Help Center/
Well-Architected Framework/
Well-Architected Framework and Practices/
Security Pillar/
Data Security and Privacy Protection/
SEC07 General Data Security/
SEC07-02 Data Protection Control
Updated on 2025-05-22 GMT+08:00
SEC07-02 Data Protection Control
Implement tiered data protection for each classified data category to safeguard data confidentiality and integrity.
- Risk level
High
- Key strategies
- Implement proper data protection measures, such as encryption and authentication.
- Manage data access permissions. Be aware of who can access, modify, and delete data. This helps restrict data access permissions and reduce data leakage risks. Only authorized users can access data based on the least privilege principle and perform related operations.
- Sensitive data should be anonymized before being shared or disclosed to prevent sensitive information leakage.
- Protect data integrity. Periodically back up data and control version to protect your data from being tampered with or deleted. Isolate key data from other data to protect its confidentiality and integrity.
- Ensure that OBS buckets that store important service data and sensitive data are not publicly readable to prevent unauthorized data access.
- Develop a risk management plan: Understand the possible business impact of accidental data disclosure, change, and deletion. Develop a risk management plan accordingly.
- Related cloud services and tools
- Database Security Service (DBSS)
- DEW
Parent topic: SEC07 General Data Security
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot