Frost & Sullivan, in collaboration with LeadLeo Research, released the '2022 China Data Security Solutions Market Report'

Total word count: 3,155, reading time: 6 minutes

Before the introduction of the Data Security Law, there was no track within the security industry defined under the category of "data security." Various static and dynamic masking technologies, classified protection encryption, database sensitive data encryption, and other products were still separate and categorized within different types of security vendors, and neither the demand side nor the supply side paid much attention to them. After the issuance of the Data Security Law in 2021, "data security" was initially defined as: ensuring that data is effectively protected and used legally, as well as having the ability to maintain a continuous secure state through necessary measures.

Compared to traditional network security and emerging cloud security, "data security" is a loosely defined category boundary, driven by strong compliance requirements.

With the intensive implementation of policies and standards across various regions, a era of strong regulatory oversight for data security has arrived. Both data security vendors and related industry departments need to study and analyze various policies. By sorting out data security legislation and regulations related to each item, it is found that comprehensive focus is placed on the development of big data industries, the exploitation and utilization of data value, the circulation of data security, and the transaction of data ownership rights, while there are also many institutional innovations, supplemented with regional and industry-specific backgrounds.

The "Compliance Supervision Committee" and related specialists will gradually become important components of future company paradigms, along with data governance planning, becoming key drivers for data as an important production factor. From a long-term perspective, the formulation of new policies will also sink into industry applications, ensuring the monetization of data assets through security guarantees. When the data security industry matures, the industry application side will put forward new requirements for higher-level policies, forming a "double helix ascent" compliance construction path, guiding the entire industry to upgrade from compliance-driven to enterprise-native protection-driven "Data Security 2.0."

By sorting out data security-related policies from overseas countries, it is found that China's data security industry started development more than 20 years later than countries such as the United States, the United Kingdom, Germany, and France. However, in the legislative process of the new era of data, a rapid and comprehensive layout pattern is evident. It still requires in-depth reference to policies and strategic guidelines from various countries, combined with the development process of market demand, gradually shifting from a broad policy logic to an intensive administrative approach.

Compared to other regions' data security industries, China's data security industry scale grew from only half that of the United States in 2016 to $126 billion in 2021. As the first echelon of data security, China and the United States further widen the gap with the second echelon overseas. In the future, China and the United States will continue to lead the development of the data security track. American security vendors headquartered in California such as Proofpoint, McAfee, and Cisco are international competitors that Chinese data security vendors need to continuously compete against, especially in terms of market share overseas.

From the user profiles and market distribution of various data security fields, most data security-related orders come from industries such as government affairs (45%), finance (23%), and healthcare (20%), and users in different fields have different conditions and needs for data security system construction:

• Government Affairs IndustryTends towards the e-government centralized procurement model, with a large amount of sensitive data, but low IT capabilities and the need for customized end-to-end services from vendors. Various systems of provincial, municipal, and district-level governments and departments constitute the largest data security segmented market.

   

• Telecommunications IndustryPrimarily self-provided by the three major operators, supplemented by integration or strategic cooperation to bind security vendors for implementation. Strong company qualifications and customer relationships are required, and the overall market tends to be closed.

   

• Large Banks and Leading Joint-stock BanksEach has its own software development team and capabilities, with the ability to quickly develop and transform independently. Small and medium-sized financial institutions such as city commercial banks and rural commercial banks are important market spaces that require industry application templates and some end-to-end services from security vendors.

   

• Education IndustryExcept for sensitive data such as student status and grades, there is less in the education sector, and institutions have low data security budgets. The procurement model is mostly unified centralized procurement, with a wide and scattered customer base, and weak IT capabilities that require end-to-end services from vendors.

   

• Healthcare IndustryHighly dependent on end-to-end services provided by data security vendors, with very low IT reserves, and inclined towards transparent zero-code application implementation plans. Medical institutions purchase separately, usually packaged with overall software ISV solutions, with high bargaining power.

   

• Manufacturing IndustryWide-ranging scope, weak policy coverage depth, lack of guiding outlines, and slow implementation of data security.

From the current development status of various vendors, there are generally low product profit margins and some losses. However, from the perspective of the data security track, Frost & Sullivan has found that there are influencing factors such as economic downturn, low demand conversion rates, low transaction unit prices, and competitive exclusivity.

But in the long run, based on the development models of various vendors, there are opportunities such as "transforming chimneys/fences-based data security protection structures," "building an open ecosystem to comprehensively cover industry cases," and "emphasizing the long-term sustainable development of products/brands."

The analysis conclusions of this report on the comprehensive competitiveness of competing entities' data management solution products and services are only applicable to the development of the data security solution market at this stage. Frost & Sullivan will continue to monitor the data security market and capture competitive trends.

The growth index measures the competitiveness of competing entities in the growth dimension of data security solutions, including market growth capabilities and levels such as data security solution permission monitoring and auditing, solution compatibility, compliance level, company qualifications and service support, ecosystem construction, business scenario solution cases, etc.

The innovation index measures the competitiveness of competing entities in data security solutions, including innovative technologies or capabilities such as data lifecycle security, privacy computing, data classification and grading, data leakage prevention, data encryption and decryption, data masking, etc.

Frost & Sullivan, in collaboration with LeadLeo, screened 15 competitive entities among Chinese data solution vendors and recommended those selected for this report to readers. At the same time, based on nine first-level indicators including data lifecycle security risk solutions, privacy computing, data classification and grading and data leakage prevention, data encryption and decryption and data masking, monitoring and auditing, compatibility evaluation, company qualifications and service support capabilities, ecosystem construction level, and data security business scenario solutions, a multi-factor hierarchical evaluation of the market competitiveness of Chinese data security solution vendors is conducted.Based on the comprehensive scores of the "innovation index" and "growth index," Tencent Cloud, Alibaba Cloud, Meituan Technology, Anhui Jinhe, and others are ranked in the leadership echelon of the China data security solution market.

• Tencent Security

Tencent Security has the ability to manage, control, and respond to full lifecycle data security governance. It uses the T-Sec data security governance center to centrally manage cloud data and data assets, providing data security and governance solutions for enterprises in multiple industries including office, production, R&D, and operation environments. Tencent Security actively integrates Tencent Cloud's product ecosystem system and third-party service providers to create a consistent experience, creating simple and easy-to-use, one-stop cloud-native data security solutions for users.

• Alibaba Cloud

Alibaba Cloud's data security constructs a data-centric visual, manageable, and controllable security platform through the Data Security Center (DSC), providing a series of cloud data protection tools to create a closed-loop data security from perception, governance to protection for multi-industry users, and creating a flexible, self-built, and lightweight data security usage experience.

• Meituan Technology

Meituan Technology moves from data to security, with data classification and grading as its flagship product, providing users with advantages such as dark data discovery and transformation, intelligent data recognition engines, etc. At the same time, Meituan provides key technical services such as dynamic fingerprint, dynamic feature AI protection, and transparent encryption for customers through platforms such as security operation, security management, flow control, situational awareness, and operational security management, focusing on serving a wide range of customers in industries such as government affairs, healthcare, finance, education, energy, and ports.

• Anhui Jinhe

Anhui Jinhe focuses on data security, with data masking as its flagship product, providing users with automated, rule-based intelligent, and highly compatible adaptive intelligent dynamic and static data masking experiences. Anhui Jinhe provides compliance security and governance security solutions through three platforms of security collaboration, security operation, and security detection to meet the key needs of industries such as government, finance, healthcare, education, energy, etc.