Updated on 2025-05-22 GMT+08:00

SEC07-02 Data Protection Control

Implement tiered data protection for each classified data category to safeguard data confidentiality and integrity.

  • Risk level

    High

  • Key strategies
    • Implement proper data protection measures, such as encryption and authentication.
    • Manage data access permissions. Be aware of who can access, modify, and delete data. This helps restrict data access permissions and reduce data leakage risks. Only authorized users can access data based on the least privilege principle and perform related operations.
    • Sensitive data should be anonymized before being shared or disclosed to prevent sensitive information leakage.
    • Protect data integrity. Periodically back up data and control version to protect your data from being tampered with or deleted. Isolate key data from other data to protect its confidentiality and integrity.
    • Ensure that OBS buckets that store important service data and sensitive data are not publicly readable to prevent unauthorized data access.
    • Develop a risk management plan: Understand the possible business impact of accidental data disclosure, change, and deletion. Develop a risk management plan accordingly.
  • Related cloud services and tools
    • Database Security Service (DBSS)
    • DEW