This topic shows you how to use Data Security Center (DSC) to detect, classify, and protect sensitive data that is stored in Object Storage Service (OSS) buckets.
Background information
Sensitive data includes personal privacy information, passwords, keys, and images that contain sensitive content. Such data is of high value and is stored in your OSS buckets in different formats. The leaks of sensitive data can cause serious economic and brand losses to your enterprise.
After you authorize DSC to access an OSS bucket, DSC detects sensitive data in the OSS bucket, classifies and displays the sensitive data, and tracks the use of the sensitive data. In addition, DSC protects and audits the sensitive data based on predefined security rules, so that you can obtain the security status of your data assets in OSS at any time.
Scenarios
- Sensitive data detection
You store a large amount of data in OSS. You cannot determine whether data stored in OSS contains sensitive data and where the sensitive data is stored.
DSC scans data that is stored in OSS for sensitive data and classifies the sensitive data based on built-in or custom rules. Then, you can use OSS features such as access control and encryption to protect the sensitive data.
- Data de-identification
If you share data for analysis or use without de-identifying sensitive data, the sensitive data may be leaked.
DSC supports built-in and custom de-identification algorithms. You can use these algorithms to de-identify sensitive data that is obtained from the production environment before you transfer the sensitive data to other environments such as the development or test environment. DSC ensures that the de-identified sensitive data is usable in other environments.
Benefits
- Visualized: DSC visualizes the results of sensitive data detection. This allows you to obtain
a clear view of the security status of your data assets.
- Monitors data access and provides audit logs for you to trace anomalous activities, which reduces security risks to your data.
- Increases the overall security transparency of your data assets and enhances data governance.
- Reduces the cost of maintaining data security and provides fundamental data for you to formulate security rules that are suitable for your enterprise.
- Intelligent: DSC uses big data technologies, machine learning capabilities, and intelligent algorithms
to detect and monitor sensitive data, high-risk activities such as anomalous data
access, and potential data leaks. In addition, DSC provides suggestions on how to
resolve detected issues.
- Allows you to customize the rules to detect sensitive data so that you can ensure that the sensitive data is more accurately and efficiently detected and protected.
- Integrates complex data formats and content to a unified data risk model and presents data in a standard manner for you to protect your key data assets.
- Cloud-native: DSC fully leverages its advantages as a cloud-native service and integrates with
a variety of data assets on Alibaba Cloud.
Compared with traditional sensitive data protection software, DSC provides a more robust service architecture and higher availability in a cost-efficient manner, and features higher system security.
Note
You can activate DSC in pay-as-you-go mode for free. After you authorize DSC to access specific OSS buckets, DSC charges you at a price of USD 0.6 per GB for scanning objects that are stored in the OSS buckets.
DSC scans all data that is stored in your OSS buckets at the first scan and charges you for a full scan. If you add new objects to or modify objects in your OSS buckets after the first scan, DSC charges you only for scanning the new or modified objects. This greatly reduces the expense.