Data Security Center (DSC) discovers and classifies sensitive data across your cloud assets, gives you visibility into configuration risks and security events, and helps you meet compliance requirements such as MLPS 2.0, the Data Security Law, the Personal Information Protection Law, and the Cybersecurity Law.
Features
| Feature | Description |
|---|---|
| Classification and categorization | Scans authorized assets using industry-specific templates (finance, energy, automotive) to identify sensitive data, then lets you manage data by location, type, and sensitivity level. |
| Security baseline check | Continuously monitors databases, storage, and big data assets on Alibaba Cloud for risks in permission management, access control, encryption in transit, and disaster recovery. |
| Data audit | Audits databases, Object Storage Service (OSS), and MaxCompute using over 900 built-in rules that apply to important operations. Detects anomalous behavior, data breaches, and SQL injection. Supports custom rules, multi-dimensional log filtering, and real-time alerting. |
| Detection and Response | Automatically scans OSS files for sensitive content such as AccessKey pairs for Alibaba Cloud accounts or RAM users, and database connection information. Detects access using leaked or anomalous AccessKey pairs and anomalous logon activity. Provides event handling, access tracing, and custom threat intelligence for closed-loop response. |
| Column encryption | Encrypts specific database columns so unauthorized personnel cannot read plaintext data through cloud consoles or database tools—protecting against both internal and external threats. |
| Image desensitization | Scans images in OSS buckets for sensitive information such as ID card numbers, license plate numbers, and faces, then masks detected content with a gray rectangular overlay. |
| Report analysis | Provides online analysis reports covering comprehensive analysis, performance analysis, MLPS compliance self-checks, Data Security Law reports, and Sarbanes-Oxley reports. Export in HTML, Word, or image formats. |
Use cases
Sensitive data identification and governance
Identifies and classifies structured and unstructured sensitive data.
Intelligently masks sensitive information in images.
Supports one-click encryption for sensitive database fields without requiring application modifications.
Configuration risk and security event detection
Detects cloud environment configuration risks based on security baselines.
Identifies data breach events involving database account credentials and AccessKey pairs.
Provides closed-loop management for risk events and security alerts.
Data compliance audit
Collects and retains logs through cloud-native or traffic collection methods, with real-time alerting for SQL injection attacks and anomalous activity.
Exports audit reports based on various compliance templates.
Benefits
Compliance: Covers MLPS 2.0, the Data Security Law, the Personal Information Protection Law, and the Cybersecurity Law in a single product—keeping your cloud data compliant and auditable.
Cloud-native: Built on a cloud-native architecture with integrated security coverage for structured, unstructured, and big data assets, including ApsaraDB RDS, OSS, Simple Log Service (SLS), and MaxCompute.
Visualization: Uses big data and machine learning to detect high-risk behaviors such as anomalous access and leaked AccessKey pairs. A dynamic visualization interface provides a panoramic view of data asset distribution and security status, with one-click search for configuration risks and remediation suggestions.
Editions and billing
DSC is available in several editions, including Free Edition, Premium Edition, Enterprise Edition, and DBAudit (MLPS Compliance Edition). These editions differ in their billing methods and service capabilities. DSC uses a subscription billing method.
For a full comparison of capabilities across editions, see Feature comparison between different editions. For pricing details, see Billing.
Get started
Grant access to your assets. Go to Asset Center and authorize DSC to access the data sources you want to protect. See Asset Center (New).
Enable the features you need. Enable any of the following features based on your requirements:
Classification and categorization (Recommended): Identify and classify sensitive data across your assets.
Baseline check (Recommended): Surface configuration risks across your cloud environment.
Data audit: Enable cloud-native log collection and receive real-time alerts for attacks and anomalous activity.
Detection and Response: Detect and handle security events such as leaked database credentials and AccessKey pairs.
Column encryption: Encrypt sensitive columns in your database so unauthorized personnel can only read ciphertext.
Image desensitization: Mask sensitive information in images stored in OSS buckets.
FAQ
Does DSC log in to my database to retrieve data? How is data security ensured?
After you grant permissions, DSC uses data sampling to identify sensitive data and does not save any data from your database.
DSC needs to access production data. Is a confidentiality agreement provided upon purchase?
DSC only samples data to identify sensitive information and does not retain your production data. The agreement signed upon purchase is the general Alibaba Cloud Product Terms of Service. For details, see Data Security Center Terms of Service.