Help Center> Data Security Center> Service Overview> Functions
Updated on 2024-04-11 GMT+08:00
View PDF

Functions

Table 1 lists the DSC functions.
Table 1 DSC functions

Function

Description

Reference Document

Asset Map

You can view multiple aspects of your asset security, such as asset overview, categories and levels, permission configuration, data storage, and sensitive data. This helps you quickly detect risky assets and handle them.

  • Asset Visualization
    • Service data assets: All data assets on the cloud, including OBS, RDS, CSS, Hive, and HBase assets are visualized.
    • Data risk: The categorization and leveling results display the risk levels of data.
    • Region display: The region where each asset is located is displayed based on the cloud resource VPC and associated with the service region.
  • Egress Visualization
    • Data egresses: All data egresses on the cloud are identified, including EIP, NAT, API Gateway, and ROMA.
    • Asset and egress association: Cloud egresses are associated with data assets and data asset categorization and leveling results.
    • Cascading association: Egresses and the cascading egresses are displayed.
  • Policy Visualization
    • Data security policies: All security policies of data assets are detected based on cloud native capabilities and policy risks are displayed.
    • Policy recommendation: Different security policy configurations are recommended based on the data asset level.

Asset Map

Asset Management
  • Assets: DSC manages the data assets added to DSC, including OBS, databases, MRS, and big data.
  • Asset catalog: You can view statistics about your data from different domains or of different types.
  • Data exploration: You can view details about all the added data assets and add descriptions, tags, security levels, and classifications to databases, tables, and data views to manage data assets by level and classification.
  • Metadata tasks: You can create metadata tasks to collect data assets as metadata. In this way, you can manage data assets by level and classification.
  • Asset group management: Data can be managed by group.

Asset Management

Sensitive Data Identification
  • Automatic data classification: DSC precisely and efficiently identifies sensitive data from structured data stored in Relational Database Service (RDS) and GaussDB(DWS) and unstructured data stored in Object Storage Service (OBS), covering all data on the cloud.
    • File types: DSC can identify sensitive data from over 200 types of unstructured files.
    • Data types: DSC is able to identify dozens of personal privacy data types (Chinese or English).
    • Image types: DSC is able to identify sensitive words (Chinese and English) in eight types of images such as PNG, JPEG, x-portable-pixmap, TIFF, BMP, GIF, JPX, and JP2.
    • Compliance templates: Various templates built in DSC are used to check whether data is compliant with regulations and standards such as General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA).
  • Automatic identification of sensitive data
    • Automatic identification of sensitive data and personal privacy data
    • Customized identification rules to meet various requirements of different industries
    • Visualized identification results

The identification duration depends on the data volume, number of identification rules, and scan mode. For details, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Creating a Sensitive Data Identification Task

Data Masking

Supports static data masking and dynamic data masking.

Data masking has the following features:

  • Zero impact: DSC reads data from original databases, statically masks sensitive data using precise masking engines, and saves the masked data separately without affecting your data assets.
  • Various data sources: Data of various sources on the cloud, such as RDS, self-built databases on ECSs, or big data, can be masked to meet security requirements.
  • Custom data masking policies: DSC provides you with over 20 preset data masking rules. You can use the default masking rules or customize the masking rules to mask sensitive data in the specified database table. For details about the data masking algorithms supported by DSC, see Data Masking Algorithms.
  • Easy and quick masking rule configuration for security compliance: Easy and quick data masking rule configuration can be achieved based on data scanning results.

In addition, DSC provides APIs for dynamic data masking. For details, see Dynamic Data Masking.

DSC uses preset and customized masking algorithms to mask sensitive data stored in RDS, Elasticsearch, MRS, Hive, and HBase. For details about the masking duration, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Configuring a Data Masking Rule

Data Watermarking

Provides the functions of adding and extracting watermarks for databases and documents.

  • Copyright proof: The owner information is added to the assets to specify the ownership, achieving copyright protection.
  • Automated monitoring: The user information is added to the assets for tracing data leak.

DSC provides APIs for dynamically adding data watermarks and extracting watermarks from data. For details, see DSC API Reference.

Watermark Injection

OBS Usage Audit

DSC detects OBS buckets based on sensitive data identification rules and monitors identified sensitive data. After abnormal operations of the sensitive data are detected, DSC allows you to view the monitoring result and handle the abnormal events as required.

OBS Usage Audit

Multi-Account Management

After the multi-account management function is enabled, the security administrator can protect the data of all member accounts without logging in to them.

Multi-Account Management

Alarm Notifications

Sends notifications through the notification method configured by users when sensitive data identification is completed or abnormal events are detected.

Alarm Notifications