DSC Free Edition - Data Security Center - Alibaba Cloud Documentation Center

Data Security Center (DSC) provides Free Edition for all Alibaba Cloud users to protect data assets. DSC Free Edition provides fixed resource quotas and features such as data classification, baseline check, and data auditing.

Intended users

Alibaba Cloud accounts and Resource Access Management (RAM) users that completed real-name verification for individuals or enterprises.
The account has not been used to purchase any paid editions of DSC.

Free resource specifications

The following table describes the specifications of resources that are provided per month by DSC Free Edition before DSC Free Edition is released. The free log storage capacity of the data auditing feature is provided only in the first month the first time you activate DSC Free Edition.

Feature	Resource	Free specification
Asset authorization	Database instance quota	500
Asset authorization	Object Storage Service (OSS) protection capacity and Simple Log Service protection capacity	500 TB
Data classification	OSS identification capacity and Simple Log Service identification capacity	5 GB
Data classification	Table identification quantity	100
Risk governance	Check items of the baseline check	51 (Baselines of the best practices of Alibaba Cloud for data security are supported. Baselines of the China Personal Information Protection Law (PIPL) are not supported.)
Risk governance	Column encryption	1 column
Data detection and response	Storage capacity of data audit logs	5 GB
	Detection of AccessKey pair leaks Detection of database accounts	Supported
	Leaked AccessKey pair-based access alert and governance Database account access behavior and governance	Not supported

Usage notes

You do not need to pay for the free resource specifications. You can directly use the data protection capabilities provided by DSC Free Edition.

Important

If you enable the native audit log collection feature for specific databases and OSS buckets, you are charged additional log collection fees for the audit logs that are stored in the databases and OSS buckets. For more information, see Additional fees for database assets connected to DSC.

You cannot upgrade or renew DSC Free Edition. If the free resource specifications cannot meet your business requirements, we recommend that you purchase DSC to ensure continuous data security. For more information, see Purchase DSC.

Important

After you purchase a paid edition of DSC, DSC Free Edition is automatically released. For more information, see the Release DSC Free Edition section in this topic.

Features

The following table describes the features provided by DSC Free Edition. For more information about the features of different editions of DSC, see Differences between the features of different editions.

Feature	Feature description	References
Assets	DSC automatically identifies and adds data assets in Alibaba Cloud. DSC supports the one-click and account-based connection modes, which you can use to connect to databases. The one-click connection mode supports the following asset types: ApsaraDB RDS, PolarDB, PolarDB for Xscale (PolarDB-X), PolarDB-X 2.0, ApsaraDB for Redis, OSS, Simple Log Service, Tablestore, and MaxCompute. The account-based connection mode supports the following asset types: ApsaraDB RDS, PolarDB, PolarDB-X, PolarDB-X 2.0, ApsaraDB for MongoDB, ApsaraDB for OceanBase, self-managed databases, AnalyticDB for MySQL, and AnalyticDB for PostgreSQL. Note The number of data assets that you authorize DCS to access cannot exceed the free resource specifications.	Asset authorization management
Sensitive data classification	DSC identifies sensitive data in your assets based on built-in and custom identification models and allows you to search for sensitive data. Note The amount of OSS and Simple Log Service data capacity and database tables that DSC identifies cannot exceed the free resource specifications.	Scan sensitive data by using identification tasks
Baseline check	DSC dynamically checks the configurations in your data assets. For example, DSC checks each configuration item in your databases in Alibaba Cloud, such as the authentication, access control, encryption, backup, and restoration configurations. Note DSC Free Edition supports only 51 baselines of the best practices of Alibaba Cloud for data security. The supported check items displayed on the Policies tab of the Risk Goverance > Configuration Risks page shall prevail. If you want to use baselines of the PIPL, purchase DSC.	Security baseline check
Column encryption	DSC provides the column encryption feature to encrypt the identified sensitive data in ApsaraDB RDS for MySQL and PolarDB for MySQL. This prevents unauthorized personnel from using cloud platform software or database connection tools to access sensitive plaintext data.	Column encryption
OSS data leak	DSC checks the AccessKey pairs of Alibaba Cloud accounts or RAM users in the source code on GitHub and in authorized OSS buckets. This helps check whether AccessKey pairs are leaked. Note If you want DSC to generate alerts for leaked AccessKey pairs that are used to access OSS buckets and handle the AccessKey pair leaks, you must purchase the data detection and response feature, which is a value-added feature provided by DSC.	OSS data leak detection
Data auditing	DSC allows you to enable and configure the data auditing mode for databases and OSS data. This way, DSC collects the operation logs of data assets and then stores the logs for data auditing and analysis. Important The free log storage capacity is provided only in the first month after you activate DSC Free Edition for the first time. If you require log storage capacity in the succeeding month, you must enable the log storage feature, which is a value-added feature provided by DSC.	Enable and configure the data auditing mode
Data auditing	DSC audits your data assets based on built-in and custom audit rules and displays audited session information, raw logs, and audit alerts. Note You cannot use the whitelist feature to handle alerts. If you want to manage whitelists, you must purchase DSC Enterprise Edition.	Audit alerts
System settings	DSC provides alert notifications, email reports, and OSS synchronization configurations.	System settings

Use DSC Free Edition

Activate DSC Free Edition

Log on to the DSC console. Click Activate Free Edition and authorize DSC to access other cloud resources as prompted.

View DSC Free Edition resources

On the Workbench page, view the current resource usage.

Turn on User Guide to view the instructions for using DSC.

Release DSC Free Edition

Manual release

Exit the user guide from the Overview page. Then, click Release in the Edition Information section to release DSC Free Edition.

After you release DSC Free Edition, the authorized assets and related data are retained. If you have not purchased DSC, you can re-activate DSC Free Edition.

If you re-activate DSC Free Edition in the current month, the remaining quotas before the release are retained and available.
If you re-activate DSC Free Edition in a subsequent month or later, the quotas are reset to the initial values.

Automatic release

After you purchase a paid edition of DSC, DSC Free Edition is automatically released.

Important

If you purchase Value-added Plan, the authorized assets and related data are retained.
If the edition you purchase is not Value-added Plan, the authorized assets and related data are released when Free Edition is released.

Usage duration

If you do not purchase a paid edition of DSC, you can use DSC Free Edition for an unlimited period of time.