All Products
Search
Document Center

Data Protection

Last Updated: May 09, 2020

Overview

Data security is one of the major challenges in using data. Data is the core asset of enterprises. Most of the core and sensitive information, including the ID card number, bank account, phone number, customer data, and medical care, transaction, and salary information, is stored as structured data. Security incidents such as data tampering, theft, and abuse have a severe impact on the economy and reputation of an enterprise and bring unimaginable consequences.

To guarantee data security, enterprises need to know how to protect data in an all-around manner. The Data Protection feature provided by Data Management Service (DMS) helps the security management team of an enterprise achieve the following goals:

  • Intelligently detect and classify sensitive data and update the field security levels in DMS.
  • Audit databases and prevent data loss.
  • Quickly analyze the data usage mode and use the user and entity behavior analytics (UEBA) risk identification model and big data security expert rules of Ant Financial to identify and manage risks.
  • Provide software development kits (SDKs) that can intelligently detect and de-identify sensitive data in the displayed content to protect sensitive data based on the sensitive data definition and de-identification policy. Manage the internal de-identification standards in enterprises in a unified manner to greatly improve the security management efficiency.

Access control

DMS provides the Data Protection feature as a tool for a data security administrator to manage data. The permission of the security administrator is required to enable and use the Data Protection feature.

Authorization procedure

  1. Log on to the DMS console as the DMS administrator.
  2. In the top navigation bar, choose System Management > User.
  3. On the User page that appears, select the user to whom you want to grant the permission of the security administrator and click Edit User at the top. In the dialog box that appears, select Security Administrator and click Confirm Change. You can only select one user at a time.
    Edit User dialog box
  4. Log on to the DMS console again as the security administrator.
  5. In the top navigation bar, choose System Management > Security > Data Protection.

    If you use the Data Protection feature for the first time, you need the permission of the security administrator to authorize and enable the Data Protection feature before using it.

    2

Data classification

The Data Protection feature automatically classifies fields based on metadata and updates the field security levels in DMS based on the field classification results. This facilitates field permission management in DMS.

Procedure

  1. Log on to the DMS console again as the security administrator.
  2. In the top navigation bar, choose System Management > Security > Data Protection.
  3. On the page that appears, choose Rule Configuration > Data Identification Rules in the left-side navigation pane. On the Data Identification Rules page that appears, click Create Rule in the upper-right corner. In the dialog box that appears, set Data Type, Data Name, Owner, and Remarks, and click Next.
  4. In the second step, select a security level, which can be internal, sensitive, or confidential, and configure field scanning.
  5. Click Next. In the third step, confirm that the data identification rule is correct and click Save and Enable.
  • On the Data Identification Rules page, you can view all the rules, modify the rules, and enable or disable the rules.
  • After a rule takes effect, it identifies and classifies data based on metadata every hour on the hour. The security level of a field in DMS is updated based on the classification result. In this way, you can manage and control the access of data that contains the field in the DMS console.

Manual data correction

On the Manual Data Correction page, you can view all identified fields for confirmation. If some fields are incorrectly identified, you can remove them or change field types. Manually corrected data takes effect in DMS in real time.

Data detection

Data detection is to take statistics of data based on the result of data identification from dimensions such as the security level and instance and display the details of identified fields in the field details list.