Unstructured data OSS - Data Security Center - Alibaba Cloud Documentation Center

After you purchase a Data Security Center (DSC) instance, you must enable the relevant features before using DSC to detect sensitive data in Object Storage Service (OSS) or monitor abnormal operations on OSS buckets.

Prerequisites

You have enabled the Free Edition of Data Security Center or purchased a paid edition. For more information, see DSC Free Edition or Purchase DSC.
You have granted DSC the permissions to access Alibaba Cloud services. For more information, see Grant DSC permissions to access cloud resources.

View asset details

Log on to the Data Security Center console.
In the navigation pane on the left, choose Asset Center.
In the navigation pane on the left, under Unstructured Data, choose OSS.
Note
After you purchase a DSC instance, a sync task for your cloud assets runs automatically the first time you log on to the console. You do not need to perform this operation manually. DSC automatically scans and syncs the asset list daily at midnight. You can also go to the Asset Center in the navigation pane on the left to manually perform an Asset synchronization.
At the top of the Asset Center page, view the Total Assets, Feature Status, and the usage of the purchased instances and storage for this asset type.
You can click the number below a disabled feature to filter the list.

Enable features

For Object Storage Service (OSS), you can manually enable the Configuration Risks, Classification and Grading, Data Auditing, Data Detection and Response, and Image Masking features. You can also use the Enable feature.

Note

The Enable With One Click feature supports only Configuration Risks, Classification and Grading, Data Auditing, and Data Detection and Response. You must manually enable other features.

Manually enable a feature

To enable the Configuration Risks, Data Auditing, or Data Detection and Response feature, click the switch that corresponds to the feature.

Classification and Grading

Click to access the Classification and Grading feature.

In the Enable Classification and Grading dialog box, configure Activation Method and Authorization Scope, and then click OK.

Configuration Item	Description
Activation Method	Only Service-Linked Role Access is supported.
Authorization Scope	Only Entire data source is supported.
Automatically create and start a default scan task	If you select this option, DSC automatically creates a scan task to identify data after the bucket is connected.

Image Masking:

Click the Image Masking switch for the destination bucket.

In the Enable Image Masking panel, configure the parameters as described in the following table and click OK.

Configuration Item	Description
Task Name	A custom task name. This parameter helps you identify tasks.
Bucket	The name of the selected bucket. This parameter cannot be changed.
Masking Scope	Configure the scope of images to be desensitized. DSC performs a full scan to identify images in the selected bucket.
Scan Type	Select a start time for the task.
Image De-identification	Image Type: Select an image type. De-identification Method: Select an image desensitization method. Only Masking is supported. Note Image desensitization supports the following formats: PNG, JPG, JPEG, BMP, and WEBP. The size of a single image cannot exceed 10 MB. By default, desensitized images are stored in the `aliyun_dsc_desensitization` folder of the bucket to which the images belong.

Enable a feature with one click

In the Actions column of the destination bucket, click Enable.
In the Enable dialog box, select Scan assets and identify sensitive data now. as needed, and click OK.