规模化数据保护的自动化,第三部分
Part three of a series on how we provide powerful, automated, and scalable data privacy and security engineering capabilities at Airbnb
关于我们如何在Airbnb提供强大的、自动化的、可扩展的数据隐私和安全工程能力系列的第三部分
Elizabeth Nammour, Pinyao Guo, Jamie Chong, Wendy Jin
Elizabeth Nammour,Pinyao Guo, Jamie Chong,Wendy Jin
Introduction
简介
In Part 1 and Part 2 of our blog series, we gave an overview of the Data Protection Platform (DPP). We focused on how we built a global understanding of Airbnb’s data and its associated security and privacy risks. In this blog post, we will describe how we use this understanding to provide powerful and automated security and privacy engineering capabilities and empower data governance. In order to reduce risk across the entire Airbnb organization, we sought to address the following concerns:
在我们博客系列的第一部分和第二部分中,我们对数据保护平台(DPP)进行了概述。我们重点介绍了我们如何建立对Airbnb的数据及其相关安全和隐私风险的全球理解。在这篇博文中,我们将描述我们如何利用这种理解来提供强大的、自动化的安全和隐私工程能力,并授权数据治理。为了降低整个Airbnb组织的风险,我们试图解决以下问题。
- Accountability: Security and privacy compliance are not solely the responsibilities of security and privacy teams, but should be enabled across the Airbnb platform, development experience, product life cycles, and enterprise vendor solutions. As the volume of data grows and services become more complex, we need to hold the teams who control that data within Airbnb (“service owners”) accountable for the security and privacy of that data
- 问责制。安全和隐私合规不仅仅是安全和隐私团队的责任,而是应该在Airbnb平台、开发经验、产品生命周期和企业供应商解决方案中实现。随着数据量的增长和服务的复杂化,我们需要让Airbnb内部控制这些数据的团队("服务所有者")对这些数据的安全和隐私负责。
- Minimal overhead: While service owners share the responsibility of reducing risks, we want to ensure we can automate the bulk of the work and minimize their operational load
- 最小的开销。虽然服务所有者分担降低风险的责任,但我们要确保我们能将大部分工作自动化,并将他们的操作负担降到最低。
- Global alignment: Not everyone has exactly the same understanding of data classification and protection strategies. We aim to reach a consensus among security, privacy, legal, and service owners and provide a single source of truth for privacy and security annotations and actions
- 全球统...