This topic describes how to integrate Alibaba Cloud Object Storage Service (OSS) with Sensitive Data Discovery and Protection (SDDP) to identify, classify, and protect sensitive data.
Prerequisites
- SDDP is activated.
For more information, see Quick start.
- OSS is activated.
For more information, see Activate OSS.
Background information
Sensitive data is stored in a variety of forms across different storage systems, and can include high value data such as personal data, passwords, keys, and sensitive images. How to identify, locate, and protect sensitive data is essential. OSS provides a number of options to secure data, such as fine-grained access control and data encryption. OSS also provides data protection mechanisms such as ZRS, cross-region replication, and versioning, as well as monitoring and audit capabilities such as Log storage and Real-time log query. You can also integrate OSS with SDDP to better identify, classify, and protect sensitive data.
Scenarios
- Sensitive data identification
Enterprises have large amounts of data, but they cannot accurately identify whether their data contains sensitive information or where the sensitive data is located. You can integrate OSS with SDDP to scan and classify data stored in OSS by using the built-in rules for algorithms of SDDP or by using custom rules that meet your industry requirements. You can also make further protection arrangements based on scan results. For example, OSS provides access control and encryption features to protect data.
- Data masking
If you share data for analysis or use without first masking it, sensitive data may be leaked. Built-in and custom masking algorithms are available when OSS is integrated with SDDP. You can use these algorithms to mask sensitive data in the production environment before data is transferred to other environments such as the development and testing environments. This ensures that the sensitive data remains secure while being usable in other environments.
- Anomaly detection and audit
SDDP uses an intelligent model to analyze and audit access to sensitive data in OSS. If a risk is detected, SDDP sends an alert to your data security team. This helps you improve risk prediction and prevention capabilities.
Benefits
- Visual
- SDDP displays sensitive data detection results on a graphical user interface (GUI), which allows you to clearly view the security status of your data.
- SDDP monitors data access and provides audit logs for you to trace anomalous activities, which reduces security risks for your data.
- SDDP increases the overall security transparency of your data assets and enhances data governance.
- SDDP reduces the cost of maintaining data security and provides fundamental data for you to formulate security rules that are suitable for your enterprise.
- Intelligent
- SDDP uses big data and machine learning technologies as well as intelligent algorithms to detect and monitor sensitive data and high-risk activities such as anomalous data access and potential data leaks. Additionally, SDDP provides suggestions to resolve detected issues.
- SDDP allows you to customize the rules to detect sensitive data so that you can ensure that sensitive data is detected and protected more accurately and efficiently.
- SDDP integrates complex data formats and content to a unified data risk model and presents data in a standard manner for you to protect your key data assets.
- Cloud-native
- SDDP takes advantage of cloud services and supports multiple cloud data sources.
- Compared with traditional sensitive data protection software, SDDP provides a more robust service architecture and higher availability at lower costs and features higher system security.