Industry | “Research Report on the Development of China’s Data Security Industry” Announces the Acceleration of the Market Bonus Period

With the continuous development of the digital age, big data is not only a new factor driving business, but also a new source of value creation. But at the same time, the problem of data security is becoming more and more serious, and it has become a major challenge for countries and enterprises to develop and utilize big data.

From May 26th to 28th, the 2021 China International Big Data Industry Expo (referred to as “2021 Data Expo”) was held in Guiyang, Guizhou Province. During the period, the “Research Report on the Development of China’s Data Security Industry” (hereinafter referred to as the “Report”) was announced.

It is reported that, as the publisher of the report, the National Engineering Laboratory for Big Data Collaborative Security Technology is the only national engineering laboratory in the field of big data security in my country. ) is responsible for the construction.

In response to the content of the report, Du Yuejin, executive deputy director of the National Engineering Laboratory for Big Data Collaborative Security Technology and vice president and chief security officer of 360 Group, made a detailed interpretation and analysis. He said that data security is the earliest security concept, and there are currently many traditional manufacturers. , covering fields such as encryption and databases. Among the top 10 innovation sandboxes in RSAC 2021, three companies belong to the field of data security. Data security innovation continues to heat up, but this field is still in a state of confusion and anxiety, and everyone needs to actively explore.

The data security market still has at least 30 years of dividends

The report shows that, with the rapid development of emerging technologies such as cloud computing, big data, artificial intelligence, and industrial Internet, data, as the core asset of an organization, has become the basis for driving all businesses. In this context, the data security ecological environment is becoming more and more popular, and the security industry standards and regulations are also maturing.

According to Du Yuejin, my country has clearly put forward the strategic significance of data security in the 14th Five-Year Plan and the 2035 Vision. In addition, due to the increasing popularity of the mobile Internet, the consumption habits of end users have also changed completely, and the reasonable and legal use of data has become an important reference factor for public consumption decisions. At the commercial and industrial levels, due to the continuous strengthening of enterprises’ awareness of data security, the data security market at the B-side has gained an opportunity to explode.

According to Gartner, an authoritative market research organization, more than 30% of enterprises will begin to implement a data security governance framework in 2021. In 2022, 90% of corporate strategies will identify data as a key corporate asset and data analytics as an essential capability.

On the other hand, the market demand for large-scale data center construction, data security consulting services and training, and implementation of security technology products and solutions is increasing, which also brings new business directions to data security vendors. According to a report by the International Data Corporation IDC, in the second half of 2020, the overall revenue of vendors in China’s IT security service market was approximately US$1.44 billion, and the revenue of vendors increased by 21.4% over the same period last year.

“The frequent data leakage incidents in recent years show that once the core data of the enterprise is lost, it is as serious as the elimination of the command by the opponent on the battlefield, and the enterprise may go bankrupt or face huge financial and goodwill losses.” Du Yuejin said, at the same time he said , Looking at future trends, data security is strongly related to business, and this market has at least 30 years of dividends. At present, it will be a market of more than one billion or tens of billions within 1 to 3 years, and there are great opportunities in this space.

Data security governance faces multiple challenges

The digital age is advancing rapidly, but it is also fraught with peril. As Zhou Hongyi, founder and chairman of 360 Group said, this is the best of times and the worst of times – the whole world will be built on software, network infrastructure will become more complex, vulnerabilities are everywhere, and attack surfaces Unlimited expansion and unprecedented vulnerability. The report shows that global data security risks are increasing day by day. Issues such as data security and privacy protection, and risks of data migration to the cloud and flow and sharing have posed the following new challenges to the data security governance capabilities of various countries.

Challenge 1: Big data technology brings disruptive changes to data security protection

The “4V characteristics” of big data make traditional data security technologies unable to effectively deal with emerging security problems in big data application scenarios. The leakage of personal privacy and important national information has gradually become a very serious global problem.

Challenge 2: Data leakage affects various subjects

Different from previous attacks aimed at stealing corporate business information, national big data information is often closely related to state secrets, important infrastructure, and social stability and development. Such attacks often carry a higher threat.

Challenge 3: The background of organized cyber attacks is strong and difficult to detect

Malicious cyber attacks with organized backgrounds are one of the main reasons for data leakage. Most of these attackers are organized and organized criminal gangs, and even hacker teams and cyber warfare units with national backgrounds.

Challenge 4: Security Compliance in Data Sharing and Circulation

In the era of the digital economy, data will frequently flow across systems, organizations, and even across borders. Some big data bureaus have already reported that because there is no vertical jurisdiction and data security management cannot be effectively performed after collecting data from all parties, it is difficult for big data the risk of data leakage.

Challenge 5: Cross-border data transfer becomes an international issue

Some countries take geopolitics and ideology first, and develop their own digital offensive and defensive capabilities in the name of digital security, which may disrupt the rules of the global digital economy.

Challenge 6: Weak awareness of data security

Old-fashioned issues in the field of data security still exist in the era of big data. The usage scenarios of big data are more complex, the value of data business is greater, and industry practitioners will face greater challenges in both technology and management.

The report also combines the analysis of a number of professional institutions, collects practical cases of domestic projects, and sorts out the most critical data security technologies at present. These include cryptographic technology, desensitization technology, data-centric auditing and protection technology, data leakage prevention technology, cloud access security proxy technology, identity recognition and access management technology, blockchain technology, trusted execution environment technology, multi-party security Computing technology and federated learning technology, artificial intelligence technology, etc.

For the challenges faced by data security governance, Du Yuejin summarized five basic understandings.

First, the greater the data value and the weaker the security capability, the greater the risk. With the development of smart cities and industrial Internet, more and more data is deposited in the government’s big data trading platform and the city’s functional center, and at the same time they are also the weakest places.

Second, innovation is the key. We must always have a sense of innovation, and we must not work behind closed doors. We must come from the industry to the industry, adjust quickly and continuously optimize, otherwise we will not be able to adapt to the era of comprehensive digital transformation.

Third, traditional management or punishment cannot solve the problem of data security. It is necessary to change from “only punishing” to “punishing the bad, rewarding the good, and helping the weak”. Penalize security inaction or intentional violation of data security or privacy; establish security capabilities to help enterprises and industries respond to cybersecurity threats; change management to governance, so that companies with high data security levels can gain more development opportunities.

Fourth, data is more like blood than oil. The goal is to make data more, smoother, and healthier. This is the core of data security governance.

Fifth, we need a “circle of friends”, not “a fence”. In the face of a strong enemy, a large-scale coordination is required, and the security defense of each individual is impossible to detect anomalies, and it is impossible to judge the full picture of the threat.

Building a data security governance system based on DSMM

How to conduct data security governance? The answer given in the report is to build a data security governance system based on the Data Security Capability Maturity Model (hereinafter referred to as DSMM). DSMM is derived from the national standard GB/T37988-2019 “Information Security Technology Data Security Capability Maturity Model”. This standard is data-centric, aiming at each stage of the entire life cycle of collection, transmission, storage, processing, exchange and destruction, and proposes the data security capabilities of enterprises or organizations from four dimensions: organizational construction, institutional processes, technical tools, and personnel capabilities. requirements, and divided into five levels of continuous improvement: informal execution level, plan tracking level, fully defined level, quantitative control level, and continuous optimization level. This standard comprehensively guides the data security capability building of organizations, and realizes the overall controllability of security risks in the process of data flow across organizations.

This is a forward-driven data security governance system. First of all, the high maturity of data security capabilities means that there are great opportunities for business development. The main goal is to make data security a competitiveness rather than a cost. On the data side, based on the classification and grading of data, and on the processing side, on the basis of the organization’s data security capability maturity level, establish a positive driving relationship of “strong data security capability, more opportunities to obtain high-value data”. When the government establishes a mechanism for multi-departmental data sharing and circulation to promote the utilization of big data, the initiator can decide whether to continue data flow with the other party through the maturity level of the organization’s data security capability. In the digital economy era where data has become the fifth factor of production, organizations will have the motivation to actively improve their data security capabilities, so as to achieve the goal of security governance.

The engineering laboratory will help customers build or integrate into a DSMM-based data security governance system mainly through data security consulting, evaluation and training services. With data security consulting services, customers can understand relevant national regulations, standards and industry norms, know their data security status, explore their application needs and security needs, and provide customers with targeted data security solutions. With data security assessment services, especially DSMM assessment, we can help customers accurately identify gaps in data security management and technology, and help customers improve data security capabilities and data security protection levels. With data security training services, we train professional data security managers and engineering technicians for the data security industry and customers to improve the data security operation level of customers.

The report also lists excellent cases of data security governance based on DSMM in current practice. The first one is the Guiyang DSMM industrial ecological practice case. Up to now, there are 265 DSMM assessors registered in the Engineering Center. Taking DSMM as the starting point, through data security capability maturity assessment, Guizhou Big Data Security Engineering Research Center has successively launched pilot projects in more than ten fields and more than 50 institutions, covering government affairs, finance, system integration, software services, security Services, big data, education and training, industrial Internet and other industries have accumulated rich practical experience in the field of data security, and explored and constructed data security governance including personnel training, legal support, market access, software products, evaluation services, and certification qualifications The system improves the industrial ecological chain of big data security development, and provides security capability guarantee for the development of big data.

Du Yuejin concluded that in the future, it is necessary to continue to explore and study the application of DSMM in different industries, continue to optimize evaluation methods, improve standards, speed up training, evaluation, consultation, and certification, and jointly create a DSMM ecosystem; at the same time, relying on national projects The laboratory, in conjunction with local or industry forces, combined with specific scenarios and problems, established a third-party mechanism to create a research environment for continuous operation and open innovation for the industry.

The Links:   SKM200GAL173D G190EG01-V0