Shulou(Shulou.com)06/01 Report--

In 2019, database security issues have leapt to the top of the work content quadrant of CSO. It is not difficult to see that it is urgent for enterprises to build an in-depth security detection and defense system on the cloud, improve security incident response and disposal efficiency, and create a continuous and dynamic closed loop of security operation and management.

According to the cloud service trend research report released by LogicMonitor, 83% of the workload of all enterprises will be realized on the cloud in 2020, enterprises will continue to strengthen the construction and investment of cloud business, and more business and data will be stored on the cloud. Internet business innovation not only brings new opportunities, but also poses new challenges to enterprises. For example, the de-privacy of enterprise data and the management of data on the cloud. Therefore, the protection of data should not only be static protection, but should pay attention to the protection of mobile data. The protection of mobile data is faced with four major problems, namely: how many data assets are there? How to de-privacy? How to go back? How to divide the authority, how to separate and minimize the authority?

The damage caused by the large-scale security accident in 2019 alone is far more than we can imagine:

Nearly a week after more than 200 million Chinese job seekers' resumes were suspected of leaking, a database containing 202 million Chinese job seekers' resumes was leaked in what has been described as one of the biggest data exposures in China's history. Some government departments and hospitals and other public institutions in our country have been attacked by foreign hackers. In this attack, hacker organizations used blackmail viruses to launch mail attacks on the above institutions; lawbreakers used hacker technology to invade a popular game backstage system developed by a famous game enterprise, stealing a large amount of game virtual currency, worth about 8.8 million yuan. Due to improper operation, the operation and maintenance staff of a well-known Internet company deleted the company's core production system database, shutting down the company's business for dozens of hours, affecting millions of users, and the company's market value lost HK $1.2 billion overnight.

……

"rm-rf / *"

On the server of the Unix/linux system, although there is only a short line of code to delete the library, if it is not used properly, the result can be "instant destruction".

According to a survey conducted by the University of Texas in the United States, "only 6% of companies can survive data loss, 43% will shut down completely, and 51% will disappear within two years."

1. Data security issues

Usually, the data security risk comes from the enterprise intranet, which is for the purpose of illegally occupying network resources, system resources and data resources, making use of the weaknesses of business systems or assets on the cloud to maliciously invade and infiltrate, and then enhance permissions to illegally obtain data resources and implement behaviors such as data theft, data tampering, data download, dragging and deletion.

Common factors that can lead to data security risks are:

2. Safety of operation and maintenance

With the development of information technology, the continuous development of IT system in enterprises and institutions, the rapid expansion of network scale and the surge in the number of equipment, the focus of construction has gradually shifted from the construction of network platform to the stage of operation and maintenance characterized by deepening application and improving efficiency. IT system operation and maintenance and security management are gradually moving towards integration. The safe operation of the information system is directly related to the benefit of the enterprise. The construction of a strong IT operation and maintenance security management system is very important to the development of enterprise informatization, and puts forward higher requirements for the security of the operation and maintenance.

Data security management practice according to authoritative survey statistics, 57% of companies believe that databases are the most vulnerable assets for internal attacks. The security of the database refers to protecting the database from data leakage, change, or damage caused by illegal use. Whether the security measures are effective or not is the main technical index of the database system, we can regard the data security as a bucket, whether the whole protection system is solid or not depends on the deficiency.

Reviewing a number of major security incidents in recent years, it is found that almost all of these incidents are related to data security-whether it is data disclosure or blackmail virus that deletes and destroys data. enterprises need to monitor, defend and manage from many aspects at different stages of the data life cycle, and enterprises not only need to control threats from outside. At the same time, we should also prevent internal malicious employees, malicious behavior and data damage caused by various errors, and achieve rapid stop-loss, traceability and accurate investigation and evidence collection. Due to the comprehensive advent of the digital economy era, the business of enterprises is gradually driven by data, so the security protection of enterprise data will become an important cornerstone for the survival and development of enterprises.

Next, based on JD.com 's experience in data security management, we will summarize the practical methods of data security management at different stages of the data life cycle:

1. Establish a closed loop for data lifecycle security management.

At present, Internet business innovation has brought new risks, such as the de-privacy of data and the management of data on the cloud. Therefore, the protection of data should not only be static protection, but should pay attention to the protection of mobile data. JD.com Zhaopinyun put forward the defense in depth strategy based on his own many years of experience.

Initial safety insight

For the early warning in advance, we should find the threat and sort out the data, and find the potential attack threat of the database from the source of the hidden danger and the weakness of the database itself. In addition, it is necessary to classify different data, and classify the data according to different norms, big data protection guidelines, sensitivity and value to the enterprise's own business, and so on. Thus, different protection measures are taken for different types and importance of data. In this way, JD.com Zhaopinyun can help users protect and warn their data in advance more effectively and at a lower cost.

Data security is preventable and controllable

For external attacks, JD.com Zhilian Cloud monitors and protects the relevant access behavior by injecting features of SQL or noSQL, and uses virtual patches to protect the entire database from vulnerabilities. At the same time, the "attack" from within is emphasized. Because the human is the last executor of the operation and the user of the system, a large number of problems occur on the operator side-whether by misoperation or intentional attack. Therefore, JD.com Zhaopin Cloud has adopted the measures of database operation audit and permission approval to make the internal data controllable.

Build security soft armor

In the operation and maintenance management scenario, JD.com Zhaopin Cloud provides full-process audit and control measures "from landing to exit" through the operation and maintenance audit management platform, which can not only track, audit and record the operation behavior of operation and maintenance. it can also intercept malicious operations and misoperations in real time to fundamentally prevent the occurrence of the aforementioned major data security incidents.

Therefore, by building the above security line of defense, even if the data is lost or leaked, the attacker will not be able to get the real information, that is, he can't understand it, can't take it, and can't use it. As the enterprise is likely to analyze the data, or use it in the development and testing environment, it is necessary to desensitize the data in the third-party transmission and use. JD.com Zhaopin Cloud carries out random / partial replacement and mask processing of these data to ensure that the data will not be leaked when it leaves the database for other processing, and encrypts the data in the database with the national secret algorithm.

If the enterprise does receive a security attack, it is a top priority to respond quickly after the incident and analyze the responsibility afterwards. JD.com Zhaopin Cloud provides audit, traceability and analysis services for the operation of the entire database, ensuring that the source of the event is identified, the risk is identified, and the bug and faults in the business system are analyzed through the detailed database behavior log afterwards.

2. Typical scenario practice: how to build a database security moat

In recent years, more and more enterprises abandon the original self-built database and choose to buy cloud database as their data storage tool. What is a cloud database? Cloud database is a fully managed database optimized or deployed to the public cloud, which can achieve the advantages of on-demand payment, on-demand expansion, high service availability, high data reliability and so on. These advantages just solve the pain points of the traditional self-built database: low resource utilization, service level dependent on professional DBA personnel, high operation and maintenance costs and hardware procurement.

The beginning of 2020 has had a great impact on almost all industries in the world. However, there is one exception in the industry: affected by the epidemic, the flow of entertainment products such as games has repeatedly reached record highs. The influx of a large number of players into the game will make the server congested. Relying on the perfect backup mechanism of cloud database MongoDB and the ability to create instances based on backup, you can quickly realize the demand for data migration in regional application scenarios such as games. In view of the high cost of traditional database operation and maintenance, JD.com Zhaopin Cloud provides cloud hosts and MySQL cloud database products necessary for LAMP websites to facilitate enterprise users to deploy the website on JD.com Zhaopin Cloud. At the same time, monitoring backup, security protection and other auxiliary operation and maintenance capabilities and natural master / standby high availability architecture, so that users do not have to worry about cloud database operation and maintenance work, and focus on the development of the website.

At present, JD.com Zhilian Cloud is the only manufacturer in the market that offers cross-regional backup synchronization features to users free of charge to help customers build remote database disaster recovery centers. When the database in a certain region cannot provide services due to natural disasters and other irresistible factors, cross-region synchronous backup service can quickly build new cloud database services in different places to meet the needs of users for remote disaster recovery. In addition, the MFA (multi-factor authentication) feature of JD.com Zhaopin Cloud platform can be verified by verification code before users perform important operations such as deleting instances. The built-in operation audit feature of cloud database can audit and record users' behavior, help trace security incidents and quickly identify the root causes of problems.

At the same time, JD.com Zhaopin Cloud provides DTS (Data Transformation Service) free of charge to help users migrate data to the cloud quickly and efficiently. At present, it is supported to move users' source databases to JD.com Zhaopin cloud databases RDS and MongoDB. At the same time, in the process of data migration, the source database can provide normal external services, and users can check the progress of data migration at any time through the console, and verify the data after the migration to further ensure the integrity of the data on the cloud.

3. Typical scenario practice: operation and maintenance safety audit management and traceability

An excellent operation and maintenance management platform should not only catch dangerous operation and maintenance instructions in time, but also provide users with a simple and easy-to-use management mode, which can not only improve the efficiency of operation and maintenance, but also reduce the misoperation caused by the pressure of operation and maintenance management. so that the energy of safety management personnel and operation and maintenance personnel can be effectively released, and the cost of production and operation can be further reduced.

Browser compatibility

It provides Web access based on BBGUA S architecture, and only one browser is needed to access the target device. It supports mainstream browsers such as Chrome, FireFox, Edge, Safari and IE11.

Client compatibility

It can seamlessly adapt to third-party client tools, including RDP, SSH, SFTP, HTTP/HTTPS and other client tools, such as SecurCRT, putty, Xshell, Mstsc, Winscp, Xsftp, etc., without changing the operation habits of operators.

Cross-platform compatibility

JD.com Zhilian Cloud-OPS audit management platform has a cross-platform OPS behavior management capability, which can cover a variety of mainstream host operating systems, network devices and OPS protocols, including not limited to:

Protocol types-SSH, RDP, SFTP, HTTP, HTTPS, etc.

Operating system types-RedHat Linux, Windows, etc.

Above, I believe you have a more comprehensive understanding of data security, our technical experts also specifically provide you with an enterprise data security self-check Checklist!

Click [read] to compare the form to see if you have passed your data security.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.