How Huolala Built a Robust Big Data Security Framework: Lessons and Practices

Background and Challenges

Huolala is an internet logistics platform offering city‑to‑city freight, zero‑load logistics, and vehicle rental services, with more than six business lines. Its big‑data environment spans three IDC sites across Alibaba Cloud, Huawei Cloud, and self‑built data centers, representing a medium‑scale but rapidly growing infrastructure.

Data has become a core production factor in the digital economy, and recent national data‑security regulations have elevated data protection to a strategic level. As a data‑intensive company, Huolala faces challenges such as massive data volume, diverse usage scenarios, complex governance, and a broad attack surface.

Why Build Big Data Security?

Compliance with laws such as the Personal Information Protection Law, Cybersecurity Law, and Data Security Law, as well as the need to protect valuable data assets, drives the need for a robust security framework.

Big Data Security System

The security system is organized around four pillars: establishing an organization, defining standards, building capabilities, and implementing governance. It protects the entire data lifecycle—collection, transmission, storage, processing, exchange, and destruction.

Big Data Security Specifications

Data is classified into four levels, referencing the financial data security classification guide (JR/T 0197‑2020):

C1 (Public): data released through official channels, no impact on the company.

C2 (Limited): internal data with minimal leakage impact.

C3 (Commercial Secret): proprietary data whose leakage would significantly affect business.

C4 (Core Secret): highest‑sensitivity data whose leakage could cause major legal or commercial loss.

Classification is applied to tables, reports, and metrics. Table classification combines algorithmic ranking with manual review; report classification involves developer rating and administrator approval; metric classification follows a similar workflow.

High‑sensitivity data (C3/C4) follows strict storage and usage rules: encrypted storage, isolated plaintext zones, controlled de‑identification, approval‑based decryption, and limited download quotas.

Big Data Security Capability Building

Data‑warehouse table security supports full‑lifecycle permission management with column‑level fine‑grained authorization. The workflow includes table creation, field definition, permission request, and enforcement at database, table, and column levels.

Report security uses a cloud‑desktop environment for unified access, with a permission management system covering sensitivity rating, access control, and metadata.

High‑sensitivity data encryption and masking are applied during both offline and real‑time ingestion, with separate encrypted storage spaces and strict approval processes.

A self‑developed backup system provides cross‑region disaster recovery for critical raw and result data, enhancing resilience against hardware failures and human errors.

Big Data Security Governance

Governance is performed department‑by‑department, ensuring each data asset has an owner and sensitivity label. Coverage of report ownership and sensitivity has improved, with unnecessary permissions reclaimed and cross‑departmental permissions batch‑revoked.

All high‑sensitivity data is fully encrypted or migrated to isolated domains, de‑identification functions are promoted, and non‑R&D personnel have their data‑engineering permissions revoked.

Summary and Reflections

Huolala has established a comprehensive data‑lifecycle security framework that combines standards, capabilities, and governance to prevent data leaks, protect assets, and meet national regulations. Security investment is balanced with business growth, recognizing that security precedes any business operation.

Future plans include raising security maturity to a high level, strengthening attack‑defense capabilities, and enhancing product features to transition more services online.