Help Center> Data Security Center> User Guide> Asset Map
Updated on 2024-04-11 GMT+08:00
View PDF

Asset Map

The data asset map allows you to view the security status of your assets from multiple dimensions, such as asset overview, categories and risk levels, permissions, storage, sensitivity, and data egress analysis. This helps you quickly detect risky assets and handle them.

Constraints

A maximum of 1000 assets can be displayed.

Prerequisites

Cloud asset access permissions are granted. For details, see Allowing or Disallowing Access to Cloud Assets.

Asset Map Functions

  • Sorts out data assets on the cloud and displays them by region: DSC automatically scans and sorts out data assets on the cloud and displays asset distribution on a map. The asset map displays regions of assets based on VPCs and associates asset regions with service regions.
  • Sensitive data display: DSC displays sensitive data by classifications. It identifies and classifies sensitive data using a three-layer identification engine, including default compliance rules, natural language semantic identification, and advanced file similarity detection.
  • Data egress analysis: DSC provides a unified data egress view based on the asset map to help you identify all data egresses of on the cloud and potential security risks of these egresses, so you can take corresponding data security protection measures.
  • Risk monitoring and alarming: DSC monitors data asset risks using the risk identification engine, displays the risk distribution for each asset type, and reports alarms for you to take quick response.
    • Security Score: The asset map displays the overall security score of all your assets. You can click next to Scoring Rules to view the asset security score calculation rule, as shown in Figure 1.
      Figure 1 Scoring Rule
    • Security Level: Assets are classified into different security levels to facilitate viewing and management. You can click an asset with risks to view the risk details.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security and Compliance > Data Security Center .
  4. In the navigation pane, choose Asset Map.
  5. Click Add Asset. On the Asset Center page that is displayed, add and authorize access to assets.

    Figure 2 Add assets

  6. After assets are added or authorized, refresh the Asset Map page. The following describes the functions and usage of each module on the page.

    Figure 3 Asset map

Risk Statistics

  • As shown in Figure 4, the security score, last scored time, and rating details of the asset are displayed. You can manually re-analyze the score. The details are as follows:
    Figure 4 Security Score
    • The security score of the asset is displayed. Click next to the scoring rule to view the asset security score calculation rule.
    • Click Analyze to perform security analysis and scanning on cloud assets again.
    • Click Rating Details to view the Protection Policy Analysis. Click Modify in the Operation column to configure policies based on the Configuration Policy Recommendation.

      As shown in Figure 5, the Protection Policy Analysis page displays only medium- and high-risk assets. The Risk Level is calculated based on the configured risk level and classification and grading, as shown in Table 1.

      Figure 5 Security policy analysis
      Table 1 Protection policy analysis parameters

      Configuration Risk Level

      Categorization and Leveling Result

      Risk Level

      Display

      Low

      L0-L3 (low-risk)

      Low

      No

      L4-L7 (medium risk)

      Low

      No

      L8-L10 (high-risk)

      Medium

      Yes

      Medium

      L0-L3 (low-risk)

      Low

      No

      L4-L7 (medium risk)

      Medium

      Yes

      L8-L10 (high-risk)

      High

      Yes

      High

      L0-L3 (low-risk)

      Medium

      Yes

      L4-L7 (medium risk)

      High

      Yes

      L8-L10 (high-risk)

      High

      Yes

  • As shown in Figure 6, the sensitive data identification and leveling results of assets are displayed. Assets are displayed by category based on the grading results. The details are as follows:
    Figure 6 Sensitive data identification and leveling result
    • You can enter an instance name and click the search box to search for and view the risk level of an asset type.
    • You can hover the cursor over a sensitivity level to show information about all assets at the sensitivity level.
    • You can hover the cursor over an asset category to display the names and scan times of all its scanned assets in the adjacent dialog box.
    • You can select an asset to view its details in the right-hand dialog box, which includes basic asset information, sensitive data detection, protection policy analysis, and data egress analysis. For details, see Viewing Database Instance Details.

Viewing Database Instance Details

  • Basic Info: displays the type, port number, version, private IP address, and engine type of the instance.
  • Sensitive data identification: displays authorized and unauthorized databases in the instance.
    • For an authorized database that has not been scanned. Click Create identification task to go to the sensitive data identification page and create an identification task to identify sensitive information in the database. For details, see Creating an Identification Task.
    • For an authorized database that has been scanned. Click Expand to view database scan details.
    • For an unauthorized database, click Go to Authorize to obtain the access permission to the database. For details, see Asset Center.
    Figure 7 Sensitive data identification

    For OBS data, click View Details to view the Result Details of the sensitive data identification task. If there is no identification result, create an identification task by referring to section Creating an Identification Task and view the identification result again.

  • Security policy analysis: checks whether high-risk permissions, such as server-side encryption, database encryption, transmission encryption, security group, and public network access, are enabled and displays handling notifications. You can click View or Modify to handle the permissions.
  • Data Egress Analysis: identifies all data egresses on the cloud, including EIP, NAT, API Gateway, and ROMA. You can also move the cursor to the data type icon or VPC icon on the asset map to view the data egress gateway lines.
    Figure 8 Data exit analysis

Related Operations

  • If you want to change authorization status of your assets, click Modify in the upper right corner. If you want to stop authorization of your assets, ensure that the assets have no ongoing tasks. DSC will delete your agencies and assets and all related data. Exercise caution when performing this operation. For details, see Allowing or Disallowing Access to Cloud Assets.
  • Asset security level legend: Each color represents an asset security level from L0 to L10.
  • You can drag the slider on the progress bar to adjust the scale of the asset map.
  • Click in the lower right corner.
  • Click in the lower right corner to display the asset map operation guide.
  • Click in the lower right corner to display the data exception time, so that you can handle the exceptions in time.
  • Click in the lower right corner to display the asset legend.