基于密码构建有效的数据安全防护体系

Building Effective Data Security Based on Cryptography

从IT到DT时代,企业安全建设正在从以网络为中心转向聚焦以数据为中心。业务应用是数据安全防护的关键抓手,但企业应用系统普遍缺失内建安全能力,而通过改造应用增强安全的方式成本高、风险大,所以国内产业生态特点决定了我们适合采取运行阶段补丁增强安全的方式。创新的CASB插件模式,能够免开发改造应用、敏捷实施数据安全,可结合应用内数据加密与身份识别技术,打造“主体到应用内用户,客体到字段级”的细粒度数据防护。同时,基于锚点解密将密码、访问控制、审计等安全策略一体化,实现防绕过的数据安全密码防护体系。

From the IT to the DT era, enterprise security construction is shifting from network-centric to data-centric. Business application is the key to data security protection. However, enterprise application systems generally lack build-in security abilities, and the way to enhance security through rewriting applications is costly and risky. Therefore, the domestic industrial ecological characteristics determine that we are suitable for adopting operational phase patch enhancement. The innovative CASB plugin mode enables the deployment of agile data security without rewriting applications. It can be combined with in-app data encryption and identity technology to create fine-grained data protection from "subject to in-app users, object to field level". Further, based on the anchor point decryption, the security policies such as encryption, access control, and auditing are integrated to implement an anti-circumference data security protection system.