After you activate Sensitive Data Discovery and Protection (SDDP) and configure sensitive data identification rules, SDDP automatically scans your data assets for sensitive data. On the Overview page of the SDDP console, you can view the current status of SDDP and statistics on authorized data assets, sensitive data identification, static desensitization, and anomalous events.

Currently, SDDP can scan data in MaxCompute, Relational Database Service (RDS), and Object Storage Service (OSS) for sensitive data. More services will be supported soon.

SDDP can identify sensitive data in the following data:
  • Tables from MaxCompute and RDS.
  • Objects from OSS.

You cannot query OSS objects with no sensitive data identified in the SDDP console.

Note For your data security and privacy, SDDP only performs necessary operations such as sensitive data identification and static desensitization to protect your sensitive data. SDDP does not store any of your data.

The following figure shows the Overview page of the SDDP console.

Overview

View the current status

In the Current Status section, you can view the current status of SDDP, including the remaining subscription period, the number of authorized data assets, and the number of data assets that SDDP has protected.

Current status

You can renew your subscription or upgrade SDDP when the subscription is about to expire or the resource plan is about to be used up.

View the statistics on authorized data assets

In the Data Source Authorization Status section, you can view the statistics on authorized data assets, including the proportion of authorized data assets in all your data assets. For each service, this section displays the total number of data assets, the number of authorized data assets, the number of unauthorized data assets, the number of times that data assets are scanned, and the number of scanned data assets.

Statistics on authorized data assets

Click Authorize Now for a service. The Authorization Configuration page appears, where you can authorize SDDP to access more data assets and view, edit, or delete authorized data assets.

View the statistics on sensitive data identification

In the Data Identification Result section, you can view the numbers of sensitive tables, fields, and objects identified in authorized data assets.

SDDP identifies sensitive tables, fields, and objects based on the sensitive data identification rules that you have configured.

Sensitive data identification result
This section displays the following statistics:
  • Sensitive Tables: the total number of sensitive tables identified in MaxCompute projects and RDS databases.
  • Sensitive Fields: the total number of sensitive fields identified in MaxCompute projects and RDS databases.
  • Sensitive Files: the total number of sensitive objects identified in OSS buckets.

SDDP provides several built-in rules for sensitive data identification, and also allows you to configure custom identification rules. SDDP automatically identifies sensitive tables, fields, and objects and marks them with different risk levels based on sensitive data identification rules.

In the Data Identification Result section, you can also view the numbers of sensitive tables and fields at each risk level in MaxCompute projects and RDS databases.Risk level distribution of sensitive data
SDDP determines whether a table is sensitive based on the number of sensitive fields detected in the table and the sensitive field group. Based on the sensitivity, SDDP marks sensitive data with the following risk levels: S1, S2, S3, and S4. The severity of each risk level increases sequentially as follows:
  • S1: low.
  • S2: medium.
  • S3: high.
  • S4: highest.

View the statistics on static desensitization

In the Static Desensitization Result section, you can view the numbers of desensitized tables and fields in MaxCompute projects and RDS databases respectively. You can also view the proportion of fields for which static desensitization is configured in all sensitive fields.

SDDP allows you to create static desensitization tasks to desensitize and protect the sensitive data in your data assets. For more information, see Manage desensitization tasks.

Static desensitization result

View the statistics on anomalous events

In the Anomalous Event Summary section, you can view the statistics on anomalous events detected in the last seven days, one month, six months, or twelve months.Anomalous event summary

This section displays the following statistics:

  • Unprocessed Anomalous Events: the number of anomalous events that have not been processed.

    SDDP can detect anomalous events that occurred in reading and using sensitive data, including anomalous permission usage, anomalous data flows, anomalous data operations. SDDP detects anomalous events and generates anomaly alerts based on the anomaly alert configuration.

  • Processed Anomalous Events: the number of anomalous events that have been processed.

    SDDP allows you to process an anomalous event by confirming it as a violation or excluding it as a false positive. For more information, see Process anomalous events.

Query data assets

On the Overview page, click Data Asset Search in the upper-right corner. On the page that appears, you can query the data assets with sensitive data and the risk levels of sensitive data.Query data assets
The following filters are supported:
  • Risk Levels: Specify one or more risk levels of sensitive data to query data assets. If you do not select any risk level, the system queries data assets with sensitive data at all risk levels.
  • Asset Scope: Specify one or more types of the data assets to query.
  • With Sensitive Data: Specify a default or custom sensitive data type to query data assets.
  • Asset Name: Enter the name of a project, instance, database, package, table, or object to query the specific data asset.