Asset Map

Constraints

A maximum of 1000 assets can be displayed.

Prerequisites

• Asset access permissions have been granted. For details, see Allowing or Disallowing Access to Cloud Assets.
• You have added database assets to DSC. For details, see section Database Assets.

Asset Map Functions

• Sorted data assets: Risky cloud data assets are sorted and displayed on an asset map, so that you know where the risky assets are.
• Sensitive data display: DSC displays sensitive data by classifications. It identifies and classifies sensitive data using a three-layer identification engine, including default compliance rules, natural language semantic identification, and advanced file similarity detection.
• Data egress analysis: DSC provides a unified data egress view based on the asset map to help you identify all data egresses of on the cloud and potential security risks of these egresses, so you can take corresponding data security protection measures.
• Risk monitoring and alarming: DSC monitors data asset risks using the risk identification engine, displays the risk distribution for each asset type, and reports alarms for you to take quick response.
  • Security Score: The asset map displays the overall security score of all your assets. For details about the scoring rules, see Asset map scoring rules.
  • Risk Level: Assets are classified based on the detected risk levels to facilitate viewing and management. You can click the number above a risk level to view asset risk details.

Viewing Risk Statistics

1. Log in to the management console.
2. Click in the upper left corner and select a region or project.
3. In the navigation tree on the left, click . Choose Security and Compliance > Data Security Center .
4. In the navigation pane, choose Asset Map.
   Figure 1 Asset map
   

5. When you move the cursor to Risk Statistics, asset information under each Security Level is displayed.
   • You can click the search box to search for and view the risk level of an asset type.
   • Click Analyze to scan again. Move the cursor to the Risk Statistics tab to check whether the scanning is complete.
   • Click View. The Protection Policy Analysis dialog box is displayed. View details about risky configuration items, risk levels, and recommended configuration policies of assets, and click Modify or View Details in the Operation column to handle risky configuration items.
   Figure 2 Risk Statistics
   

6. Move the cursor to a risk data type on the Risk Statistics tab page. All risky assets of the data type are displayed in the dialog box on the right.
7. Click the asset name. The data table details are displayed in the dialog box on the right.
   • Sensitive data identification: displays the risk level, total number of data tables, total number of sensitive tables, latest scanning time, and categorization and leveling template of the data table. You can click Details to go to the Sensitive Data Identification page. For details, see section Sensitive Data Identification.
     Figure 3 Sensitive object identification details
     
   • Security policy analysis: checks whether high-risk permissions, such as server-side encryption, database encryption, transmission encryption, security group, and public network access, are enabled and displays permission notifications. You can click View or Modify to handle the permissions.
   • Data exit analysis: You can click the data table name to go to the Details dialog box and click the Data exit analysis tab to view the data exit details. You can also move the cursor to the data type icon or VPC icon on the asset map to view the data exit gateways.
     Figure 4 Data exit analysis
     

Asset map scoring rules

Risk score of an asset = Sensitivity level of the asset x Risk level of the asset x Coefficient score

• The sensitivity level of an asset is calculated as follows:
  • The sensitivity level of an OBS bucket is the maximum sensitivity level of all files in the bucket. The sensitivity level of a database or big data is the maximum sensitivity level of all tables.
  • The mapping between the score ranges (in the old version) and sensitivity levels is as follows: 8–10 points for high sensitivity, 4–7 points for medium sensitivity, and 1–3 points for low sensitivity.
• Asset risk level = MAX(Risk level score of the static asset configuration, Risk level score of the dynamic asset threats)
  • The risk level score of the static asset configuration is the maximum security level in the security protection policy analysis of the asset.
  • The risk level score of the dynamic asset threats is the maximum security level in the threat analysis of the asset.
  • The risk level scores are as follows:
    • Low risk: 1 point
    • Medium risk: 2 points
    • High risk: 3 points
• The coefficient score is related to the total number of assets. It is calculated as follows:
  • Assume that you have X assets, all of which have a high sensitivity and risk level. Your asset security score is 0, and risk score is 100 which is equal to X x 3 x 3 x Y. Y is the coefficient score and is equal to 100/9X.
  • If all the X assets have a low sensitivity and risk level, the risk score is 11.1 which is equal to X x 1 x 1 x 100/9X, and the security score is 88.9.
  • If all the X assets have a medium sensitivity and risk level, the risk score is 44.4 which is equal to X x 2 x 2 x 100/9X, and the security score is 55.6.
• According to the preceding calculation rules, the score ranges for high-, medium-, and low-risk assets are as follows:
  • 100: no risk
  • 81-99: low risk
  • 51-80: medium risk
  • 0-50: high risk

Related Operations

• If you want to change authorization status of your assets, click Modify in the upper right corner. If you want to stop authorization of your assets, ensure that the assets have no ongoing tasks. DSC will delete your agencies and assets and all related data. Exercise caution when performing this operation.
• Click in the lower right corner.
• Click in the lower right corner to display the asset map operation guide.
• Click in the lower right corner to display the data exception time, so that you can handle the exceptions in time.
• Click in the lower right corner to display the asset legend.