Help Center/ Data Security Center/ Best Practices/ How Do I Prevent Personal Sensitive Data From Being Disclosed During Development and Testing?
Updated on 2024-10-14 GMT+08:00

How Do I Prevent Personal Sensitive Data From Being Disclosed During Development and Testing?

Sensitive data refers to the data that may bring serious harm to the society or individuals after being leaked.

For individuals, privacy information, such as ID card numbers, home addresses, workplace information, and bank card numbers, is sensitive data. For enterprises or organizations, core information, such as customer information, financial information, technical information, and major decisions, is sensitive data.

Huawei Cloud Data Security Center (DSC) can perform static data masking on a large amount of data in one operation based on anonymization rules. Static anonymization is usually used when sensitive data in the production environment needs to be transferred to the development, test, or outside environment. It is applicable to scenarios such as development and test, data sharing, and data research.

Common Causes of Data Breaches

  • Insider leakage
    • Laptops or mobile devices are lost or stolen.
    • Sensitive data or storage is accessed by unauthorized personal
    • Data is stolen by employees.
    • Sensitive data is sent, printed, and copied by employees.
    • Sensitive data is accidentally transmitted out.
  • Leakage caused by external attacks
    • Data access is uncontrollable, or there are security vulnerabilities in the data storage system.
    • Improper configurations allow external attacks.
    • Sensitive data or storage is accessed by unauthorized personal

Scenario

Assume that the dsc_yunxiaoke table in the rsd-dsc-test database stores the information of the following bank employees:

Figure 1 Bank employee information

To identify and mask sensitive data in the table, you can identify sensitive data and generate the identification result, and then mask the identified sensitive data using the SHA256 algorithm in Hash.

Step 1 Identifying Sensitive Data

  1. Buy DSC.
  2. Log in to the management console.
  3. In the left navigation page, click , and choose Security > Data Security Center.
  4. In the left navigation pane, choose Sensitive Data Identification > Identification Task.
  5. Click Create Task. In the displayed dialog box, configure the basic parameters.
  6. Click OK. The sensitive data identification task list is displayed.

    Figure 2 Sensitive data identification task list

  7. When the status of the identification task changes to Identification completed. Click View Result in the Operation column to go to the result details page.

    Figure 3 Identification result details

    The birthday dates and email addresses are identified as sensitive data, as shown in Figure 3.

  8. Perform operations described in Step 2. Masking Sensitive Data to mask the sensitive data in the Birthday and Email columns of the dsc_yunxiaoke table in the rds-dsc-test database.

Step 2. Masking Sensitive Data

DSC allows you to create masking tasks for various data sources such as databases and Elasticsearch. The masking methods are similar. This section describes how to create a static masking task for a database. For details about other masking methods, see the following:

  1. In the left navigation pane, choose Data Asset Protection > Static Data Masking. The Data Masking page is displayed.
  2. Set Mask Sensitive RDS Data to .
  3. Click Create Task to configure the data source.

    Select all data types if you want a complete table that contains all types of data after the data masking is completed.

    Figure 4 Data source configuration

  4. Click Next to switch to Set Masking Algorithm.

    Figure 5 Configuring the data masking algorithm

  5. Click Next to switch to the Configure Data Masking Period page and configure the data masking period.

    Figure 6 Configuring data masking period

  6. Click Next to the Set Target Data page and configure the storage location of the table generated after data masking.

    Figure 7 Configuring the storage location of the table generated after data masking

  7. Click Finish to return to the database data masking task list. Click to enable the masking task and then Execute in the Operation column to execute the task.

    If the status changes to Completed, the data masking task has been successfully executed.

Verifying the Result