Help Center/ Data Security Center/ Best Practices/ DSC Security Best Practices
Updated on 2025-07-08 GMT+08:00
View PDF
Share

DSC Security Best Practices

Security is a responsibility shared between you and Huawei Cloud. Huawei Cloud ensures the security of cloud services for a secure cloud. As a tenant, you should utilize the security capabilities provided by cloud services to protect data and use the cloud securely. For details, see Shared Responsibilities.

Consider the following aspects for your security configurations:

  • Using the DSC Professional Edition

    DSC Professional Edition offers enhanced data security protection capabilities compared to DSC Basic Edition. Specifically, it supports static data masking and data watermark injection/extraction. Data watermarks contribute to preventing the unauthorized disclosure of sensitive information. The data watermark injection and extraction features facilitate the tracing of data lineage and enable the accurate identification of the source and responsible party in the event of a data leak.

  • OBS Data Security Protection

    Sensitive data encompasses personal information, passwords, cryptographic keys, confidential images, and other high-value assets. This type of data is commonly stored in various formats within OBS buckets. In the event of a data breach, organizations can incur substantial financial loss and suffer significant reputational damage. You are advised to complete the Best Practices of OBS Data Security Protection to learn about the security status of your OBS data assets at any time.

  • Regularly Reviewing and Revoking Unused Authorizations

    DSC requires authorization for each asset module to operate correctly. It is strongly recommended to regularly review the authorized assets and adhere to the principle of least privilege by granting only the necessary permissions based on your specific service requirements. For details, see Allowing or Disallowing Access to Cloud Assets.

  • Configuring Static Data Masking

    DSC Professional provides the static data masking function to help you prevent sensitive data leakage. For details, see Static Data Masking.

  • Enabling and Configuring Alarm Notifications

    You can set alarm notifications and configure notification topics when creating or editing a sensitive data identification task to obtain the sensitive data identification result and learn about asset security risks in a timely manner. For details, see Alarm Notifications.