Data Security: Full Lifecycle Construction and Best Practices

Background – The Facebook data breach highlighted the massive impact of data leaks on company valuation and underscored the growing importance of privacy and data security across the industry.

Concepts – Privacy protection and data security are distinct. Privacy focuses on legal compliance (e.g., GDPR), while data security is a technical measure that must be integrated with network, system, and business security to achieve comprehensive protection.

Full‑Lifecycle Construction – A diagram (not reproduced) summarizes security measures across the data lifecycle, from collection to destruction. The article stresses that true “borderless” data security is currently unattainable, so a layered approach is required.

Data Collection – Session‑level traffic copying is a common cause of leaks. Protection starts with traffic security.

Traffic Protection – Site‑wide HTTPS is the baseline, but it must be correctly configured (avoid TLS 1.0/SSL 3.0, weak cipher suites, Heartbleed‑like bugs). HTTPS introduces secondary concerns such as CDN‑to‑origin encryption; Keyless CDN can mitigate the need to share private keys.

Business Security Attributes – Account compromise (credential stuffing, brute‑force) and web crawling can lead to massive data exposure. Proper authentication and anti‑scraping measures are essential.

UUID – Using UUIDs as an indirection layer hides direct user identifiers, reducing the risk of linking data back to individuals.

Authentication Model – Early‑stage authentication (login‑state verification) must be enforced throughout the stack. Lack of RPC‑level auth leads to privilege‑escalation vulnerabilities. The author references a separate article on next‑generation network isolation and access control.

Service‑Oriented Architecture – While not a security mechanism per se, serviceization forces data access through APIs, enabling better control, auditing, and isolation.

Internal Network Encryption – Leading companies encrypt intra‑IDC traffic (e.g., Google RPC, Amazon TLS). Private protocols without strong TLS are considered insufficient.

Database Auditing – Database firewalls and audit layers prevent bulk data extraction (SQL injection) and monitor privileged operations, protecting against insider threats.

Data Storage – Encryption is the core of storage security. Topics include HSM/KMS, structured data encryption, file‑level encryption, and encrypted file systems. Proper key management (rotation, storage in KMS) is emphasized.

Access and Operations – Role separation (development vs. operations, key holders vs. data operators) and principle of least privilege are critical. Bastion hosts, API‑based operation auditing, and tool‑chain data sanitization reduce insider risk.

Production‑to‑Test Data Transfer – Strict separation and mandatory sanitization/ anonymization are required when moving production data to test environments.

Backend Data Processing – Data warehouses (e.g., Hadoop, Redshift) need additional security layers: authorization, audit, data lineage, and encryption of both at‑rest and in‑transit data.

Anonymization Algorithms – Primarily a privacy measure, but also reduces impact of data leaks by limiting identifiable information.

Display and Usage – Sensitive fields should be masked or partially masked on UI; logs must capture any detail‑view actions. Watermarking (visible and invisible) helps trace leaked screenshots.

Security Boundary – The logical boundary between office and production networks is enforced with DLP, Zero‑Trust (BeyondCorp), role‑based access, MFA, and remote wipe capabilities.

Bastion Host – Used to prevent direct download of sensitive data, similar to VDI but with lower adoption barriers.

Sharing and Redistribution – Companies must balance openness with security, often adopting a “one‑stop data security service” model to protect downstream consumers.

Anti‑Crawling – Public pages and APIs must be protected against large‑scale scraping; rate‑limiting, CAPTCHAs, and behavior‑based risk models are recommended.

Authorization Review & Legal Clauses – Third‑party integrations should undergo automated and manual reviews, and be bound by strict contracts (e.g., GDPR‑style clauses).

Data Destruction – Secure deletion should focus on key revocation for encrypted data; overwriting is often impractical.

Data Boundary – Data governance must acknowledge implicit boundaries; without them, “data security” loses meaning.

Enterprise Internal & Ecosystem Building – Large enterprises may need to acquire or influence upstream/downstream partners to enforce security standards across the ecosystem.

ROI and Construction Order – For smaller firms, prioritize basics (account, permission, logging, masking, encryption) before advanced measures; assess ROI to guide incremental adoption.

Foundations – Unified infrastructure and application architecture amplify the effectiveness of security controls.

Log Collection & Data Risk Control – Logs are essential for risk modeling; BeyondCorp and service‑oriented designs simplify log aggregation.

Author & Team Introduction – The article is authored by Zhao Yan, Senior Director of Security at Meituan‑Dianping, with a team experienced in large‑scale IDC security, CVE research, and conference speaking.

Coming Soon – Upcoming articles on large‑scale intrusion perception, enterprise security governance, and GDPR compliance.

Recruitment Notice – Meituan‑Dianping Security Department is hiring for Web/Binary offense, backend/system development, and ML/algorithm positions (contact email provided).