Community Blog Discovering and Securing Sensitive Data With Alibaba Cloud – Part 3

Discovering and Securing Sensitive Data With Alibaba Cloud – Part 3

Part 3 of this 3-part series discusses how Alibaba Cloud SDDP works with cloud resources undergoing continuous evolution.

By Shantanu Kaushik

Sensitive data may be scattered across the enterprise in different cloud storage resources. The amount of visibility you can maintain throughout the data lifecycle depends on how efficient your data discovery practice is.

In Part 2, we discussed the Alibaba Cloud Sensitive Data Discovery and Protection (SDDP) suite and its benefits. This article discusses how Alibaba Cloud SDDP works with cloud resources undergoing continuous evolution some of the prominent features and usage scenarios.

Monitoring and Management

Alibaba Cloud Sensitive Data Discovery and Protection is an end-to-end data monitoring and management solution that provides an extensive data security service with multi-level classification.

Alibaba Cloud has done extensive research with solutions spanning a variety of scenarios and solving complexities related to real-world issues. When it comes to data security, Alibaba Cloud has a widely-defined security suite of products classified using cloud security, business security, identity management, and data security.

Sensitive Data Discovery

Alibaba Cloud SDDP can discover, classify, and protect the objects even when dealing with large amounts of data. Alibaba Cloud SDDP performs comprehensive detection by enabling precise scanning, classification, and grading throughout structured and unstructured data. Alibaba Cloud SDDP uses identity and access management to access built-in algorithms and customizable sensitive data detection rules.

Alibaba Cloud SDDP provides security protection based on the detection results with fine-grained access control and encryption mechanisms to store the discovered sensitive data securely. Alibaba Cloud SDDP can distinguish between sensitive data and non-sensitive data using intelligent scanning mechanisms.

Alibaba Cloud SDDP scans your structured and unstructured data sources and classifies the sensitive data discovered. Then, it marks it with risk levels to enable extra protection using Alibaba Cloud’s in-house fine-grained access control and storage encryption.

Sensitive Data De-Identification

Alibaba Cloud SDDP provides diversified built-in de-identification algorithms based on meticulous parameters for precise data handling. Within an enterprise, there is no space for erroneous data classification. If a service declassifies and de-identifies viable data, it could be chaotic.

Alibaba Cloud SDDP allows you to create custom de-identification rules that can provide you with a highly viable environment for data classification. You can use SDDP to de-identify sensitive data in the production environment and within the pre-production environment.

After your data has been de-identified, you can use this data again in pre-production environments, such as development environments and test environments. Alibaba Cloud SDDP ensures the authenticity and availability of the de-identified data for any future uses you might have.

Security Policy Handling

Alibaba Cloud SDDP lets you control the security risks and issues within your enterprise system-related data by enabling a smooth optimization workflow in-sync and aligned with your security policies based on the information displayed in the SDDP console. The Alibaba Cloud SDDP console will display the storage objects that contain sensitive data and reflect all the users that can access that particular data. It will also give detailed reports regarding security policies that apply to different storage resources and the anomalous data flows and activities related to the whole system.


Visualized Data Control

Alibaba Cloud SDDP enables highly instrumental visualization scenarios that depict the results of sensitive data discovery and allows you to obtain a clear view of the security status of your data resources.


  • Data access monitoring and audit log assessment trace irregular activities and reduces security risks.
  • Increases the overall security transparency of your data sources and enhances data governance
  • Enables fundamental data governance and security rules for your enterprise

Usage Scenarios

Cloud-Native Data

Alibaba Cloud’s extensive experience with cloud security and data protection for cloud-native solutions for enterprises enables four core data security capabilities to help organizations migrate to the cloud without worrying about security issues. Alibaba Cloud SDDP detects and monitors sensitive data and data activities at high risks and provides risk management solutions using big data and machine learning technologies.


  • Supports sensitive data detection for data sources with different lifecycles scattered throughout the architecture
  • Enables sensitive data detection in databases and big data services, such as Alibaba Cloud OSS
  • Provides de-identification services for sensitive data on a cloud-native architecture

Discovery, Classification, and Grading

Alibaba Cloud SDDP detects sensitive data automatically by utilizing a data detection engine. This engine scans, classifies, and grades sensitive data in structured data storage services, such as ApsaraDB RDS, and unstructured data storage services, such as OSS and MaxCompute. This enables a highly efficient practice that copes with blind spots in data management.


  • Automatic cloud resource detection
  • Semantic recognition through the usage of Natural Language Processing (NLP)
  • Enables custom rule and policy formulation


Alibaba Cloud SDDP has a strict policy towards plugging any possible data leaks. Right after the sensitive data is detected, SDDP de-identifies the data in the production, test, and analysis environments to prevent any data leaks. Alibaba Cloud SDDP uses highly refined de-identification algorithms to facilitate data de-identification. SDDP provides a flexible approach for data de-identification.


  • Supports various de-identification algorithms depending on data type and source
  • Enables the seamless usage of various de-identification templates that can be engaged with just a few clicks
  • Provides visualized and extensive de-identification options
  • Provides comprehensive de-identification logs

Wrapping Up

Enterprises today are generating data at unprecedented rates, increasing the data discovery complexities in the process. Maintaining your organization’s security requirements with a highly viable data discovery and protection system is paramount.

Enterprises want to adopt a solution that can adequately assess the full data practice and implement the appropriate security measures to prevent sensitive data loss.

Upcoming Articles

  1. Seamless Network Acceleration Using GA – Part 1
  2. Seamless Network Acceleration Using GA – Part 2
  3. Maintaining Availability With Auto Scaling – Part 1
  4. Maintaining Availability With Auto Scaling – Part 2
  5. Maintaining Availability With Auto Scaling – Part 3
  6. Maintaining Availability With Auto Scaling – Part 4
  7. Multi-Tier Approach With VPC – Part 1
  8. Multi-Tier Approach With VPC – Part 2
  9. Multi-Tier Approach With VPC – Part 3
0 0 0
Share on

Alibaba Clouder

2,606 posts | 737 followers

You may also like


Alibaba Clouder

2,606 posts | 737 followers

Related Products