How Huolala Built a Robust Big Data Security Framework: Lessons & Practices

Background and Challenges

Huolala operates a city‑wide freight information service platform with multiple vehicle types, offering on‑demand dispatch, corporate billing, long‑distance logistics, and vehicle leasing. The company runs more than six business lines and a hybrid multi‑cloud data platform spanning Alibaba Cloud, Huawei Cloud, and private data centers. Rapid growth has led to large volumes of data, creating complex data governance and security demands.

Why Implement Big Data Security?

Data assets must be protected to comply with personal information protection laws, cybersecurity regulations, and national data security policies. The diversity of data types, massive scale, and wide attack surface require a comprehensive, lifecycle‑wide security approach.

Big Data Security Framework

The security framework is organized around four pillars: establishing an organization, defining standards, building capabilities, and enforcing governance. It covers the entire data lifecycle—collection, transmission, storage, processing, exchange, and destruction.

Security Standards and Data Classification

Huolala adopts a sensitivity classification scheme (C1–C4) inspired by the financial data security guideline JR/T 0197‑2020:

C1 (Public Data): Already released publicly, no impact on the company.

C2 (Restricted Data): Not for external release but freely accessible internally; leakage causes no direct harm.

C3 (Commercial Secret): Proprietary information; leakage significantly harms business.

C4 (Core Secret): Highest protection; leakage could cause major legal or commercial loss.

Classification is applied to database tables, reports, and metrics. Table classification relies primarily on algorithmic scoring with manual adjustments; reports and metrics are manually classified and require administrator approval.

Capability Building

Data warehouse tables support full‑lifecycle permission management, including column‑level fine‑grained access control. The process involves table creation, field definition, permission request, and enforcement at database, table, and column levels. Report security includes cloud‑desktop development, unified entry points, and a permission management system that tracks sensitivity, access rights, and metadata.

High‑sensitivity data (C3/C4) are stored in encrypted, isolated spaces, with strict decryption approval workflows and download limits. Both batch and real‑time pipelines apply encryption and masking as needed.

Governance

Huolala conducts department‑by‑department governance audits, ensuring every data asset has an owner and a sensitivity label. Report ownership and sensitivity coverage have been increased, unnecessary privileged access has been reclaimed, and cross‑department permissions have been batch‑revoked. High‑sensitivity data are fully encrypted or migrated to dedicated secure domains, with masking functions replacing direct decryption.

Disaster recovery is reinforced by a self‑developed backup system that replicates critical warehouse data to remote sites, mitigating risks such as accidental deletion or cloud‑facility failures.

Summary and Future Outlook

The implemented security framework spans the entire data lifecycle, combining standards, capabilities, and governance to prevent data leaks, protect assets, and meet regulatory requirements. Huolala plans to further mature its security capabilities, enhance attack‑defense mechanisms, and expand product features to support a fully online operation model.