DSC Security Best Practices
Security is a responsibility shared between you and Huawei Cloud. Huawei Cloud ensures the security of cloud services for a secure cloud. As a tenant, you should utilize the security capabilities provided by cloud services to protect data and use the cloud securely. For details, see Shared Responsibilities.
Consider the following aspects for your security configurations:
- Using the DSC Professional Edition
DSC Professional Edition offers enhanced data security protection capabilities compared to DSC Basic Edition. Specifically, it supports static data masking and data watermark injection/extraction. Data watermarks contribute to preventing the unauthorized disclosure of sensitive information. The data watermark injection and extraction features facilitate the tracing of data lineage and enable the accurate identification of the source and responsible party in the event of a data leak.
- OBS Data Security Protection
Sensitive data encompasses personal information, passwords, cryptographic keys, confidential images, and other high-value assets. This type of data is commonly stored in various formats within OBS buckets. In the event of a data breach, organizations can incur substantial financial loss and suffer significant reputational damage. You are advised to complete the Best Practices of OBS Data Security Protection to learn about the security status of your OBS data assets at any time.
- Regularly Reviewing and Revoking Unused Authorizations
DSC requires authorization for each asset module to operate correctly. It is strongly recommended to regularly review the authorized assets and adhere to the principle of least privilege by granting only the necessary permissions based on your specific service requirements. For details, see Allowing or Disallowing Access to Cloud Assets.
- Configuring Static Data Masking
DSC Professional provides the static data masking function to help you prevent sensitive data leakage. For details, see Static Data Masking.
- Enabling and Configuring Alarm Notifications
You can set alarm notifications and configure notification topics when creating or editing a sensitive data identification task to obtain the sensitive data identification result and learn about asset security risks in a timely manner. For details, see Alarm Notifications.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot