If you purchase Data Security Center (DSC) and you want to use DSC to detect sensitive data or monitor exceptions in Object Storage Service (OSS) buckets or detect sensitive data in Simple Log Service (SLS) projects, you must authorize DSC to access OSS and Simple Log Service.
Prerequisites
You have activated the Free Edition of Data Security Center or purchased a paid edition of Data Security Center.For more information, see Free Edition of Data Security Center or Purchase DSC.
You have authorized Data Security Center to access cloud services. For more information, see Authorize DSC to access cloud resources.
Step 1: Authorize DSC to access OSS and Simple Log Service
Log on to the Data Security Center console.
In the navigation pane on the left, select Asset Center.
In the left-side navigation tree of the Authorization Management tab, click the required service, such as OSS, in the Unstructured Data section.
Click Asset Authorization Management.
Optional. In the Asset Authorization Management panel, click Asset synchronization.
After you purchase DSC and complete authorization on the Welcome page, DSC automatically synchronizes data assets in the cloud. In this case, you do not need to synchronize data assets. DSC scans for newly added data assets at 00:00 every day and automatically synchronizes them to unauthorized asset lists. If you want to authorize DSC to access the assets that are created on the current day, you must manually synchronize the assets.
Click Authorization in the Actions column of the asset that you want to manage.
If you want to authorize DSC to access multiple assets, select the assets and click Batch Authorize.
Step 2: Connect assets to DCS
Go to the Authorization Management tab, find the required asset that you want to manage, and then click Connect in the Actions column. For example, you can click an OSS bucket. If Connected is displayed in the Connection Status column, the asset is connected. DSC automatically synchronizes data of the asset.
If DSC is authorized to access a Simple Log Service project, DSC synchronizes only project data generated until 23:59 on the day before the day when the project is connected to DSC.
What to do next
After you successfully connect to the database, DSC automatically creates a default task.
If you select Scan Data Assets and Detect Data Now during the One-click Connection process, the default task runs immediately.
If you did not select Scan Data Assets and Detect Data Now during the One-click Connection, you can go to the Detection Task tab on the page. In the Default Task list, click Rescan to manually run the default task.
You can customize the rescan time and scan epoch for the default task. For more information, see Adjust the scan settings of a default task.
The default task uses the primary detection template (by default, the Internet industry classification and categorization template and the general detection template) to scan the onboarded data assets. You can check the status of the detection task to determine its completion time.
The primary detection template can be a built-in detection template or a custom detection template. For more information, see Set a primary detection template.
If the primary detection template is a built-in detection template, the General Detection Template (which complies with personal information security specifications) is also used. If the primary detection template is a custom detection template, the General Detection Template is not used.
Check the completion time of the default task. For more information, see View a default task.
View the results of data classification and detection. For more information, see View the results of sensitive data detection.
References
If you want to use more identification templates to scan the data of the connected assets to identify sensitive data, you can create a custom identification task and use an identification template that is enabled to scan the assets. For more information, see Create a custom identification task.
DCS allows you to identify and classify sensitive data and build a multi-level and dynamic security and monitoring mechanism to trace the usage of sensitive data. DSC uses predefined security management policies to ensure data protection, auditing, and alerting capabilities and provides risk assessment and response, and fine-grained control capabilities of file access. This helps you detect, locate, and protect sensitive data in OSS. For more information, see OSS data security protection solution.
FAQ
For frequently asked questions about data asset authorization and their solutions, see Data authorization.