After you activate Sensitive Data Discovery and Protection (SDDP), it automatically scans your data stored in Alibaba Cloud services, such as MaxCompute, ApsaraDB RDS, and Object Storage Service (OSS), for sensitive data. Then, SDDP marks the sensitive data with risk levels. You can check the overall risks and details of the sensitive data in the SDDP console.

Prerequisites

  • At least one of the following services is activated or deployed: MaxCompute, ApsaraDB RDS, OSS, DRDS, PolarDB, Tablestore, and a self-managed database hosted on Elastic Compute Service (ECS). This ensures that SDDP has data to scan.
  • A data asset is created in MaxCompute, ApsaraDB RDS, OSS, DRDS, PolarDB, Tablestore, or a self-managed database hosted on ECS. You can create a data asset based on the following instructions:

Procedure

  1. Activate SDDP and authorize SDDP to access your Alibaba Cloud resources.
    After you activate SDDP, you must authorize SDDP to access your Alibaba Cloud resources. For more information, see Authorize SDDP to access Alibaba Cloud resources.
  2. Authorize SDDP to access your data assets in Alibaba Cloud services such as MaxCompute, ApsaraDB RDS, and OSS.
    SDDP must be authorized to access your data assets before it can scan the data assets for sensitive data. For more information, see Grant access to data assets.
  3. Configure sensitive data detection rules.
    SDDP detects sensitive data in objects or tables and generates alerts based on sensitive data detection rules. You can use built-in sensitive data detection rules provided by SDDP. If the built-in sensitive data detection rules cannot meet your requirements, you can customize sensitive data detection rules based on your business needs. For more information, see Create a custom rule.
  4. View the sensitive objects or tables detected by SDDP and their statistics.
    For more information, see View summary information and View sensitive data.
  5. De-identify the sensitive data that is detected.
    For more information, see Perform static de-identification.