After you activate Data Security Center (DSC), DSC automatically scans your data stored in Alibaba Cloud services, such as MaxCompute, ApsaraDB RDS, and Object Storage Service (OSS), for sensitive data. Then, DSC marks the sensitive data with specific risk levels. You can check the overall risks and details of the sensitive data in the DSC console.

Prerequisites

  • At least one of the following services or resources is activated or deployed: MaxCompute, ApsaraDB RDS, OSS, PolarDB-X 1.0, PolarDB, Tablestore, and a self-managed database hosted on Elastic Compute Service (ECS). This ensures that DSC has data to scan.
  • A data asset is created in MaxCompute, ApsaraDB RDS, OSS, PolarDB-X 1.0, PolarDB, Tablestore, or a self-managed database hosted on ECS. You can create a data asset based on the following instructions:

Procedure

  1. Activate DSC and authorize DSC to access your Alibaba Cloud resources.
    After you activate DSC, you must authorize DSC to access your Alibaba Cloud resources. For more information, see Authorize DSC to access Alibaba Cloud resources.
  2. Authorize DSC to access your data assets in Alibaba Cloud services, such as MaxCompute, ApsaraDB RDS, and OSS.
    DSC must be authorized to access your data assets before it can scan the data assets for sensitive data. For more information, see Grant access to data assets.
  3. Configure sensitive data detection rules.
    DSC detects sensitive data in objects or tables and generates alerts based on sensitive data detection rules. You can use built-in sensitive data detection rules provided by DSC. If the built-in sensitive data detection rules cannot meet your requirements, you can customize sensitive data detection rules based on your business needs. For more information, see Create a custom detection model.
  4. View the sensitive objects or tables detected by DSC and the statistics on them.
    For more information, see View summary information and View sensitive data.
  5. De-identify the sensitive data that is detected.
    For more information, see Perform static de-identification.