Differences between cloud-native and traditional data audit

更新时间:
复制 MD 格式

The traditional data audit feature of Data Security Center (DSC) is no longer available for new purchases. Services for existing users are not affected. DSC now fully supports cloud-native data audit, which simplifies operations and provides more powerful features.

Architecture comparison

Cloud-native data audit

You can collect traffic logs in cloud-native or agent-based mode. Cloud-native collection provides the following advantages:

  • Out-of-the-box and one-click access

    Deep integration with native database logs enables real-time synchronization in the console. You can quickly enable audit capabilities without performing complex configurations.

  • Deep integration with native database logs

    This feature directly collects native database logs. This method is unaffected by network fluctuations, ensures complete log integrity with zero loss, and does not impact application performance.

  • Agentless architecture with zero performance loss

    No agent deployment is required for native databases. This agentless architecture does not affect server performance and ensures stable business operations.

The following figure shows the recommended log collection configurations and architectures for different asset types.

image

Traditional data audit

Traditional data audit only supports agent-based mode. In this mode, you deploy an agent on the database server or the application server that accesses the database. The agent collects access logs to audit your ApsaraDB instances.

Feature comparison

Comparison Item

Data Security Center (Cloud-native Data Audit)

Traditional Data Audit

Data Audit C100

Data Audit D100

Product performance

Coverage

Supports 11 types of cloud-native databases and 38 types of self-managed databases

Supports 5 cloud products and 43 types of self-managed databases

Supports 5 cloud products and 35 types of self-managed databases

Audit policies

Over 1,000

Over 900

Over 40

Detection and Response

AK leaks and data leakage threats (Requires purchase of a value-added service)

None

None

Access and usage

VPC limit

Unlimited

Single VPC

  • Fewer than 10 instances: 1 VPC allowed for auditing.

  • 10 to 15 instances: 2 VPCs allowed for auditing.

  • More than 15 instances: 5 VPCs allowed for auditing.

Usage method

  • Cloud databases support out-of-the-box cloud-native audit.

  • Self-managed databases support agent-based traffic collection.

Only supports agent-based traffic collection.

Only supports agent-based traffic collection.

Region support

  • No region restrictions within the Chinese mainland.

  • Outside the Chinese mainland, supports Malaysia, Indonesia, and Germany.

Single region only

Single region only

Log archiving

Supported (Saves 50% on extra storage fees)

Not supported

Not supported

Sales

Type

Supports new purchases, renewals, and upgrades.

Only renewals are supported. New purchases are not available.

Official website discount

New purchases/Renewals: 15% off

No discount for renewals

For more information about cloud-native data audit, see Choose an audit mode to enable data audit.