Quick start - Data Security Center - Alibaba Cloud Documentation Center

After you activate Data Security Center (DSC), DSC automatically scans your data stored in Alibaba Cloud services, such as MaxCompute, ApsaraDB RDS, and Object Storage Service (OSS), for sensitive data. Then, DSC marks the sensitive data with specific risk levels. You can check the overall risks and details of the sensitive data in the DSC console.

Prerequisites

At least one of the following services or resources is activated or deployed: MaxCompute, ApsaraDB RDS, OSS, PolarDB-X 1.0, PolarDB, Tablestore, and a self-managed database hosted on Elastic Compute Service (ECS). This ensures that DSC has data to scan.
A data asset is created in MaxCompute, ApsaraDB RDS, OSS, PolarDB-X 1.0, PolarDB, Tablestore, or a self-managed database hosted on ECS. You can create a data asset based on the following instructions:
- Create a project in MaxCompute and import data to the project for DSC to scan
  For more information, see Create a MaxCompute project.
- Create a database in an ApsaraDB RDS instance
  For more information, see Create a database.
- Create a bucket in OSS and upload objects to the bucket
  For more information, see Create buckets and Upload objects.
- Create a database in a PolarDB-X 1.0 instance
  For more information, see Create a database.
- Create a PolarDB cluster
  For more information, see Purchase a pay-as-you-go cluster.
- Create a Tablestore instance and a table
  For more information, see Create instances and Create tables.
- Manage a database hosted on an ECS instance
  For more information, see Manage self-managed databases on ECS instances.

Procedure

Activate DSC and authorize DSC to access your Alibaba Cloud resources.
After you activate DSC, you must authorize DSC to access your Alibaba Cloud resources. For more information, see Authorize DSC to access Alibaba Cloud resources.
Authorize DSC to access your data assets in Alibaba Cloud services, such as MaxCompute, ApsaraDB RDS, and OSS.
DSC must be authorized to access your data assets before it can scan the data assets for sensitive data. For more information, see Grant access to data assets.
Configure sensitive data detection rules.
DSC detects sensitive data in objects or tables and generates alerts based on sensitive data detection rules. You can use built-in sensitive data detection rules provided by DSC. If the built-in sensitive data detection rules cannot meet your requirements, you can customize sensitive data detection rules based on your business needs. For more information, see Create a custom detection model.
View the sensitive objects or tables detected by DSC and the statistics on them.
For more information, see View summary information and View sensitive data.
De-identify the sensitive data that is detected.
For more information, see Perform static de-identification.