Design and Practice of Big Data Platform Security: Insights from 360’s Data Center Technical Director

Introduction In the era of ubiquitous big data, data security has become a pressing concern for enterprises that often react only after breaches occur. 360’s Big Data Center Technical Director Xu Hao was interviewed to explore the design and practice of big data platform security.

Key Security Risks and Challenges Xu identifies three major risk areas: regulatory and process compliance —the rapid evolution of cloud and big data technologies demands up‑to‑date legal and procedural safeguards; system construction —early‑stage systems frequently deprioritize security, leading to data exposure; and managerial awareness —executives may recognize data security conceptually but fail to implement comprehensive controls.

Regulatory & Process : Ensuring systematic, timely compliance with evolving data protection laws.

System Construction : Integrating security from the start to avoid costly retrofits and data leakage.

Managerial Cognition : Moving beyond mere awareness to concrete, organization‑wide security measures.

Formulating Effective Data Security Governance Xu proposes a three‑pillar framework: platform capabilities , privacy management , and regulatory processes . This approach aims to make data usage safer while unlocking its value.

360’s Security Capability Building The team faced difficulties in both normative governance —standardizing security procedures—and system governance —integrating security into an existing, mature platform. Solutions included:

Service‑oriented redesign centered on data assets.

Full‑lifecycle security for data, ensuring coverage from ingestion to deletion.

Extending the permission model to a “resource + operation” paradigm, unifying menus, pages, tables, tasks, and topology as resources.

Platform‑Level Safeguards Four dimensions were highlighted: platform‑level access control, data‑level protection, risk prevention & audit, and clear processes for data sharing and public release.

Data Sharing and Watermarking To mitigate unauthorized copying, pure‑text digital watermarking is employed, enabling fine‑grained traceability of leaked data.

Permission System Evolution The legacy permission system, limited to functional authorization, was expanded to support granular data‑level controls across multiple dimensions, becoming a unified “one‑stop permission control center.”

Cloud Security Considerations (Q4) Xu advises enterprises to evaluate cloud adoption goals, choose appropriate cloud models (public, private, hybrid), implement robust backup strategies (multi‑cloud, off‑site), and negotiate comprehensive service agreements to ensure responsiveness and liability coverage.

Conclusion Data security must be embedded throughout the data lifecycle, combining platform capabilities, privacy governance, and regulatory compliance to protect assets while enabling effective data utilization.