November 28, South China's largest and largest network security conference
In recent years, large-scale data leakage incidents occur frequently at home and abroad. The state, enterprises and even individuals have increasingly strict requirements on network and information security, and have higher requirements for password technology. At the same time, the state has successively promulgated and implemented a series of laws and regulations, such as the network security law, the password law, the measures for network security review, and the measures for the construction and management of national government information projects, to standardize the application of passwords, and to promote the use and management of commercial passwords through the security evaluation of password applications.
At the public cloud security conference, Zou Chao, deputy director of security evaluation at Dinghyun Commercial Cryptography Evaluation Technology Co., Ltd., mentioned
In the process of applying traditional cryptographic technology, government and enterprise units already exist
At the level of cryptography, there are still many challenges in embedding cryptographic technology into cloud computing systems, including how to adapt to cloud systems, how to deploy hardware cryptographic modules, and the lack of supporting specifications and standards for the application of cryptographic technologies in cloud computing systems in the industry.
In order to overcome these problems and promote the application of cryptography in cloud scene better, Shenzhen Commercial Cryptography Industry Association, together with Tencent Security Cloud Ding Laboratory, set up Ding Yun password Application Joint Laboratory. The joint laboratory will focus on cloud cryptographic applications for forward-looking research, relying on Tencent security technology accumulation and scientific research capabilities in cloud data encryption. Give full play to Tencent cloud data security platform-to-end cloud data life-cycle security system advantages, to help government and enterprise units to build a simple and easy-to-use business system compliance cryptographic technology application architecture.
Taking the confidentiality and integrity protection of data storage as an example, the cryptographic machine scheme used in the previous compliant data storage encryption needs the password use unit to develop and transform the application system code twice to call the basic encryption and decryption power provided by the cipher machine. The implementation cost is high and the period is long.
Tencent security has done a lot of pre research on cloud encryption technology. It provides aspect oriented encryption technology through CASB component of cloud access security agent, and provides format encryption based on SM4 algorithm of national secret. The data is encrypted and stored in the database, so that the data is transmitted in ciphertext form from the application service to the database. Help the password users to meet the compliance requirements of the security evaluation of commercial password applications systematically.
Shenzhen Commercial Cryptography association has been committed to promoting the popularization of Commercial Cryptography and information security technology in Shenzhen, promoting the growth and progress of industry talents, promoting the combination of industry, University and research, and promoting the dissemination and application of commercial password and information technology knowledge. This time, it has joined hands with Tencent Security Cloud Ding laboratory to provide more simple and practical solutions for password applications in cloud scenarios. In the future, the joint laboratory will develop an integrated password protection system framework and design technical requirements, release the technical strength and industry experience of both sides for many years, carry out password standardization research around cloud computing scenarios, carry out best practices in cloud computing Cryptography Application Industry, create a cryptogram range and training platform, and cooperate in cloud computing Cryptography Application Innovation Research. We will further open up security capabilities and promote the standardization of cryptographic technology applications.
- THE END -
Reprint please indicate the source: Fast Technology