Data Security Center (DSC) includes features such as sensitive data identification and classification, configuration risk detection, security event alerting, image desensitization, database column encryption, and audit logs. It meets compliance requirements such as MLPS 2.0, the Data Security Law, and the Personal Information Protection Law. DSC is suitable for compliance audits and enterprise-level data security governance scenarios.
Scenarios
Sensitive data identification and governance
| Discover configuration risks and security events
| Data compliance audit
|
Benefits
Compliance: Provides a one-stop solution to meet multiple compliance requirements, including MLPS 2.0, the Data Security Law, the Personal Information Protection Law, and the Cybersecurity Law. This helps ensure that your data in the cloud is compliant and auditable.
Cloud-native: Built on a cloud-native architecture, it provides integrated security protection for structured, unstructured, and big data assets. It provides comprehensive coverage for core cloud database and storage services such as ApsaraDB RDS, OSS, SLS, and MaxCompute.
Visualization: Uses big data and machine learning to intelligently detect high-risk behaviors, such as abnormal access and leaked AccessKey pairs. It offers a dynamic visualization interface to provide a panoramic view of data asset distribution and security status. You can search for configuration risks across massive amounts of data with a single click and receive remediation suggestions.
Features
Classification and categorization
DSC provides sensitive data identification templates for industries such as finance, energy, and automotive. These templates identify sensitive information in authorized assets and allow you to manage the data based on its location, type, and sensitivity level. By understanding the sensitive data within your data assets, you can accurately configure access permissions and enhance data security.
Security baseline check
DSC dynamically detects data asset configurations to identify risks related to permission management, access control, data encryption in transit, and disaster recovery and backup. It checks these configurations for databases, storage, and big data assets on Alibaba Cloud and continuously monitors their security.
Data audit
DSC provides efficient log auditing for various data sources, including databases, OSS, and MaxCompute. It uses over 900 built-in rules that apply to important operations to detect risks such as abnormal behavior, data breaches, and SQL injection. It also supports custom rules, multi-dimensional log filtering, and real-time alerting.
Detection and Response
The Detection and Response service focuses on preventing data breach risks. It automatically scans OSS files for sensitive content, such as AccessKey pairs for Alibaba Cloud accounts or RAM users, and database connection information. The service also detects access to files using leaked or abnormal AccessKey pairs and abnormal logon activities using leaked database accounts. It supports event handling, access tracing, and custom threat intelligence to provide closed-loop protection from risk discovery to response.
Column encryption
Column encryption is a data security technology that encrypts specific columns in a database. This prevents unauthorized personnel from directly accessing plaintext sensitive data through cloud platform consoles or database connection tools. This feature effectively defends against internal and external security threats.
Image desensitization
Using the OSS image desensitization feature, you can create image desensitization tasks. These tasks scan images in a target bucket for sensitive information, such as ID card numbers, license plate numbers, and faces. The sensitive information is then masked with a gray rectangular overlay.
Report analysis
DSC provides various online analysis reports, including comprehensive analysis, performance analysis, MLPS compliance self-checks, Data Security Law reports, and Sarbanes-Oxley reports. You can export these reports in HTML, Word, or image formats to help you meet regulatory audit and internal compliance management needs.
Editions and billing
Editions: DSC is available in several editions, including Free Edition, Premium Edition, Enterprise Edition, and DBAudit (MLPS Compliance Edition). These editions differ in their billing methods and service capabilities. For more information about the differences between editions, see Feature comparison between different editions.
Billing: DSC uses a subscription billing method. For more information about billing components and pricing, see Billing.
Get started
Grant permissions to your assets in the Asset Center. For more information, see Asset Center (New).
Enable the following features as needed:
Classification and categorization (Recommended): Identify and classify sensitive information.
Baseline check (Recommended): Identify configuration risks on the cloud platform.
Data audit: Enable cloud-native log collection to receive alerts for attacks and abnormal operations.
Detection and Response: Identify and handle security events such as leaked database credentials and AccessKey pairs.
Column encryption: Encrypt sensitive data columns in your database. Unauthorized personnel can only read the ciphertext.
Image desensitization: Desensitize sensitive information in images within an OSS bucket.
FAQ
Does Data Security Center log on to my database to get data? How is security ensured?
After you grant permissions, Data Security Center uses data sampling to identify sensitive data. It does not save any data from your database.
Data Security Center needs to access production data. Is a confidentiality agreement provided upon purchase?
Data Security Center only uses sampling to identify sensitive data and does not save your production data. The agreement signed upon purchase is the general Alibaba Cloud Product Terms of Service. For more information, see Data Security Center Terms of Service.