Is the spring of the information security market coming?

Today, more and more companies and individuals are paying attention to information security, and the information security market is also becoming more and more active. So, what new changes have emerged in the information security market in recent years? Whether it is the national level, the enterprise level or the individual level, has the information security market really come in the spring?

There are more and more aspects of the cyber security market.

With the establishment of the Central Cyber ​​Security and Informationization Leading Group, more and more enterprises and individuals have begun to attach importance to information security and the information security market has become more and more active. So, what new changes have emerged in the information security market in recent years? Whether it is the national level, the enterprise level or the individual level, has the information security market really come in the spring?

The most important thing

This year's CCTV "3.15" evening party mentioned the security risks of free WiFi, and many people exclaimed: They did not dare to connect to WiFi in public places.

The reporter believes that there are at least two things worth paying attention to. First, the issue of information security has become ubiquitous and involves everyone. Those invisible security threats are hidden in every person. Second, most people lack information security awareness and common sense, and they need to continue to nurture.

If we turn our attention to the enterprise, we will find that the same problem exists. What is even more worrying is that companies are an important part of society. If they are attacked by the Internet, their losses and consequences will be far greater than those of individuals. More importantly, the difference between companies and individuals is that the decision-makers, users, and consequences bearers of enterprises in information security are often different departments and roles, which makes it more difficult for enterprises to implement information security.

“This is what I often say about the misplaced information security work.” Pan Zhuting, chief strategy officer of Venusen, said that due to the prevalence of such non-compliance in the enterprise, it often leads to information security in the enterprise can not be implemented. Many security risks.

Pan Zhuting told reporters that at this year's national "two sessions", the National Committee of the Chinese People's Political Consultative Conference and VenusStar CEO Yan Wangjia submitted three proposals concerning cyber security, one of which was the proposal "to promote key infrastructure, sensitive sectors, government agencies, etc." Chief Information Security Officer System." This proposal is based on the idea of ​​strengthening the information security of enterprises and related organizations and implementing information security responsibilities.

Pan Zhuting believes that the establishment and implementation of the chief information security officer system is the first responsibility for enterprises to make clear their information security, and it must be clearly responsible to implement the work. Of course, as the chief information security officer, we should have more power in the enterprise and have more resources so that we can fully promote the information security of the enterprise and completely change the weak position of the information security department in the enterprise.

Supply chain transparency

With the increasing emphasis placed on information security by the state in recent years, another concept has been buoyed by its own control. In fact, information security and autonomous control are two concepts. The two have overlapped but do not completely overlap. However, it is undeniable that autonomous control can play an important role in promoting the development of domestic manufacturers.

However, the ensuing problem is that, on the one hand, some core technologies do not have the cruel reality in their hands, and on the other hand, they are self-controllable urgent needs, especially the information security market which is more sensitive to self-controllability. Where should we go? Do we have the ability to introduce fully domestically produced security products? With the above contradictions prevailing in the market, how can we guide the development of the information security industry?

In fact, in today's highly specialized and subdivided information security industry, many security companies can rely on a certain technology and expertise to gain the favor of the market. Looking overseas, emerging security vendors such as FireEye and Bit9 are relying on certain skills to achieve rapid growth. However, for users, information security should be a complete solution. Even some security products include multiple security technologies and include multiple vendor technologies.

"Such as a security gateway product, the use of anti-virus modules from other vendors is a normal thing. As a security company specializing in the medical industry, it is impossible to develop all the security technologies in a product, even if it is internationally top-notch. The security vendor is also impossible." Pan Zhuting said.

However, in the face of such reality, how should companies meet the requirements of autonomous and controllable? Many domestic manufacturers have adopted foreign core technologies or functional modules. Is it still self-controllable?

Therefore, Yan Wangjia also proposed a proposal to implement transparent supply chain registration in key infrastructure, sensitive departments, and government agencies. Pan Chuting explained that this proposal is entirely considered from the perspective of industrial development. If transparent supply chain registration can be achieved, it will have a positive impact on the development of the information security industry.

In fact, transparent supply chain registration is one of the pragmatic ways to resolve the contradiction between autonomous control and core technology that cannot be mastered by oneself. "We should allow the use of foreign core technologies, but where and how they are adopted, there should be a transparent and clear registration system. This will not only satisfy our basic needs of self-control and information security, but also eliminate the need for simplicity. The pursuit of self-controllability, and the other's technology as their own situation occurs." Pan Zhuting said.

At the same time, the transparency of the supply chain also has a role in promoting the security of open source products. "Open source products should also be transparent in the supply chain as a high-risk area. Take the example of the 'bleeding heart' loophole. If the supply chain is not transparent, users will not even know that they have used OpenSSL, and will not be patched if they are exposed. After a long period of crisis, it actually caused unnecessary losses to users, said Pan Zhuting.

At the same time, Pan Quanting believes that if the supply chain of the information security industry tends to be transparent, it may promote the development of domestic security vendors, especially those security companies that are in the upper reaches of the supply chain and hidden behind the scenes, letting more people know about them. Promote their development.

The breath of spring

It is undeniable that today's information security industry is rapidly changing and developing. Self-control is one of the external forces, but not all.

Pan Zhuting revealed to reporters that VenusStar and some major domestic security companies recently started to communicate more frequently and closely. It seems that a relatively loose "consortium" has formed. The exchange and collaboration between such security vendors is now on the security market. A new change.

The industry of information security requires that manufacturers not only possess professional skills and capabilities in a certain area, but also have the ability to integrate various technologies to provide users with comprehensive security products. Therefore, cooperation is inevitable.

Pan Chuting bluntly stated that the increase in communication and cooperation among manufacturers is definitely a good thing for the entire security industry. This kind of change may originate from the fact that the domestic security market is maturing on the one hand, and it also originates from the impact of outsiders such as Internet companies. “We actually welcome more manufacturers to participate in the information security market and promote the development of the information security market, but we hope this market can maintain stable and sustained growth.” Pan Zhuting said.

Pan Chuting also revealed to reporters that domestic security companies are now exploring overseas markets, but also because the domestic security market cake is not big enough. "Only if companies truly turn their current compliance needs into demand based on actual results, can the information security market produce a qualitative leap," said Pan.

In the spring, the reporter was delighted to see some welcome changes in the Chinese information security market and smelled the breath of spring. Of course, letting companies really focus on information security and act, not just to meet compliance requirements, strengthen national information security, and allow the information security market to develop rapidly, we still have a long way to go.