Data Security Center (DSC) Free Edition is a permanent free tier available to all Alibaba Cloud users. It provides a fixed quota of data asset protection — including sensitive data classification and categorization, baseline checks, and data auditing — with no expiration date, as long as you have not purchased a paid edition.
Who can use the Free Edition
The Free Edition is available to:
Alibaba Cloud accounts and Resource Access Management (RAM) users that have completed individual or enterprise verification.
Accounts that have not purchased any paid edition of DSC.
Free resource quotas
The following table lists the resources included in the Free Edition. Quotas are shared across your entire instance.
| Feature | Resource | Free quota |
|---|---|---|
| Asset authorization | Database instances | 500 |
| OSS and SLS protection | Object Storage Service (OSS) and Simple Log Service (SLS) protection amount | 500 TB |
| Classification and categorization | OSS and SLS data detection amount | 5 GB |
| Classification and categorization | Database tables for detection | 100 |
| Risk governance | Baseline check items | 51 items |
| Column encryption | Columns | 1 |
| Detection and Response | Log storage for data auditing | 5 GB |
| Detection and Response | AccessKey (AK) leak detection | Supported |
| Detection and Response | Database account and password detection | Supported |
The 5 GB log storage quota for data auditing applies only during the first month after you activate the Free Edition for the first time. To continue using data auditing after that period, purchase log storage as a value-added service.
Limitations
The following capabilities are not available in the Free Edition:
Baseline checks: Only 51 of the check items in the Alibaba Cloud Data Security Best Practices baseline are included. The PIPL Security baseline is not supported. To use the PIPL Security baseline, purchase a paid edition.
Data auditing — whitelist management: The whitelist feature is not available when handling audit alerts. To manage whitelists, purchase an Enterprise instance of DSC.
Data auditing — native log collection: Enabling native log collection mode for certain databases and OSS buckets incurs additional fees for storing audit logs beyond the free quota. For details, see Additional fees for cloud services that are connected to DSC.
Upgrades and renewals: The Free Edition cannot be upgraded or renewed. To access more resources, purchase a paid edition of DSC.
For a full comparison across editions, see Differences between editions.
Features
| Feature | Description | Documentation |
|---|---|---|
| Asset management | Automatically discovers and connects to data assets on Alibaba Cloud. Supports one-click connection for RDS, PolarDB, PolarDB-X, PolarDB-X 2.0, Redis, OSS, SLS, TableStore, and MaxCompute. Supports account-and-password connection for RDS, PolarDB, PolarDB-X, PolarDB-X 2.0, MongoDB, OceanBase, self-managed databases, and AnalyticDB. The number of authorized data assets cannot exceed the free quota. | Asset Center |
| Sensitive data classification and categorization | Uses built-in and custom detection models to detect sensitive data across your assets. Supports sensitive data search. Detection amounts are subject to the free quota. | Scan for sensitive data using a detection task |
| Baseline check | Dynamically checks the configurations of your data assets on Alibaba Cloud, detecting risks in identity verification, access control, encryption, and backup and recovery. Only 51 of the Alibaba Cloud Data Security Best Practices baseline check items are included. For a full list of supported items, see the Policy Management tab on the Risk Governance > Configuration Risks page in DSC. | Security baseline check |
| Column encryption | Encrypts sensitive column data in ApsaraDB RDS for MySQL and PolarDB for MySQL, preventing unauthorized access to plaintext sensitive data through cloud platform software or database connection tools. | Column encryption |
| Data detection and response | Detects and handles risk events including AK leaks, database account and password leaks, mixed use of human and machine accounts, and public storage of sensitive information. | Data leak detection |
| Data auditing | Configures audit mode for database and OSS assets, then collects and stores operation logs for auditing and analysis. The free log storage quota applies only in the first month. To continue, purchase log storage as a value-added service. DSC also audits assets using built-in and custom audit policies, displaying session information, raw logs, and audit alerts. Whitelist management in alert handling requires an Enterprise instance. | Configure and enable the audit mode and Audit alerts |
| System configuration | Configures alert notifications, email reports, and OSS synchronization. | System settings |
Activate the Free Edition
Log on to the Data Security Center console.
Click Activate Free Edition.
Follow the on-screen instructions to grant DSC permissions to access your cloud resources.
View resource usage
After activation, view current quota consumption on the Workbench page.
Click the switch to the right of Beginner's Guide to access onboarding instructions.
Release the Free Edition
To release the Free Edition instance manually:
Go to the Overview page and close the Beginner's Guide.
Click Release in the Version Information section.
After releasing, authorized assets and related usage data are retained by default. If you have not purchased a paid edition, you can reactivate the Free Edition at any time — your authorized assets and usage data are preserved.
Reactivate in the same month: The free quota picks up from the remaining balance at the time of release.
Reactivate in a different month: The free quota resets to the initial amount.
Usage duration
The Free Edition has no time limit. It remains available as long as you have not purchased a paid edition of DSC.