Nowadays, the digital economy has become a key force in reorganizing global factor resources, reshaping the global economic structure, and reconstructing global competitive advantages. The development of the data field is changing with each passing day, and there is no unified data element market construction model at home and abroad, so the organic combination of top-level design and practical exploration is particularly important.
Data management institutions in multiple provinces were inaugurated
It shows a similar development trend and adapts to local conditions
In March 2023, the "* Institutional Reform Plan" was issued, clearly proposing to establish a national data bureau, which was officially launched on October 25 after more than 7 months of preparation, responsible for coordinating and promoting the construction of data infrastructure systems, coordinating the integration, sharing, development and utilization of data resources, and coordinating the promotion of digital China, digital economy, digital society planning and construction and other functions.
Since the beginning of this year, a new round of institutional reform has been gradually implemented at the provincial level. According to security 419 statistics,As of January 23, 2024, data management institutions in 10 provinces have been inaugurated, including Jiangsu Provincial Data Bureau, Sichuan Provincial Data Bureau, Inner Mongolia Autonomous Region Government Service and Data Administration, Shanghai Municipal Data Bureau, Yunnan Provincial Data Bureau, Qinghai Provincial Data Bureau, Hebei Provincial Data and Government Service Bureau, Guangdong Provincial Government Service and Data Administration, Tianjin Municipal Data Bureau, and Fujian Provincial Data AdministrationThe data elementization market in all provinces and cities across the country has accelerated.
We found that most of the names of the provincial data management institutions that were intensively unveiled were the same as those of the National Data Bureau, which means that there will be a management department at the provincial level that is benchmarked against the national bureau. In addition, 3 provinces embed "government services" in the name of the institution, showing the emphasis on government management of data services. Further check the specifications and levels of data management institutions in different provinces, which echoes the "establishment of provincial-level data management institutions in combination with actual conditions" proposed in the reform plan.
According to public information, for example, the official websites of Jiangsu and Hebei institutions have followed the ** directly under the provincial government service management office (department level); Prior to this, Sichuan and Guangdong have established the Sichuan Provincial Big Data Center and the Guangdong Provincial Government Service Data Administration, both of which are directly subordinate to the provincial government; The specifications of the corresponding institutions in Yunnan and Qinghai are at the deputy department level; Shanghai is different from most provinces that are directly under the government or departmental management agencies, and its director is appointed by the Standing Committee of the Municipal People's Congress, etc.
According to the above-mentioned reform plan, the reform of local institutions will focus on reorganizing or adjusting and optimizing the institutional setup and responsibility allocation in key areas such as local finance, science and technology, and data management, and the reform tasks at the local level should be completed by the end of 2024. Industry insiders pointed out that it is foreseeable that a large number of provinces and cities will set up and adjust data management departments this year, and the overall development trend will be similar and adapted to local conditionsThere will not be a province or city that will not have a data management department in the future, but the way of doing so and the model of the institution may be different, and this should be encouraged.
Data infrastructure under consensus
Discover how to get your data to move securely
China's data element market and the development of the digital economy are entering a new stage, and with the help of institutional reform policies, the construction of infrastructure such as the data element system, the process of marketization, and how the data elements themselves promote the release of the value of thousands of industries have become the topics of greatest concern to all parties.
Data infrastructure is the key carrier for data to be available, flowing, and used well, so that data can be circulated safely and credibly to achieve efficient use of data. Combined with the three-year action plan of "data elements" issued by 17 departments including the National Data Bureau on January 4, and the release of the "Guiding Opinions on Strengthening Data Asset Management" issued by the Ministry of Finance on January 11, the data value level of the multiplier effect iteration has been launched, and the data security system that takes into account vitality and order is the basis and premise for the effective operation of the hundreds of millions of data element market. At present, all parties in the data security industry are actively exploring the layout.
Therefore, Security 419 Observation has sorted out the future trends of data security technology and market trends by all parties in the industry, and summarized several clear industry consensus points for the reference of security colleagues.
The construction of data security is oriented to the whole life cycle, and the process of circulation and utilization has become the top priority.
Qianxin believes that data elements leverage the trillion market, and the safe circulation of data has become a technological trend. The data element ecology requires a multi-level security and compliance guarantee system, of which the underlying layer is mainly the data element circulation infrastructure, such as trusted computing environment, transmission network, cloud platform, data platform, etc., and it is necessary to build a corresponding in-depth security defense system from the end (server, terminal host, etc.), network, cloud, data and other levels. The middle layer is mainly a data element circulation platform, such as a data sharing platform, an open platform, an authorized operation platform, a trading platform, and a data zone, which needs to be guaranteed by isolation and exchange, API security gateway, WAAP, data masking, data set protection, API protection, etc.; The top layer is the circulation of data elements, which needs to focus on data supply, circulation, and use, and need to match security technologies such as de-identification, hierarchical classification, data space, trusted computing, and data sandbox to ensure the security and compliance of the whole process in circulation.
Ruishu Information proposes that data security needs to rely on risk management and control throughout the life cycle. The traditional method of relying on manual data security risk assessment has been difficult to cope with the comprehensive protection of regulatory assessment and mobile data, and the data security of organizations increasingly needs to rely on risk management and control throughout the life cycle. From a horizontal point of view, the internal data security control of enterprises should be considered from multiple dimensions such as system construction, management system, technical support, and personnel quality. From a longitudinal point of view, the management and control of data security by enterprises should run through the entire life cycle of data, among which the process nodes of data production, collection, storage, exchange, and access are particularly important. In the new year, security vendors are expected to further implement products with richer security perspectives such as data risk assessment, risk monitoring and modeling, to help users clearly understand the data security status, and to coordinate and link data security response and disposal with security policies based on data risk assessment, and carry out continuous monitoring of risks, so as to achieve active defense against known risk exposures.
Ming Dynasty Wanda said that the bottleneck of data ownership confirmation and pricing for the data transaction process is increasingly relying on the support of a sound system. Data can only be valuable if it flows between supply and demand, and an important condition for the flow is to ensure that ownership and use rights are not transferred, and that appropriate transactions are obtained**. This requires the construction of a complete technical system around data collection, storage, use, transmission, sharing and exchange, and then combined with organizational management, external supervision, laws and regulations and other policies and systems to form a support system to ensure data flow.
Here we use:CCID ConsultantsAs a summary, the views in the "2024 Cybersecurity Industry Trend Insights" report summarize that with the listing of the National Data Bureau, a new round of data circulation and trading, data security protection and other markets will set off in the futureHow to realize the sharing, transaction and circulation of data, how to establish a cross-border data security protection mechanism for various industries, and how to carry out data security governance with the idea of continuous operation will become the focus of the future.
The data security strategy has been highly improved, and it is moving towards a system of integration of technology and governance.
Data security is not only a technical capability and implementation issue, but also a comprehensive system involving organization, process, and management. In the future, it is necessary to establish a sound data governance system and clarify data ownership, responsibilities and processes to ensure the effective implementation of data security technologies.
Ming Dynasty Wanda believes that data security governance has gradually become the cornerstone of the digital economy. With data as the core factor of production, data security has become a major issue related to economic and social development. Strengthening data security governance is not only a subjective need to achieve the goal of digital construction and the development of the digital economy, but also an objective requirement of national data security supervision. In order to further promote the sharing and openness of big data and fully release data dividends, in addition to strengthening data governance and deepening data development and utilization, how to scientifically and effectively carry out data security governance will gradually become the basic work of digital economy construction.
According to Commvault, data security will evolve into a collaborative effort across the enterprise. The rapid adoption of technology to meet business needs has led to an ever-expanding threat spectrum across a wide variety of assets, which can span various types of workloads, across multiple tenants, including hardware, virtual environments, software-defined systems, third-party controls, and SaaS space assets. It anticipates that organizations will consider following standard security frameworks such as NIST for cyber defenses, including identifying, protecting, detecting, responding to, and recovering from attacks if necessary. This will involve close collaboration between IT and security teams, and even between IT and the business. Interdepartmental collaboration also requires executive involvement, with business and IT leaders working together to discuss how security investments can advance the business, and top-down engagement and driving the implementation of security strategies.
A similar sentiment is reflected in IBM's Top 5 Trends for 2024, which is to shift the data conversation from IT to the C-suite; Digicert envisions 2024 for a team of cybersecurity experts, with the Chief Digital Trust Officer becoming a key player in the C-suite team.
The diversified application of privacy-preserving computing technology will inject new momentum into the establishment of data infrastructure.
As mentioned earlier, security in the process of circulation and utilization is the focus of data security in the new era, and it is also the premise of establishing a credible and secure data infrastructure. In the traditional security methods, it is difficult to protect the data in transaction and use, and privacy computing has attracted more and more attention and attention.
Liu Liehong, member of the Party Group of the National Development and Reform Commission, Secretary of the Party Group and Director of the National Data Bureau, pointed outTo promote the marketization and value of data elements, it is necessary to deepen research in four aspects: system construction, circulation and utilization, income distribution, and security governance. From the perspective of circulation and utilization, it is necessary to establish data infrastructure. In the traditional trading market, the flow and use of goods are often controlled through the exclusive possession of them. The cost of copying plaintext data tends to be close to zero, and once the transaction is made, the seller not only loses control of the data, but also bears security risks, which leads to the data holders "unwilling to circulate" and "dare not circulate". To promote data circulation, it is necessary to accelerate the construction of data infrastructure, establish a credible circulation system, and use multi-party secure computing, blockchain and other technologies to enable the supply side to effectively control the purpose, method and flow of data, so as to realize the "usable and invisible" and "controllable and measurable" data circulationEnsure data security, prevent the risk of leakage, and realize data management and control.
Hillstone Network Technology said that privacy computing will play a more important role in the future around the construction goal of digital ** and digital society. Privacy-preserving computing is not just a technology, it is a commitment to protect the privacy of individual and organizational data while allowing data to be securely processed and analyzed during the computational process. The core of privacy-preserving computing lies in the application of its diversified technologies, from data encryption to distributed computing, from differential privacy to homomorphic encryption, to secure multi-party computation and searchable encryption. Together, these technologies form a powerful protective barrier designed to keep data secure and private throughout its lifecycle, without sacrificing its availability and value. With the establishment of the National Data Bureau of China, the goal of building a digital society and the rapid growth of the digital economy indicates that privacy computing will play a more important role in the future. With the growth of market demand, more and more network security vendors are investing in this field to jointly promote the development and application of privacy-preserving computing technology.
According to Gartner, data processing, sharing and analyzing data with multiple parties in untrusted environments such as the public cloud has become fundamental to the success of organizations. Unlike common data-at-rest security controls, privacy-enhanced computing (PEC) can protect data in use. As a result, organizations can perform data processing and analytics activities that were previously not possible due to privacy or security concerns. According to Gartner**, 60% of large enterprise organizations will use at least one PEC technology to support analytics, business intelligence, and/or cloud computing applications by 2025.
The cloud will become the focus of data security, and security will be closely integrated with the cloud platform.
The "Guidelines for Building Digital Security Immunity" jointly compiled by the News and Publicity Center of the Ministry of Industry and Information Technology and Tencent SecurityIt is proposed that data element x security has become a new topic, and cloud data element is the focus. Cyber security threats will pose huge challenges to the flow of data, and even directly destroy the commercial value of data elements themselves, hindering their circulation and value-added. Therefore, it is foreseeable that data element x security will become an important issue in 2024. At the same time, with the construction of the industrial Internet, as well as the emergence of various industry clouds and government clouds, data to the cloud has become the general trend, enterprises will face data security problems, will form new security needs for the special environment of the cloud, in the procurement process of cloud security-related products, will also pay attention to the protection ability of cloud security products to cloud data, in the future, the cloud will become the focus of data security.
Qianxin said that cloud native security expands to the whole life cycle. As cloud computing strides towards "cloud native", massive data processing and other characteristics require the security protection system to be upgraded accordingly to provide effective security protection for the dynamically changing, complex and diverse operating environment. More and more cloud infrastructure is changing from virtual machines and virtual machines to containers, more and more security requirements are shifting from cloud-side security to cloud-native security, and the traditional state of separation of development, operation and maintenance, and security is shifting to DevSecOps system processes. The core of the full life cycle of cloud-native security services includes: establishing a cloud-native security system that shifts to the left of development; Provide cloud-native security protection capabilities for cloud-native infrastructure; Provide operational security protection capabilities that are deeply integrated with the cloud-native operating environment; Building an integrated security operation platform covering the development, testing, and operation phases is in several directions.
The development of the digital economy is in the ascendant
The data security industry is accelerating
It is undeniable that the development of the data element market is still facing arduous problems, and the basic system of data elements has not yet been fully clarified. In the course of a series of legislation, institutional reforms, and industry exploration and practice, the degree of protection of data rights and interests has changed from lenient to strict, and the data utilization mechanism has also been continuously innovated and improved.
Data security has undoubtedly become a major direction of market expectations. According to data from research institutions, since 2022, data security has ranked first in the number of financing in dozens of security fields in China, and in 2023, the number of data security financing in the global cybersecurity investment and financing market will still rank first. The task of the next stage is to promote the use of data elements to a greater extent while ensuring the value of security.
The development of the digital economy with data as the key element is in the ascendant, and we look forward to the joint exploration of all parties to achieve high-quality development and utilization of data and high-level security and benign interaction as soon as possible.