With the continuous development of electric power industry informatization, its internal information system becomes more and more complex. As the core and foundation of information system, database carries more and more key business information. At the same time, the national attention to information security has gradually deepened: on July 2, 2014, the National Energy Administration issued the Power Industry Network and Information Security Management Measures; On September 13, 2018, and national energy bureau issued "on strengthening the guidance of the electric power industry network security work opinion", comprehensive coverage of the network safety ", the electricity regulatory regulations and relevant laws and regulations requirements, to strengthen the key information infrastructure security protection, strengthen the electric power enterprise data security protection higher and stricter requirements are put forward.
After years of development, H Power Company has continuously strengthened the characteristics of informatization, automation and systematization by relying on modern operation and management capabilities. Based on the accelerating process of policy guidance and information digitalization, H Power Company needs more mandatory and controllable data protection.
On the one hand, H Power Company needs to continuously mine data value to support its own service quality, work efficiency and development needs; On the other hand, data should be safely and reasonably accessed and used between complex scenarios and systems.
Traditional security measures can not cross the gap
According to the opinions of the National Energy Administration on data security and the requirements of H Power Company on data security, H Power Company conducted a self-inspection and found the following deficiencies:
Inadequate management of sensitive data
With the continuous promotion of INFORMATION construction of H Power Company, a large number of important and sensitive data such as business transactions and user privacy are stored in core systems such as marketing, human resources, finance, assets, collaboration and integration.
H power company internal power scene data transmission and sharing common, although the current means of some data desensitization, but mainly with the method of the script or artificial desensitization, desensitization rules is not unified, resulting in desensitization inefficiencies, as well as the correlation between poor data quality, data after desensitization is destroyed and a series of problems, need through the study of the professional desensitization of sensitive data, Combination of use and protection.
Inadequate monitoring of risk behavior
H Power Company has a large scale of informatization, a complex system and a large number of personnel. It is difficult to timely detect and locate illegal operations such as unauthorized access, downloading or data tampering in daily work, which often causes problems to the prevention and investigation of internal data security incidents.
The database operation and maintenance management is insufficient
H a complex network of the electric power company, special operations, database is numerous, the operational zone, use the fortress machine to manage the operations staff, but this way of management on the data security protection there is a problem: operations staff does not press operation specification or database operations for given program operation, illegal export of sensitive data, database operation behavior without fine-grained audit records, etc.
Based on the current data security pain points and in-depth analysis of the current situation, H Power Company puts forward the following requirements:
- Deep integration with existing operation and maintenance management process, real-time monitoring of operation and maintenance personnel database operation;
- To achieve integration with the existing SPV, operation and maintenance personnel do not need to apply for database access separately, keeping the operation habits unchanged;
- Fine-grained operation and maintenance control can be implemented. The control objects can be libraries or tables, and can be accurate to columns. In addition to the traditional add, delete, modify, and query operations, you can also determine whether there are high-risk behaviors such as data theft and batch deletion based on the impact of access. The objects controlled include users, login IP addresses, time, and client tools.
- Provide user behavior audit to facilitate the timely discovery of risks and hidden dangers;
- Support dynamic data masking to prevent sensitive data leakage, query data automatically display signatures, prevent photos from being transmitted.
We can't get in without authorization we can't take it without permission we can't get rid of it
In view of the above problems faced by H Power Company, CloudQuery proposed that the goal of this project should be "not to enter without authorization, not to take away without permission, and not to deny data leakage".
According to the instructions of H Power Company on information security work, the protection requirements for data center data security should be strengthened. After in-depth research, the following construction ideas are sorted out:
Due to the complexity of H Power Company's data and different business data transfer channels, according to the classification and classification standards of data, desensitization and degradation of important data should be carried out in data sharing to ensure that data receivers will not make secondary diffusion of data content.
Database Security Control
CloudQuery is introduced to implement fine-grained defense and audit analysis on database access and other operations, so as to monitor and record a series of risk behaviors including illegal access, database violations, batch data export or tampering, and audit all data access behaviors. Then through data analysis technology combined with data operation audit typical strategy requirements, mining and early warning of risk behaviors, and after the occurrence of security incidents, accurate and efficient traceability and accountability.
Database operation and management
Establish the approval mechanism and technical measures for database operation and maintenance without affecting normal operation and maintenance. CloudQuery is used to restrict all operations involving sensitive data, strengthen the supervision of database operation and maintenance, prevent unauthorized operations in time, and make the actual operation and maintenance work consistent with the planned operation.
Divide key actions of data operation and maintenance operations, sort out those sensitive operations and forbid them by default. When there is a need for change, oM should be conducted in an orderly and safe manner by initiating the oM approval process and following the approval opinions of the approval team.
The four core modules solve the thorny problems in the power industry
In view of the system status quo of H Power Company, its database security control requirements and objectives, CloudQuery has developed a solution that meets the database security control objectives of H Power Company, giving full play to the value of the database security control platform in the enterprise.
CloudQuery as the integration of enterprise data security control platform, is the enterprise operating data entry, will organize (including application), data, security, integrated into a platform, to provide a series of data application tool auxiliary application and IT personnel to complete the relevant data processing and operation, and gradually cultivate the organization of digital process, the cooperation mechanism, Improve the organization's data awareness.
CloudQuery adopts a cloud-oriented distributed architecture based on service components and supports high availability mode to maintain the continuity of user use. For H Power Company, we mainly divide the platform into four core modules: data processing center, user control center, monitoring center and audit center.
Data processing center: extensive database support, centralized control of data
CloudQuery supports most mainstream databases and middleware at home and abroad. Currently, It supports Oracle, SQLServer, MySQL, PostgreSQL, Redis, Hbase, Dammon, RDS for MySQL, etc. In the future, it will support more kinds of databases and middleware data sources. Cover the main database data sources currently used by H Power company. At the same time, CloudQuery perfectly supports various database features, which fit the daily data operation habits of operators.
Use one platform to control all data operations, including login and logout, permissions, desensitization, audit, monitoring, filtering, rollback, etc. A series of built-in flow libraries can be connected to the existing oM management system through OpenAPI interfaces to realize data operation and authorization flow in the data center.
For the data desensitization requirements of H Power Company, CloudQuery adopts passive desensitization method, that is, the database content is not changed, but the query results are desensitized data. Desensitization in accordance with rules to process data, rules are divided into built-in and dynamic, built-in rules as long as users query data in line with the system internal definition of sensitive resources, will be processed; Dynamic rules are customized by the system administrator or the owner based on services, such as house numbers in orders. The system supports five kinds of desensitization mode Settings: replace, mask, encryption, encryption after truncation and invalid.
Desensitization can also be applied in the following scenarios:
- Export: as long as the exported data entry conforms to desensitization Settings, its content will be desensitized no matter what file format;
- Dump: The contents of the DUMPED SQL statements are desensitized.
User control center: fine-grained permission control. Unauthorized access requires approval
CloudQuery implements fine-grained permission control based on different requirements and dimensions for possible unauthorized access and illegal export:
- Operation rights: You can assign different rights to different data sources. The rights of the account that creates the connection are in the complete permission list and can be distributed downwards. Users who join the connection by default only have the select (query) rights.
- Limited-time limit: Data operations can be controlled within a limited-time limit by specifying the start date, time, and end date and time of permitted operations. Select the days that can be operated every week. Limit the number of records that a user can obtain in a natural cycle. The limit is cleared at the end of the cycle. The period can be flexibly configured (day, week, or month).
- Restrictions on high-risk operations: For core business systems, important operations of libraries and tables are critical, and random changes may bring disastrous impacts. Cloud Query defines them as "high-risk resources", and all change operations (DML and DDL) on them will generate work orders. High-risk operations, such as TRUNCate and DELETE, can also be set to high-risk operations. All high-risk operations require work orders to obtain short-term permissions and unlock operations.
- Data filtering: Database filtering, to some extent, enables users to multi-rent, that is, multiple users using the same database connection see different data "views", which greatly increases the flexibility of permissions.
- Restrictions on data export: Data can be exported in excel, CSV, TXT, and PDF formats, encrypted and watermarked, and in tables. The export of result sets is restricted by permissions and is disabled by default. If you need the export permission of a certain table, you can apply to the connection administrator in the process and export the table after approval. Export is also restricted by filtering and desensitization permissions. For example, when a user queries a result set, a certain column is desensitized, and the column is desensitized during export.
Audit center: record user behavior, risk operation can be traced
The CloudQuery audit system tracks all user operations on the platform, covering queries and changes in databases, processes, permissions, and more. Audit details include users, connections, libraries, operation objects, actions, summaries, time, results, and IP address sources. You can filter audit details by conditions and export them in Excel.
In addition to audit details, the system also supports business-oriented audit analysis, which can analyze multiple dimensions, such as UV, PV, database type, statement execution duration, slow query, and high-risk operations.
The audit driver provided by the application probe or Cloud Query can audit and analyze the data operation of the application. Compared with human-oriented operation audit, application data audit mainly analyzes data access of applications from the perspective of database administrator and security to find statements that violate audit rules. Each application contains an audit view. Mainly includes:
- Audit details include application ids, data sources, libraries, operation objects, actions, summaries, time, results, and IP address sources.
- Slow query: A collection of statements whose execution time continuously exceeds a threshold. The sampling window (minutes) can be set by the system.
- High-risk operations: Identify illegal operations on specific resources in applications.
- Invalid address: Identifies operations that do not match the database based on the IP source. For example, in the production environment, you can only generate application IP addresses, not test application IP addresses.
At the same time, application audit analyzes data based on SQL mode and supports the analysis of the following dimensions:
- Common hotspot table: Calculate the heat of each table based on the read and write times of each table in the database, and try to sort the top ten hot tables for display
- Top SQL applications: Displays the Top 20 SQL statements based on the number of statements executed by applications, facilitating SQL optimization such as index adjustment by DBAs
- Slow SQL applications: Slow SQL applications are listed based on the statement execution duration, facilitating SQL audit by DBA and other related personnel
Database Monitoring Center:
CloudQuery provides a centralized monitoring platform. The connection manager can view the workload of the database that he/she manages. For each data source, different monitoring indicators are available to facilitate troubleshooting and locating problems.
Application value of CloudQuery
You can't get in without authorization
Based on the fine-grained permission management and control system, CloudQuery accurately controls each user's access and operation rights through "user-role-permission", avoiding unauthorized access, downloading or data tampering that H Power Company might have faced previously.
Can't take it without permission
CloudQuery uses its original "lookup separation" as the last line of defense against data leakage, separating export actions into a separate permission type from query actions. Even if internal personnel of H Power Company obtain data maliciously, they cannot transfer the data to PC, let alone circulate it inside or outside the company.
Data breaches cannot be ignored
CloudQuery is the fourth security door in an enterprise. We buried many operations inside the platform to ensure that every action of the users of H Power Company can be traced and traceable. If a user executes malicious statements or misoperations, the user and the PC IP address can be located in time. At the same time, CloudQuery auxiliary alarm module monitors the operation risks of users in the current platform from different risk control perspectives, enabling H Power Company to quickly and accurately locate the responsible person after the occurrence of data leakage time and restore lost data in time.
As can be seen from the application of H Power Company, CloudQuery provides a full-link interference tracking protection mechanism based on the internal data flow throughout the entire life cycle of data login, use and logout. 1:1 For terminals of data sources, the system can intercept, analyze, audit, and alarm the SQL in real time, accurate to people and applications. Avoid the delay of traceability, avoid the installation of fortress client, avoid the comparison of audit records and videos, greatly improve the audit efficiency and user experience, so that the internal data operation of the enterprise is more smooth and secure.