“This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!”
In terms of user circle selection there’s a lot of user information involved, so if you’re a user you might be worried, is my information going to get leaked, is it going to be used for bad things? Especially in the current era of big data, a company may have intimate information about many people in the country or even the world, including your basic information, your words and even your movements. If companies don’t do a good job of data security, and let this information get into the wrong hands, it can have very dangerous consequences. Not only the reputation of their own enterprises will be damaged, but also the rights and interests of users will be damaged. The use of these data may also endanger the security of society or even the country. Therefore, to do a good job in data security work is not only technical, but also the focus of the company management, need a series of system processes and technical means to ensure data security. Next, let’s talk about some things about data security.
Data security issues
Our big data system includes all kinds of data. From the beginning of data production, a large amount of data flows into our big data platform for processing and utilization. Naturally, big data has brought a lot of profits to many companies, provided users with a lot of convenient services, and created a lot of value for the society. However, it is accompanied by a variety of data security issues. Here, let’s first take a look at the big data system, or our company will exist in what kind of data security problems.
1. Hardware security
The first is hardware security. For example, our hard disk, memory, CPU, etc., although the use cycle of hardware is very long, but these facilities will still have failure for a long time to use, especially in big data, the number of servers is large, large companies or cloud service providers often have thousands of servers. In addition to its own faults, it may also be affected by natural disasters and man-made damage. If a large area of hardware problems occur, our service may suffer problems.
2. Platform security
Platform security is mainly refers to our big data platform, which USES many tools, although these internal use of the platform tools after many experienced developers to develop and use, but still hard to avoid has some defects or cracks, and when encounter some attacks, may cause data breaches in some links.
3. Service security
The third is security when providing services. The big data platform, of course, is not just there. We use the big data platform to build capacity within the company, so that we can use that data to provide services externally, both for our users and for our internal services, such as the circle of people system that we talked about last time. For these services, there are more security risks, because these services have a lot of exposed addresses, ports and other access methods, if there are some high-risk vulnerabilities may be used by criminals.
4. process security
The above three can be said to be based on the security of the data hosting place, whether the server or the big data platform, the data is stored and transferred on it, if they have security problems, of course, the data is not immune.
But in our daily work, the data is not just stored here, but there will be a lot of people using the data. Whether data analysts by big data platform is analyzed, and data mining students transferring data to the GPU operations on the machine, is using the data of the normal process, but in the process, data security problem is very notable, otherwise the data after several copy after transfer, how many data flow out, Whether or not important data was leaked is not clear.
Technical solutions for data security
As you can see, in our company, faced with a lot of data security problems, so we must take strict precautions, so in general, what kind of technical solutions to solve data security problems?
1. Security classification
First, we can classify the security level of data, for example:
-
The user’s true information is of the highest security level
-
The user’s information is of the next highest level
-
The user’s behavior information is of general classification
-
Public information is the lowest level of secrecy
According to the formulated data security level, different processing schemes are given in different links. For example, in data storage, more security hardware facilities are added to the data of high security level. More stringent in the audit of permissions and so on.
With a relatively clear security level, it is also convenient to monitor the data security problems. Once the data non-compliant data transmission occurs, it is convenient to confirm the risk. Without a clear level of security, consistent management of all the data in our big data will waste a lot of resources, and it will be difficult to confirm what to do when problems occur.
2. Permission authentication
In the big data system, there will be many links and tools involved in data storage and application, at the same time, there are many systems in the company involved in the use of these data. At the company level and unified standard, a set of permissions certification to the data of different security levels, and to use take the unified rights management, use, whether it’s for personal use or system can access the authority certification system, both to save data transfer all kinds of complicated application and approval procedures, and application of the data. In big data tools, there is a general privilege authentication solution: Kerberos, which provides the privilege authentication service for many of the big data tools we mentioned earlier.
3. Resource isolation
In terms of resource isolation, a multi-tenant solution is usually adopted, that is, multiple sets of architecture services are built on a set of hardware for data of different security levels. For example, for big data, a separate HBase is used for data of high security levels, and another HBase is used for data of low security levels. In this way, when the operation is separated, but also convenient for the monitoring of data.
4. Data encryption
Data encryption is easy to understand and has been around for a long time. In simple terms, encryption technology is to process the original data into unreadable or meaningless data through some transformation algorithm, and only the encrypted person knows how to restore the encrypted data.
In the ancient city of Pingyao, where the Rishengchang bill is the first bank in China, they have already adopted encryption technology for their bills, such as replacing 1 to 12 months with the words “Beware of counterfeit bills, don’t forget to read the book seal”.
For data of different security levels, we can adopt different levels of encryption technology, and at the same time, there are different encryption schemes in data transmission and storage. Encryption technology is a very broad course, modern cryptography is generally divided into symmetric encryption and asymmetric encryption, if you are interested in this aspect of students can learn cryptography.
5. Back up data
Data backup is to prevent large network problems, data loss, man-made damage, natural disasters and other unexpected problems. Different backup policies can be adopted for data of different security levels. For example, real-time multi-storage is adopted for data of high security levels, and periodic backup is performed for data of low security levels.
6. Data desensitization
Data desensitization is generally carried out on the data monitoring link. Data with a high security level can be considered as sensitive data, such as the user’s name and mobile phone number. However, during data transmission or use, the data is often mixed with other parts. In the process of monitoring the flow of data, if sensitive data is found to be involved, the data can be replaced or hidden to prevent the leakage of sensitive data. Such schemes are generally taken when data is opened to the outside world.
7. Share the watermark
For the security problem of data sharing, besides desensitization, watermark technology can also be used. Whether it is the internal visualization platform, or the resources such as files, pictures or PPT that can be shared, watermark is added to mark. In some companies to share information, you often see some visible watermark mark, of course, for data can also add some hidden watermark, to achieve the role of security protection. Although watermark technology can not prevent data leakage, but can trace the responsible person through watermark, which is an afterthought method.
In addition to the technical means mentioned here, when the company is faced with data security problems, it also needs to cooperate with management means to establish a relatively complete data security management mechanism, publicize and educate the personnel in the company, and improve their awareness of prevention. And in the data production, data storage, data transmission, data application and other links of pre-guarantee, monitoring, tracking after the event.
How can individuals pay attention to privacy protection
Although companies usually pay attention to data security issues internally, there are inevitably some problems that lead to data leakage into the wrong hands. As we often see in the news, in 2014 the 12306.cn traveler information leak; 2016 12 GB user information leakage; In 2018, 500 million pieces of data were sold. This kind of news is coming out all the time, and I don’t think it will be completely avoided for some time to come. It is almost impossible for individuals not to use products related to big data in this era, so how can they pay attention to protecting their privacy?
1. Don’t use apps whose origin is unknown
As for the apps produced by regular companies, they are subject to strict supervision and generally pay attention to the problem of data security. At least, they will not actively sell your information, and once you cause losses due to their problems, they need to bear the corresponding compensation. However, there are a lot of apps and some sharing links for the purpose of collecting your information for sale, such apps are generally released through the personal way, there is no clear company name, usually when downloading should pay attention to distinguish.
2. Use different passwords for different apps
For example, I might classify apps into financial ones, such as Alipay, wechat and banking apps, which are directly related to my fund account. I should set complex and different passwords for these apps, and use encryption measures such as fingerprint unlocking.
For apps where I may have to pay or post information, such as Zhihu and Douban, the password can be relatively weak.
The last level is purely browsing apps, such as Douyin and iQiyi, where I just look at the things on the page. For these apps, I basically use the same password. Even if stolen, I wouldn’t lose anything.
3. Release information to avoid privacy
In the age of big data, it’s easy to post all kinds of information on your own, but what you post can be damaging if you’re not careful. For example, you won the lottery, the lottery was posted on the Internet by others falsely claimed; Or if you post something online with identifying information, like a photo of your ID card, it could be used by someone to sign up for an App or take out a loan. So be careful about Posting information that will be related to you in some way.
4. Don’t get cheap
And last but not least, don’t get cheap. All the purpose of stealing data is to seek benefits from you, such as sending you a message to give something away through your order information, or telling you that you won the lottery, etc., to attract your attention, so that you fall into his trap. Now many companies that use big data have relatively strict verification systems. If you do not actively cooperate and only use your information, it will be difficult for criminals to use your information to make profits. Therefore, we must pay attention not to be greedy for small and cheap, and be vigilant for all kinds of things sent to our door.
conclusion
Here, we mainly discuss the issue of data security and data security issues have some what kind of technical solutions. Although the big data system is very good and brings a lot of convenience to our life, it also brings huge security threats. Whether the company building the big data system or the individual who accepts the benefits of big data, all need to have a clear understanding of the data security problem, and make preparations and countermeasures. Finally, I also based on their own experience about how some personal attention to privacy protection method, though the personal data in large data security in a passive position, but some necessary measures, and pay attention to don’t showed, still can reduce the risk to lower status, hope to have some help to you.