news

on september 4, at the second cyberspace security (tianjin) forum, qi xiangdong, chairman of qi'anxin group, proposed in his keynote speech that the "data triangle" consisting of the production domain, application domain, and circulation domain has become the key to ensuring data security. the independent operation of its security system has become the biggest security challenge to cyberspace security, and it is imperative to carry out systematic network security construction.

in the new era, cyberspace security has ushered in a new dimension. a single cyber attack can cause system downtime and business interruption. data security occupies a core position in cyberspace security. the key to the continuous upgrading of cyberspace security lies in data.

in this regard, qi xiangdong pointed out that the key to ensuring data security is to ensure the security of the "data triangle". the production domain, application domain, and circulation domain in the "data triangle" cooperate with each other to drive the rapid development of the digital economy and the stable operation of the digital society. at the same time, the two-way connectivity of the "data triangle" determines that if a security problem occurs in one corner, it may affect the security of all "data corners".

specifically, in the production domain, the network environment is relatively closed, the highest risk is "insiders", and the biggest hidden danger is the "three members" - administrators, technicians, and operators have privileged accounts, which can easily leak information actively, or be bribed and exploited, posing the biggest "hidden danger" to data security; equipment may also become "insiders" and steal data and transmit secrets after being controlled.

in terms of application domain, the application environment is fully open, the highest risk is hacker attacks and backdoors, and the biggest hidden danger is api (application programming interface). according to statistics, more than 80% of hacker attacks and more than 90% of backdoors are implemented through api interfaces. the more api interfaces there are, the greater the vulnerability and backdoor hidden dangers.

in terms of circulation domain, the biggest hidden danger is the technical platform loopholes due to reliance on third-party platform support. he said that global data, important data, sensitive data and general data must not violate the will of the data owner, must not violate personal information protection laws, and must not harm national interests. the above principles are generally guaranteed by technical platforms. once loopholes occur, major data security incidents will occur.

the security risks of the "data triangle" are intertwined, and security protection supports each other and is indispensable. if we only defend in isolation, we will not be able to cope with the increasingly severe security challenges. qi xiangdong proposed that to ensure the security of the "data triangle", we need to start from five key aspects: strengthening the independently developed security product system, establishing an endogenous security system of in-depth defense, establishing a full-chain data security protection system, establishing an integrated security center for the "data triangle", and building a "three-level linkage" situational awareness command system, and carry out systematic network security construction.

source: beijing daily client

reporter: sun qiru