Service | Document Index |
Data Security Center (DSC) (Sensitive Data Protection) | Grant DSC access to cloud resources Before checking the data security of your cloud assets with DSC, grant DSC access to your cloud resources. Asset Center (Legacy) Before using DSC to detect sensitive data or audit data activities in your cloud products, authorize your asset instances. Sensitive data classification and grading DSC provides solutions to detect sensitive data for various industries, such as finance, energy, and automotive. It checks your assets for sensitive data. Risk governance Security baseline checks Dynamically checks data asset configurations to detect risks in your Alibaba Cloud database assets. It verifies the security of settings for identity verification, access control, encryption, backup, and recovery. Configure and perform data masking DSC provides static and dynamic data masking to cover, encrypt, or replace sensitive data. OSS image masking DSC provides an OSS image masking feature. Create image masking tasks to scan and identify images in a target bucket that contain sensitive information, such as ID card numbers or license plate numbers. The feature then masks the sensitive information using a specified method, such as covering it with a gray rectangle. Column encryption DSC provides a column encryption feature to encrypt access to sensitive data columns identified in RDS database tables. This prevents unauthorized users from directly accessing plaintext data through cloud platform software or database connection tools. Data becomes usable but not visible within the database, which protects against internal and external security threats and ensures your cloud data remains private.
Data detection and response Cloud-native data audit DSC provides a data audit feature. After you enable data audit, DSC collects operation audit logs for your databases based on the selected audit pattern. Using enabled alert rules, it then analyzes these logs to detect and report risks such as abnormal operations, data leaks, vulnerability attacks, and SQL injection.
Log analysis Log analysis Analyze database activity by viewing audit logs. This helps track potential malicious behavior or unauthorized access and investigate the causes of security events. Log storage management By default, Data Security Center provides 200 GB of log storage for each database instance and 50 GB for each TB of OSS storage capacity. View your current storage capacity and manage it by scaling out, deleting data, or configuring alerts as needed. You can also adjust log storage rules.
System settings Configure alert notifications by email, text message, and phone Configure notifications for audit alerts, storage alerts, and abnormal AccessKey access. Manage whitelists Manage whitelists for audit alerts. Sync sensitivity level tags to OSS files OSS lets you grant different access permissions to different Resource Access Management (RAM) users using bucket file tags. This lets you control access to OSS files. Manage assets by data domain Enterprise administrators can use data domains to classify and manage data assets based on dimensions such as business properties, organizational structure, and data features. Grouping data assets with common properties into the same data domain allows administrators to efficiently manage the assets and their sensitive data. Report analysis DSC displays the audit status and security risk analysis of your data assets through comprehensive analysis reports, compliance analysis reports, performance analysis reports, security operations analysis reports, and database business and session analysis reports. Multi-account management The DSC multi-account management feature lets enterprises centrally manage data assets, data objects, and audit logs from multiple Alibaba Cloud accounts.
|
DataBase Audit | |