How Do I Prevent Personal Sensitive Data From Being Disclosed During Development and Testing?

Common Causes of Data Breaches

• Insider leakage
  • Laptops or mobile devices are lost or stolen.
  • Sensitive data or storage is accessed by unauthorized personal
  • Data is stolen by employees.
  • Sensitive data is sent, printed, and copied by employees.
  • Sensitive data is accidentally transmitted out.
• Leakage caused by external attacks
  • Data access is uncontrollable, or there are security vulnerabilities in the data storage system.
  • Improper configurations allow external attacks.
  • Sensitive data or storage is accessed by unauthorized personal

Scenario

Assume that the dsc_yunxiaoke table in the rsd-dsc-test database stores the information of the following bank employees:

Figure 1 Bank employee information

To identify and mask sensitive data in the table, you can identify sensitive data and generate the identification result, and then mask the identified sensitive data using the SHA256 algorithm in Hash.

Step 1 Identifying Sensitive Data

1. Buy DSC.
2. Log in to the management console.
3. In the left navigation page, click , and choose Security > Data Security Center.
4. In the left navigation pane, choose Sensitive Data Identification > Identification Task.
5. Click Create Task. In the displayed dialog box, configure the basic parameters.
   Figure 2 Creating a sensitive data identification task
   

6. Click OK. The sensitive data identification task list is displayed.
   Figure 3 Sensitive data identification task list
   

7. When the status of the identification task changes to Identification completed. Click View Result in the Operation column to go to the result details page.
   Figure 4 Identification result details
   

   The birthday dates and email addresses are identified as sensitive data, as shown in Figure 4.

8. Perform operations described in Step 2. Masking Sensitive Data to mask the sensitive data in the Birthday and Email columns of the dsc_yunxiaoke table in the rds-dsc-test database.

Step 2. Masking Sensitive Data

DSC supports database masking, ES masking, MRS masking, Hive masking, and HBase masking tasks. The masking methods are similar. This section uses creating a database static masking task as an example. For details about other masking methods, see:

• Creating and Running an Elasticsearch Data Masking Task
• Creating and Running an MRS Data Masking Task.
• Creating and Running a Hive Masking Task.
• Creating and Running an HBase Masking Task.

1. In the left navigation pane, choose Data Masking. The Data Masking > Sensitive Database Data Masking page is displayed by default.
   Figure 5 Accessing the Database Data Masking tab page
   

2. Set Mask Sensitive RDS Data to .
3. Click Create Task to configure the data source.

   Select all data types if you want a complete table that contains all types of data after the data masking is completed.

   Figure 6 Data source configuration
   

4. Click Next to switch to Set Masking Algorithm.
   Figure 7 Configuring the data masking algorithm
   

5. Click Next to switch to the Configure Data Masking Period page and configure the data masking period.
   Figure 8 Configuring data masking period
   

6. Click Next to the Set Target Data page and configure the storage location of the table generated after data masking.
   Figure 9 Configuring the storage location of the table generated after data masking
   

7. Click Finish to return to the database data masking task list. Click to enable the masking task and then Execute in the Operation column to execute the task.

   If the status changes to Completed, the data masking task has been successfully executed.

Verifying the Result