With the theme of “new pattern, new concept, new security”, the 2022 Jingqi Network Security Conference hosted by JD Security was officially held a few days ago.
As an annual major event in the security industry, the conference gathered front-line scholars and security experts from China Academy of Information and Communications Technology, Tsinghua University, Hong Kong University of Science and Technology, JD.com, Tencent Group, ByteDance, Huawei, Baidu, Xiaomi, Qi Anxin, etc. Experts, under the new pattern of digital economy and digital-real integration, jointly discuss the development direction of the information security industry, and strive to promote the concept and ability of information security.
Cao Peng, Senior Vice President of JD Group and Chairman of the Group Technical Committee, said: “‘Security without borders’ is not an empty phrase. JD Security is willing to continue to work with industry partners to jointly build a cornerstone of security, apply cutting-edge technologies, and share security capabilities to serve users and enterprises. , Industry price protection escort.
Supply chain security risks are increasing, JD.com focuses on five elements to create a “zero trust security system”
The report of the 20th National Congress of the Communist Party of China emphasized that “it is necessary to speed up the construction of a network power and a digital China, accelerate the development of the digital economy, and promote the deep integration of the digital economy and the real economy.” Information security is an important part of national security and development strategies. Industrial value and social The value continues to be highlighted, and the challenges it faces continue to increase.
Geng Zhifeng, head of information security at JD.com, said that with the rapid development of the digital economy, information security risks are showing a trend of systematization and diversification. The higher the level of enterprise digitalization, the more exposed areas and the higher the security risk factor. In addition, the mass of enterprise employees multiplied by the mass of data and systems also increases the difficulty of information security authority control. In recent years, serious information leakage incidents in the industry have occurred from time to time, and the resulting economic losses have also increased year by year.
It should be noted that supply chain security has now become the core challenge faced by the information security system, and a single vulnerability attack from hackers is rapidly spreading to the upstream and downstream of the supply chain. According to Gartner’s forecast, by 2025, 45% of organizations worldwide will experience attacks on their software supply chains, a threefold increase from 2021.
In this context, “zero trust”, which represents a new generation of network security concepts, is considered by the industry to be a feasible framework for enterprises to deal with security risks in digital and intelligent transformation. In the face of sensitive resources, “zero trust” can build a solid protection surface in a very small area, and carefully screen each access to ensure that information resources are not used maliciously.
According to Geng Zhifeng, JD.com is committed to exploring a governance model with its own supply chain characteristics, and focusing on asset security, it has established five systems covering asset digitization, asset identity, diversified card points, diversified strategy centers, and zero trust cockpit. The core elements of the “zero trust security system”. Up to now, the “JD Zero Trust Security System” has gone through four stages of development: proof of concept, implementation, capability evolution, and capability maturity. It has gradually established a sound asset evaluation capability and produced successful practices in multiple business scenarios.
“Compliance is development” Information security construction needs to be integrated into business design
In recent years, my country has achieved fruitful results in the fields of network security and information and data security protection. Laws and regulations such as the “Network Security Law” and “Data Security Law” have been promulgated one after another, and the level of industry compliance has significantly improved.
During this period, JD.com has undergone three stages of concept transformation from “compliance as management” and “compliance as service” to today’s “compliance as development” in the construction of information security compliance. While building an information security moat, more Help the healthy development of business.
Geng Zhifeng said: “It is not advisable to talk about safety without business, and talk about technology without safety. It is good safety to promote business development.” For example, various companies often do some online activities to give back to old customers or attract new customers. The black and gray industry can take advantage of the opportunity to steal activity funds by taking advantage of product and business loopholes. As a result, the benefits cannot be given to real users, and it also increases the cost of “new introduction” for enterprises.
Therefore, information security protection needs to grasp these pain points and cooperate with the business to improve its security level. For example, improve the capabilities and coverage of security measures such as security gateways and multi-factor authentication, so that discounts can reach real users, promote user activity and growth, and make business activities more effective.
Based on the health and medical scenarios, Li Xin, vice president of JD Group and general manager of JD Health Technology Products Department, officially released the “JD Health Data Security White Paper” at the meeting, fully demonstrating JD Health’s construction of a big data life cycle security management system and security practices , to provide practical reference for the industry.
Gao Liqiang, vice president of JD Group, also said that as the powerful digital base of JD Group, JD Cloud carries hundreds of billions of orders from the JD platform, and the safe operation of shopping festivals such as 618 and 11.11 has become a solid backing to ensure the smooth operation of the business.
In response to the current wave of digital transformation, Wu Yunkun, President of Qi Anxin, and Ma Jie, Vice President of Baidu, also held wonderful discussions in the round table forum, providing many suggestions and references for the innovation of security concepts and digital transformation of enterprises.
“Travel fast alone, travel far together”, the successful holding of Jingqi Network Security Conference not only showed the industry JD.com’s innovative ideas and practices in the field of information security, but also strongly promoted the exchange and exploration of the industry, and helped the healthy development of information security ecology , to promote the accelerated arrival of the “new security era”.
This article is reproduced from: https://www.leiphone.com/category/industrynews/vSu0qV5sujTaV1A4.html
This site is only for collection, and the copyright belongs to the original author.