021 can be said to be the first year of the data security industry." Liu Bo, senior vice president and chief scientist of Anheng Information, told China Business News that at present, in the trillion-scale data industry, the data security industry is still in its early stages of development. It can occupy 5% to 10% of the total industrial scale.

With the closer integration of data security technology with the industry and more application scenarios, this market will usher in greater opportunities.

Privacy enhancement technology is the hottest

  In April 2020, data was recognized by the state as the “fifth factor of production” after land, labor, capital, and technology, and played an important role in the digital transformation of enterprises.

The "Data Security Law" proposes to build a data security supervision system with data classification and classification as the core.

  Tan Jianfeng, honorary chairman of the Shanghai Information Security Industry Association, told China Business News that during the "14th Five-Year Plan" period, one of the first tasks is to "accelerate digital development and build a digital China." The lifeline of the digital economy.

The "Data Security Law", as a higher-level law, provides support for all parties to collect and use data reasonably and legally, and it also draws a "red line".

  "Data security and privacy protection have become new outlets. Demand for products and services will be further upgraded and expanded. Market demand will stimulate data protection technology to further introduce new ones. The market scale is expected to expand rapidly. From the supply side, it is critical to ensure data security and protect personal privacy. It lies in encryption and encryption technology will further develop and drive the further development of the subsequent industry chain, such as authentication technology, desensitization technology, storage technology, etc., as well as the development of security service industries such as compliance and consulting. From the demand side , The implementation of the "Data Security Law" also promotes the orderly flow of data, which is beneficial to data'consumption' industries, such as artificial intelligence and other industries." He said.

  A major feature of the "Data Security Law" is to focus on the balance between data security and industrial development.

Wu Shenkuo, executive director of the International Center for Internet Rule of Law of Beijing Normal University and deputy director of the Research Center of the Internet Society of China, said that in order to achieve data security and circulation, the data security governance of enterprises in various industries will move from static to dynamic, and at the technical level, such as privacy Privacy-enhancing technologies such as computing and multi-party secure computing will become new outlets.

  As a start-up in the field of data security, Bai Yajing, founder of Xiaoan (Beijing) Technology Co., Ltd., further explained that static protection of data is the basis of dynamic protection. The focus of static protection is to sort out data assets, which is the "Data Security Law". "The classification and grading of data is proposed in "The classification is to standardize the association, and the classification is the basis of security protection. Different levels of data have different security levels in different activity scenarios, and the means and measures of security protection are also different. It is the idea of ​​dynamic protection.

  "But data is valuable only when it flows, so data openness is meaningful, but the premise of openness is security, and to be safe and open, more privacy-enhancing technologies and industry integration are needed to realize the openness and circulation of data security. Do more technical explorations with trading." Bai Yajing said.

  "In fact, more industry enterprises need to upgrade their requirements to ensure security in data circulation, which also provides opportunities for operators that provide data security governance services." Liu Bo believes that handling the dynamic security of data means data The development of security governance towards systemization requires that data operations can truly form a manageable, controllable, credible, and traceable system in landing applications.

  At the same time, he also said that the trend of combining the underlying technologies of data security protection will be more obvious. For example, the combination of privacy computing and blockchain technology will amplify the value of data while ensuring the availability and invisibility of data in circulation.

  Zhu Jieping, founding partner of Taikunlu and member of the Expert Advisory Committee of the Supreme People's Procuratorate, said that the greater imagination of the data security industry lies in the integration of different industries to promote the implementation of scenarios.

  He cited, for example, that currently, due to the company's own data asset risk control requirements and the compliance management requirements of the "Data Security Law", key industries such as finance, telecommunications, medical care, and large Internet companies are constantly improving the full-cycle governance of data security. In order to ensure the security of data circulation, in this process, various privacy enhancement technologies will be continuously activated and performance enhancements will be achieved.

Data compliance has become a common choice

  On July 30, the website of the Ministry of Industry and Information Technology showed that the Internet Security Administration of the Ministry of Industry and Information Technology recently entrusted the Internet Society of China to organize a forum for key Internet companies to implement the "Data Security Law". Alibaba, Tencent, Meituan, Qi Anxin, Xiaomi, Jingdong, Weibo 12 companies including ByteDance, 58.com, Baidu, Pinduoduo and Ant Group participated in the conference.

The Cyber ​​Security Administration of the Ministry of Industry and Information Technology requires all companies to implement the overall national security concept, thoroughly implement the "Data Security Law", and effectively strengthen data security protection.

  The Ministry of Industry and Information Technology stated that it encourages participating Internet companies to actively participate in the development of data security standards and key technology research and development, and actively cooperate with industry supervision.

  "With the increasing awareness of data asset protection and increased regulatory pressure, data compliance has become a common choice for large Internet companies and technology giants. In this context, the enterprise-level data security governance market is expected to usher in an explosion opportunity." Liu Bo said, At the same time, there are more start-ups, big data companies, and data security operators that are involved in the research and development of the underlying technology of data security, but they still have big differences in software and hardware investment.

  Fang Yan, Ph.D. of the Chinese Academy of Social Sciences, has been engaged in Internet competition logic and anti-monopoly policy research for many years. She said that start-up companies often specialize in a specific subdivision (such as database security, data desensitization, etc.), or use this as an entry point. Slowly expand business lines in the future.

The general direction of the technology giants is basically to ensure the existing social, e-commerce, search and other main business needs, focusing on the research and development of security software, and also get involved in hardware when necessary.

The direction of big data companies' efforts is to ensure the security of the data business they operate.

  “In general, these three types of companies are favored by the capital market, especially the security service attempts of startups and big data companies. At present, it is roughly judged that in the trillion-level data industry, the data security industry is at least 100 billion-level. "She expected.

  Guotai Junan Securities believes that the "Data Security Law" will promote the release of data security needs.

"Because data flow runs through all levels and links of informatization and business systems, this places higher requirements on upstream and downstream manufacturers in the industry. In the future, manufacturers in the security field will focus on new tracks and new formats of data security. Therefore, those who have The leading manufacturers of technologies, products, and solutions in the field of data security will benefit the most."

Pain points are not just technical bottlenecks

  The "Data Security Law" is about to land, although it will bring more security compliance products and services, and more industry companies are increasing data desensitization, anti-leakage, encryption and other basic data security technology investment , However, the development of the industry is still in its infancy.

  Liu Bo said that, on the one hand, the world has not reached the maturity stage of technology, and even about 80% of data security-related technologies are in the initial stage; for China, there are still many problems in data security technology. To be broken.

  He Yanzhe, deputy director of the Network Security Center Evaluation Laboratory of the China Electronics Standardization Institute, also said that although it looks "lively", if you look closely, you will find that many data security solutions have not completely deviated from the original network security thinking.

"Of course, network security and data security itself are also intertwined and inseparable, but if you use network security products or solutions, it may be difficult to solve the new problems and challenges faced by data security, and sometimes there will be "the question is wrong." ''Poor effect' situation." He said.

  "In fact, the pain point of data security governance is not just a technical bottleneck." Fang Yan said that in the process of integrating data security technology and industry and promoting the implementation of scenarios, there are three major difficulties to be overcome.

  First, with the advent of the era of artificial intelligence and the Internet of Things, data security risks may become greater in the process of tentative promotion and implementation of new business models and new models; second, the understanding of data security needs to be deepened. Data security is regarded as a technical engineering problem, and that security technology is the only way to solve data security risks, while ignoring the possibility of breakthroughs in other social sciences such as economics, sociology, and ethics.

For example, from the perspective of economics (such as behavioral incentives), many security risks that existing security technologies are unable to overcome can be analyzed and avoided; third, the design of professional security systems combined with scenarios often lags behind practice.

Although the security system for face recognition is being constructed, the system design in many scenarios such as speech recognition is still blank and has not been taken seriously.

  The lack of corresponding laws and industry standards and regulations for technology implementation also brings challenges to data security governance.

Tan Jianfeng said that due to the current unclear definition of core data, it has a certain impact on the classification and classification of data. During the implementation of the law, it will face various issues such as policy refinement, technological differentiation, and the need to strengthen industrial investment. Complete.

From a policy perspective, it is necessary for the competent authorities to take the initiative to release the implementation rules of various industries in a timely manner. In addition, there are technical difficulties such as data verification and circulation.

From an industrial perspective, domestic security investment has been low, and the proportion of security investment in total informatization investment is too low, far below the global average, restricting the application and promotion of technological innovation in the security industry and restricting the further development of the industry.

  He Yuan, executive director of the Data Law Research Center of Shanghai Jiaotong University, mentioned the difficulties of personal information transactions. He explained that if personal information is to be traded, there are only two paths, one is to obtain personal consent, and the second is called anonymization. For the two methods, the aforementioned privacy calculations cannot be realized, so a breakthrough in the compliance system is required.

  Wei Kai, deputy director of the Cloud Computing and Big Data Research Institute of China Academy of Information and Communications Technology, believes that data security governance needs to realize the multi-party governance of the country, industry, and enterprise.

For enterprises, it is necessary to form a closed loop in many aspects such as organizational construction, system and process planning, technical tool construction, and personnel capacity training.

  "Currently, in terms of data security governance, relevant laws and regulations still lack a certain degree of transparency for public supervision departments. This will result in no distinction between companies that do well and those that do poorly. In this context, Whether it is an internal self-assessment of an enterprise or a third-party evaluation of the industry, it is necessary to adopt a set of measurement criteria to guide the enterprise's data security governance to be truly implemented." Wei Kai said.

(Author: Wu Simin? Golden Leaf)