Data Security Center (DSC) provides features such as sensitive data detection and classification, configuration risk detection, security event alerting, image desensitization, database column encryption, and audit logs. DSC helps you meet compliance requirements, such as MLPS 2.0, the Data Security Law, and the Personal Information Protection Law, making it suitable for compliance audits and enterprise-level data security administration.
Scenarios
Sensitive data detection and administration
| Discover configuration risks and security events
| Data compliance audit
|
Benefits
Compliance: Helps you meet multiple compliance requirements in one place, including MLPS 2.0, the Data Security Law, the Personal Information Protection Law, and the Cybersecurity Law. This ensures that your data on the cloud is lawful, compliant, and auditable.
Cloud-native: Uses a cloud-native architecture to provide integrated security protection for structured, unstructured, and big data assets. DSC fully covers core ApsaraDB and storage services, such as RDS, OSS, SLS, and MaxCompute.
Visualization: Uses big data and machine learning to intelligently detect high-risk behaviors, such as abnormal access and AccessKey leaks. A dynamic visualization interface provides a comprehensive view of your data asset distribution and security status. You can identify configuration risks from large volumes of data with a single click and receive remediation suggestions.
Features
Classification and grading
DSC provides sensitive data detection templates for industries such as finance, energy, and automotive. These templates help you detect sensitive information in your authorized assets. DSC also supports the classification and grading of information based on its location, type, and sensitivity level. By understanding the sensitive data in your data assets, you can accurately configure access permissions and improve data security.
Security baseline check
DSC dynamically detects data asset configurations to identify risks in areas such as permission management, access control, encrypted transmission, and disaster recovery and backup. This applies to databases, storage, and big data assets on Alibaba Cloud. DSC continuously monitors the security of your configurations.
Data audit
DSC provides efficient log auditing for various data sources, including databases, OSS, and MaxCompute. It uses more than 900 built-in rules for high-risk operations to detect risks such as abnormal behavior, data breaches, and SQL injection. DSC also supports custom rules, multi-dimensional log filtering, and real-time alerting.
Detection and Response
The Detection and Response feature focuses on preventing data breach risks. It automatically detects whether OSS files contain sensitive content, such as AccessKeys of Alibaba Cloud accounts or RAM users, and database connection information. The service can also detect file access attempts that use leaked or abnormal AccessKeys and abnormal logon activities that use leaked database accounts. It also supports event handling, access tracing, and custom intelligence input to provide end-to-end protection from risk detection to response.
Column encryption
Column encryption is a data security technology that encrypts specific columns in a database. This prevents unauthorized users from directly accessing sensitive data in plaintext using cloud platform software or database connection tools. This feature effectively defends against internal and external security threats to ensure data security.
Image desensitization
You can use the image desensitization feature for OSS to create desensitization tasks. These tasks scan images in a specified bucket for sensitive information, such as ID card numbers, license plate numbers, and faces. The sensitive information is then masked with a gray rectangle.
Report Analysis
DSC provides various online analysis reports, including reports for comprehensive analysis, App Performance Analytics, and compliance self-checks for standards such as MLPS 2.0, the Data Security Law, and Sarbanes-Oxley. You can export these reports in HTML, Word, or image formats to meet regulatory audit and internal compliance management requirements.
Product selection and billing
Version Guide: DSC is available in several editions, including Free Edition, Premium Edition, Enterprise Edition, and Database Audit (Classified Protection Compliance Edition). These editions differ in their billing methods and service capabilities. For more information about the differences between editions, see Feature comparison between different editions.
Billing: DSC uses a subscription billing method. For more information about billing components and pricing, see Billing.
Get started
Grant authorization for your assets in the Asset Center. For more information, see Asset Center.
Enable the following features as needed for your business scenarios:
Classification and grading (Recommended): Detect and grade sensitive information.
Baseline check (Recommended): Detect configuration risks on the cloud platform.
Data audit: Enable cloud-native log collection to receive alerts for attacks and abnormal operations.
Detection and Response: Discover and handle security events such as leaked database credentials and AccessKeys.
Column encryption: Encrypt sensitive data columns in your database. This ensures that unauthorized personnel can only read the ciphertext.
Image desensitization: Desensitize sensitive information in images within an OSS bucket.