Community Blog Alibaba Cloud Sensitive Data Discovery and Protection

Alibaba Cloud Sensitive Data Discovery and Protection

This article is a detailed description about sensitive data discovery and protection by Alibaba Cloud.

By Prashant Mishra, CEO and Founder of Click2Cloud Inc. and Alibaba Cloud MVP

Data Security and risk executives are facing a new challenge as organizations look to expand their data footprint on the cloud. The challenge is discovering sensitive data on the cloud.

Many executives are concerned about storing sensitive data on the cloud due to security concerns. In a survey, 80% of respondents said they store sensitive data on the cloud.

Consequently, many CIOs and CTOs are always searching for ways to discover and protect sensitive data on the cloud and what makes a good data discovery tool. You will find all the answers with Alibaba Cloud Sensitive Data Discovery and Protection.

Alibaba Cloud Data Security Center offers features, such as sensitive data detection and de-identification. Companies can comply with regulatory requirements in the realm of personal information and security audits in cloud computing, as specified in the Baseline for Classified Protection of Cybersecurity 2.0. Data Security Center offers a comprehensive data security solution including these features.

It is important to remember that your data assets have sensitive data in various forms, including high-level information about customers, technical documents, and personal details. Your business can suffer serious economic and brand losses if sensitive data is leaked.

By analyzing predefined key fields of sensitive data, Data Security Center scans MaxCompute, Object Storage Service (OSS), self-managed databases, and Alibaba Cloud database services, such as ApsaraDB RDS, DRDS, PolarDB, OceanBase, and Tablestore. Depending on how many times sensitive data hits the rules, Data Security Center determines whether the data is sensitive or not.

Let’s look at some of the key features of Sensitive Data Discovery and Protection:

  1. Monitoring, management, and audits of data security compliance throughout the entire process
  2. Data detection for sensitive information
  3. Defining sensitive data
  4. Security policy contribution

Fig: Key Features of SDDP

Data can be discovered, determined, and protected using SDDP. Data that SDDP is authorized to scan, classify, and grade are subject to comprehensive scanning, grading, and classification services using customizable sensitive data detection rules by Alibaba Cloud and built-in algorithms. A security protection system based on the results of SDDP is also provided. For instance, with SDDP, you have fine-grained control over access control, and the stored sensitive data is encrypted.

De-identification algorithms provided by SDDP can be customized to meet your unique requirements. You can use SDDP in the production environment for the de-identification of sensitive data. This can be used in testing and development environments that are not part of production environments. De-identified data is guaranteed to be authentic and available while using SDDP.

You can control and optimize the security rules for enterprise data based on the risks and hazards using the information shown in SDDP's console. SDDP presents the storage items containing sensitive data, visitors that access data, and anomalous changes to data flows, among other things.


1.  No Agent Needed

You do not need to deploy an agent to use SDDP. It saves you resources. You can use SDDP's out-of-the-box features immediately after activation, which are both secure and efficient.

2.  Sources of Diverse Data

Data can be protected across diverse sources of cloud data while using SDDP. This solution supports big data services and mainstream databases, making it easy to manage data security.

3.  Automates the classification and grading of sensitive data accurately and automatically

Cloud assets with SDDP are identified, classified, and graded as sensitive with accuracy. SDDP allows you to manage data assets containing sensitive information in a centralized way using standard algorithms and defense rules.

Alibaba Cloud SDDP Scenarios

1.  A Cloud-Native Approach to Data Protection

Our team has analyzed Alibaba Cloud practices and extensive experience to help enterprises deploy their businesses on the cloud. Based on these practices, our team has identified four key capabilities aimed at helping companies ensure data security. Agents are not required for SDDP. With the use of big data and machine learning technologies, SDDP monitors and detects sensitive data activities with high risk. SDDP also acts as a data leak prevention tool by providing various sensitive data depersonalization algorithms.

Focus on Technology

  • Data assets with various life cycles are capable of detecting sensitive data.
  • A database and big data service, such as an OSS system, can be screened for sensitive data.
  • Identifies and de-identifies sensitive data

2.  Detecting, Classifying, and Grading Sensitive Data

A large amount of data is analyzed for sensitive data with Alibaba Cloud SDDP, which detects sensitive data automatically. Data detection engines, such as ApsaraDB RDS and OSS, and unstructured data storage services, such as MaxCompute, provide SDDP with the capability to scan, classify, and grade sensitive data. Keeping your data safe with this approach helps you overcome data management blind spots.

Focus on Technology

  • Detects your assets on the cloud automatically
  • The natural language processing (NLP) feature detects sensitive data through semantic recognition.
  • Detect sensitive data based on your own rules

3.  De-Identify Sensitive Data

In production, test, and analysis environments, SDDP de-identifies sensitive data after it is detected for data leak prevention purposes. Several de-identification algorithms are provided by SDDP. Alibaba Cloud SDDP allows for flexible de-identification of sensitive data to meet your different requirements.

Focus on Technology

  • The ability to de-identify over ten different types of data
  • Contains numerous de-identification templates that can be applied with a few clicks
  • A wide range of de-identification options is visualized and available.
  • Detailed de-identification logs are provided.

The figure below is a graphical representation of these three different scenarios of SDDP:

Fig: Alibaba Cloud SDDP Scenarios

The Bottom Line

The data security solution provided by Alibaba Cloud SDDP offers multiple features, such as detection and classification of sensitive data, grading, de-identification, and adequacy assessment to meet the compliance standards set forth in the General Data Protection Regulation (GDPR) and protect personal information.

0 1 0
Share on

PM - C2C_Yuan

26 posts | 1 followers

You may also like