DocsICP FilingConsole
官方文档
首页

Manage sensitive data

更新时间:
复制 MD 格式
产品详情
我的收藏

To control and mask sensitive data in your RDS instances, use the sensitive data protection feature provided by Data Management (DMS).

Pricing

See Sensitive data protection pricing.

Function introduction

Data Management (DMS) offers the following sensitive data management capabilities:

  • Provides a sensitive data asset dashboard for unified management of enterprise-sensitive data distribution.

  • Automated data scanning.

    • Customize the data scan trigger interval.

    • Automatically detect, classify, and categorize enterprise-sensitive data to discover and manage it promptly.

  • Sensitive data masking management.

    • Offers flexible masking algorithm management to enable differentiated masking.

    • Provides a staging environment to test masking rules and detection rules.

  • Monitors, audits, and alerts on sensitive data for easy traceability.

Note

The RDS console only supports monitoring and statistics for sensitive fields in databases. To use all the features listed above, log on to the DMS console. For more information, see Manage sensitive data.

Procedure

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, click Data Security.

  3. On the right side of the page, click the SensitivDataManagement tab. As needed, click One-click activation.

    Important

    If the SensitivDataManagement page does not show the One-click activation button, DMS has not been activated. Click Log on to database in the upper-right corner. After successful logon, refresh the SensitivDataManagement page.

  4. In the Activate sensitive data protection window, review the billing details for sensitive data protection, then click Activate.

  5. After refreshing the page, click Account-password authorization.

  6. On the Authorization page, enter the destination instance’s database account and database password, then click Authorize.

    After activating the sensitive data management feature, you can view database-related information for the current instance and scan results for sensitive fields in the database. Based on the scan results, click Go to DMS to use sensitive data protection to access the DMS console and perform sensitive data control operations. For more information, see Manage sensitive data.

Page overview

  • Metadata summary: View database-related information for the instance, including number of databases, number of scanned tables, number of scanned fields, and number of sensitive fields.

  • Sensitive fields – Regulation distribution: View which regulations or policies apply to sensitive fields in your databases, along with the count and distribution of related sensitive fields.

  • Sensitive fields – Data type distribution: View the distribution of sensitive field data types in your databases. Data types represent semantic-based classifications of data. Default categories include the following:

    • Level 1 category: Personal information, enterprise information, location information, etc.

    • Level 2 category: Phone number, mailbox, bank card, etc.

    Note

    You can define custom data categories. For more information, see Manage sensitive data detection rules.

  • Sensitive data summary: View detailed sensitive data information from different perspectives (Database, Table, Field), including the following:

    • The database and table names containing sensitive information.

    • The sensitivity level of the sensitive information. For more information about sensitivity levels, see Glossary.

    • The regulations and data types associated with the sensitive information.

Previous:Enable or disable release protectionNext:Best practices for data security