Mobile Internet Security
Mobile Internet Security
Background and Demands:
In the background of the information age, the mobile Internet has developed rapidly, and mobile applications have stepped into the national era. At the same time, the State vigorously promotes the innovation driven development strategy, and mobile applications are widely used in all walks of life. As people are more and more dependent on the mobile Internet, the security problems of mobile applications are becoming more and more obvious, which not only restrict the healthy development of the mobile Internet to a large extent and but also bring great harm to the social public's study, life and work such as disclosure of enterprise internal data or privacy information, malicious theft of sensitive data, loss of user volume or economic property.
Based on the "one center, three layers of defense" idea in the Classified Protection of Cybersecurity, a mobile application security management center should be set up to carry out the mobile application security trend prediction and situational awareness by reasonably constructing the three-dimensional active early warning and defense capability through intelligent analysis, with the integration of “cloud-management-terminal" data by virtue of the big data technology, to form three layers of defense, namely detection, reinforcement and protection. Through the full-life defense and guarantee system of mobile applications, the "centralized security protection", "centralized security management and control" and "centralized security operation" of mobile applications form a closed-loop of data through the "cloud-management-terminal" scheme to promote the improvement of the security level and management level of mobile applications in the form of rolling evolution.
Realization of the Scheme:
The security management center operates based on the laws and regulations like the Cybersecurity Law of the People's Republic of China, and the security requirements of the Classified Protection of Cybersecurity, and it achieves the functions like mobile application security, data collection, threat modeling, analysis and presentation through the functional layer, the data layer and the analysis layer progressively. The functional layer achieves the security detection and protection of mobile applications, the data layer achieves data collecting and cleaning, and the analysis layer establishes an appropriate threat model through data integration and analysis and data modeling, to analyze the business violation and mobile application security status, and the presentation layer presents the overall security situation of mobile applications in forms of various atatement and reports, thus achieving the final goal of being "trusted, controllable and manageable" in terms of the security of mobile applications.
Centralized security protection
To implement the "secure and trusted computing technology" requirements; realize the centralized security protection of mobile applications; and master the "active defense and comprehensive protection" security capability
Centralized security management and control
To build the "cracking-down, prevention, management and control" integrated network security defense system to improve the overall security defense capability of mobile applications, and realize the centralized identity security and data security management and control capability of the same
Centralize secure operation
To change passive protection into active defense, change static protection into dynamic perception, change single point protection into overall prevention and control, and change extensive protection into precise protection, so as to realize the centralized operation and management capabilities of mobile applications, including security operation, security compliance, threat warning, security audit, and other secure operation capabilities..
Successful case: China Sports Lottery