Data Security Center (DSC) allows you to embed watermark information into the data to be distributed. If a data leak occurs, you can extract watermark information from the leaked data at the earliest opportunity. By reading the extracted watermark information, you can trace the data flow process and identify the organization or user that is responsible for the data leak. The watermark information that is embedded into the data to be distributed does not affect the use of the data. This topic describes how to extract watermark information from a data source.

Background information

The watermark information that is embedded into the data in a data source provides the following features:
  • Security: The watermark information that is embedded into the data is not lost even if the data is modified. This ensures that the watermark information can be accurately identified.
  • Transparency: The watermark information that is embedded into the data is imperceptible to you and does not affect the use of the data.
  • Detectability: You can extract the watermark information from data fragments and trace the source of data leaks with a high success rate.
  • Robustness: You can extract the watermark information from the data even if the data is subject to malicious attacks.
  • Low error rate: DSC provides a well-designed rule for extracting watermark information. This minimizes the probability of errors in data tracing.

Limits

You can extract watermark information only from data in ApsaraDB RDS databases.

Procedure

  1. Log on to the DSC console.
  2. In the left-side navigation pane, choose Data desensitization > Extract watermark.
  3. On the Extract watermark page, set the parameters as required.
    Parameter Description
    SOURCE product The Alibaba Cloud service that contains the sensitive data to be de-identified. Only RDS is supported.
    SOURCE Database/project name Required. The project for storing the table that contains the watermark information to be extracted.
    SOURCE table name Required. The table that contains the watermark information to be extracted.
  4. Click Extract watermark.
    In the lower part of the Extract watermark page, you can view the extracted watermark information. You can configure the watermark information when you add a static de-identification task.

    To copy the extracted watermark information, click Copy results.