All Products
Search

This Product

    Data Security Center:Classify data

    Document Center

    Data Security Center:Classify data

    Last Updated:Apr 22, 2024

    Data Security Center (DSC) allows you to collect and analyze database information and classify data in the cloud. DSC also allows you to identify sensitive data. This topic describes how to use the DSC console to classify data in an efficient manner.

    Prerequisites

    Databases that you want to connect to DSC are available. For more information about the database types and regions supported by DSC, see Supported database types and Supported regions.

    Step 1: Purchase DSC and complete authorization

    1. Log on to the DSC console.

    2. Click Buy Now. Then, configure parameters and complete the payment.

    3. Go back to the DSC console. In the RAM-based Authorization dialog box, click Authorize.

      Alibaba Cloud automatically creates a service-linked role. Then, DSC can assume the role to perform related operations.

    Step 2: Connect databases to DSC

    DSC supports security management for most database assets in Alibaba Cloud. You can authorize DSC to access an asset and connect the asset to DSC in the DSC console. The following procedure describes how to authorize DSC to access an ApsaraDB RDS database and connect the ApsaraDB RDS database to DSC for data classification.

    1. In the left-side navigation pane, choose Asset Center > Authorization Management.

    2. On the Authorization Management page, click Asset Authorization Management.

    3. In the Asset Authorization Management panel, click Asset synchronization.

      If the ApsaraDB RDS database that you want to connect to DSC is already in the asset list, skip this step.

    4. Find the ApsaraDB RDS database and click Authorization in the Actions column.

    5. Go back to the Authorization Management page. Find the ApsaraDB RDS database and click Connect in the Actions column.

      To de-identify sensitive data, find the ApsaraDB RDS database and click Account Logon in the Actions column. Then, enter an account that has the read and write permissions. You can click Connect only for data classification.

    6. Go back to the Authorization Management page, click the image icon, wait until data is updated, and then check whether the connection status and feature status of the database are normal. The following feature shows normal status.

      image

    Step 3: View your data identification task

    You can view the classification results only after the identification task is complete. To view the status of the default data identification task, perform the following steps:

    1. In the left-side navigation pane, choose Data Insights > Tasks.

    2. On the Identification Tasks tab, click Default Tasks.

    3. On the Identify task monitoring page, view the scan status of the default data identification task that is created for the connected database.

      The time required for an identification task varies based on the amount of data that needs to be scanned. A long period of time is required to scan large amounts of data.

      You can view classification results only when Scan Status is Complete.

      image

    Note

    You can configure a template specific to a different industry as the main template for custom scanning.

    Step 4: View classification results

    1. In the left-side navigation pane, choose Data Insights > Asset Insight.

    2. On the Asset Type tab, find the database that you want to manage and click Table details in the Actions column.

    3. In the panel that appears, view statistics about sensitive information and the table list.

      image