Data Security Governance: Concepts, Goals, Tools, and Practices
This article explains data security fundamentals, the full data lifecycle, the 4A/5A security model, trust‑level goals, and a comprehensive tool framework covering identity authentication, permission control, asset protection, and governance strategies to protect data throughout its lifecycle.
In recent years, data technology has driven the growth of the data economy, elevating "data security" to a national security priority. Companies and governments are investing heavily in data governance, storage, protection, and encryption.
Security Concepts : Data security ensures that all operations from data collection to destruction comply with legal and corporate regulations, covering the entire data lifecycle and the 4A/5A theory (identity authentication, authorization, access control, and asset protection).
Data Lifecycle includes collection, transmission, storage, processing, exchange, governance, application, and destruction, each requiring specific security controls.
Security Goals follow a three‑stage trust model: untrusted external network, untrusted internal network, and zero‑trust, defining increasingly strict access boundaries.
Tool Framework :
Identity Authentication – design of natural‑person, organization, role, and application accounts; multi‑SSO for employees, partners, and external users.
Permission Control – evolution from ACL to RBAC to ABAC, with a TRFAC model describing object‑resource‑condition‑action permissions.
Asset Protection – pre‑preventive (off‑boarding platform, sensitive data identification, masking), in‑process monitoring (risk rules for high‑risk users/behaviors), and post‑audit (log analysis).
Comprehensive Practice integrates the above layers across the data pipeline, from workspace/project group structures in the processing layer to multi‑level organizational hierarchies in the application layer.
Security Governance involves three steps: standard legislation, tool support (permission services, workflow, audit, data circulation), and third‑party operation, with strategies for data sharing (platform‑centric vs. business‑centric) and continuous improvement through SOPs and user education.
The presentation concludes with a Q&A covering data security grading, asset protection vs. management, and real‑time BI masking.
DataFunSummit
Official account of the DataFun community, dedicated to sharing big data and AI industry summit news and speaker talks, with regular downloadable resource packs.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.