Updated at: 2022-02-22 GMT+08:00


Table 1 describes the functions provided by DSC.
Table 1 DSC functions



Reference Document

Data Security Overview

DSC provides constant visibility of the security status of your data and displays the security status in data collection, transmission, storage, usage, exchange, and deletion.

Data Security Overview

Asset List

DSC manages the data assets added in DSC, including OBS, database, and big data.

For details about the restrictions on adding assets, see Constraints.

Adding Assets in Batches

Sensitive Data Identification

  • Automatic data classification: DSC precisely and efficiently identifies sensitive data from structured data stored in Relational Database Service (RDS) and unstructured data stored in Object Storage Service (OBS) based on the expert expertise and the techniques powered by AI.
    • File types: DSC can identify sensitive data from over 200 types of unstructured files.
    • Data types: DSC is able to identify dozens of personal privacy data types (Chinese or English).
    • Image types: DSC is able to identify sensitive words (Chinese and English) in eight types of images such as PNG, JPEG, x-portable-pixmap, TIFF, BMP, GIF, JPX, and JP2.
    • Compliance templates: Various templates built in DSC are used to check whether data is compliant with regulations and standards such as General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and Health Insurance Portability and Accountability Act (HIPAA).
  • Automatic identification of sensitive data
    • Automatic identification of sensitive data and personal privacy data
    • Customized identification rules to meet various requirements of different industries
    • File framework sort-out to precisely identify sensitive data.
    • Clear and intuitive compliance reports that can be downloaded

The identification duration depends on the data volume, number of identification rules, and scan mode. For details, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Creating an Identification Task

Data Usage Audit

Analyzes abnormal user behaviors. DSC establishes a user behavior library through deep learning of user behaviors. Any behavior not found in the library is deemed abnormal and an alarm will be reported on a real-time basis. You can then trace user behaviors and correlate the events with the users to identify who performed the risky operations.

The following behaviors are regarded as abnormal events:
  • Unauthorized users access and download sensitive data.
  • Authorized users access, download, and modify sensitive data, as well as change and delete permissions.
  • Authorized users change or delete permissions granted for buckets that contain sensitive data.
  • Users who accessed sensitive files fail to log in to the device.

Viewing an Abnormal Event

Data Masking

Supports static data masking and dynamic data masking.

Data masking has the following features:

  • Zero impact: DSC reads data from original databases, statically masks sensitive data using precise masking engines, and saves the masked data separately without affecting your data assets.
  • Various data sources: Data of various sources on the cloud, such as RDS, self-built databases on ECSs, or big data, can be masked to meet security requirements.
  • Custom data masking policies: DSC provides you with over 20 preset data masking rules. You can use the default masking rules or customize the masking rules to mask sensitive data in the specified database table. For details about the data masking algorithms supported by DSC, see Data Masking Algorithms.
  • Easy and quick masking rule configuration for security compliance: Easy and quick data masking rule configuration can be achieved based on data scanning results.

In addition, DSC provides APIs for dynamic data masking. For details, see Dynamic Data Masking.

DSC uses preset and customized masking algorithms to mask sensitive data stored in RDS and CSS. For details about the masking duration, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Configuring a Data Masking Rule

Data Watermarking

Adds watermarks to or extracts watermarks from PDF, PPT, Word, and Excel files.

  • Copyright proof: The owner information is added to the assets to specify the ownership, achieving copyright protection.
  • Automated monitoring: The user information is added to the assets for tracing data leak.

DSC provides APIs for dynamically adding data watermarks and extracting watermarks from data. For details, see DSC API Reference.

Watermark Injection

Alarm Notifications

Sends notifications through the notification method configured by users when sensitive data identification is completed or abnormal events are detected.

Alarm Notifications