このページは、お客様の言語ではご利用いただけません。Huawei Cloudは、より多くの言語バージョンを追加するために懸命に取り組んでいます。ご協力ありがとうございました。

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
On this page

Show all

Functions and Features

Updated on 2025-01-17 GMT+08:00

DSC provides basic data security capabilities such as data classification and grading, data masking, and data watermarking. It also displays the overall security posture of data on the cloud through an asset map and implements one-stop data security operations.

Additionally, DSC is available in Standard and Professional editions to cater to various user needs:

  • Standard Edition: Includes data risk detection and data asset classification and grading.
  • Professional Edition: Supports static masking (via console) and dynamic masking (via API calls) on data assets post-classification and grading, and offers data watermark injection and extraction.
This section describes the functions supported by DSC and the function differences between different editions.
NOTE:
The following symbols are used in this topic:
  • √: indicates that the function is supported in the corresponding edition.
  • ×: indicates that the function is not supported in the corresponding edition.
Table 1 DSC functions

Function

Description

Reference Document

Standard

Professional

Asset Map

You can view multiple aspects of your asset security, such as asset overview, categories and levels, permission configuration, data storage, and sensitive data. This helps you quickly detect risky assets and handle them.

  • Asset visualization
    • Data service assets: All data assets on the cloud, including OBS, RDS, CSS, Hive, and HBase assets are visualized.
    • Data risks: The categorization and leveling results display the risk levels of data.
    • Region display: The region where each asset is located is displayed based on the cloud resource VPC and associated with the service region.
  • Egress visualization
    • Data egresses: All data egresses on the cloud are identified, including EIP, NAT, API Gateway, and ROMA.
    • Asset and egress association: Cloud egresses are associated with data assets and data asset categorization and leveling results.
    • Cascading association: Egresses and the cascading egresses are displayed.
  • Policy visualization
    • Data security policies: All security policies of data assets are detected based on cloud native capabilities and policy risks are displayed.
    • Policy recommendation: Different security policy configurations are recommended based on the data asset level.

Asset Map

Asset Management

  • Asset center: You can manage data assets from OBS, databases, big data, Log Tank Service (LTS), and MRS.
  • Asset catalog: You can view statistics about your data from different domains or of different types.
  • Data exploration: You can view details about all the added data assets and add descriptions, tags, security levels, and classifications to databases, tables, and data views to manage data assets by level and classification.
  • Metadata tasks: You can create metadata tasks to collect data assets as metadata. In this way, you can manage data assets by level and classification.
  • Asset group management: Data can be managed by group.

Asset Management

Sensitive Data Identification

  • Automatic data classification and grading: DSC automatically discovers and analyzes sensitive data. Utilizing DSC's data identification engines, both structured data (RDS and DWS) and unstructured data (OBS) are scanned, classified, and graded. This process ensures continuous identification and analysis of sensitive data to enhance security.
    • File types: DSC can identify sensitive data from over 200 types of unstructured files.
    • Data types: DSC is able to identify dozens of personal privacy data types (Chinese or English).
    • Image types: DSC is able to identify sensitive words (Chinese and English) in eight types of images such as PNG, JPEG, x-portable-pixmap, TIFF, BMP, GIF, JPX, and JP2.
  • Automatic identification of sensitive data
    • Automatic identification of sensitive data and personal privacy data
    • Customized identification rules to meet various requirements of different industries
    • Visualized identification results which can be downloaded to the local PC

The identification duration depends on the data volume, number of identification rules, and scan mode. For details, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Creating a Sensitive Data Identification Task

Data Masking

Supports static data masking and dynamic data masking.

Data masking has the following features:

  • Zero impact: DSC reads data from original databases, statically masks sensitive data using precise masking engines, and saves the masked data separately without affecting your data assets.
  • Various data sources: Data of various sources on the cloud, such as RDS, self-built databases on ECSs, or big data, can be masked to meet security requirements.
  • Custom data masking policies: DSC provides you with over 20 preset data masking rules. You can use the default masking rules or customize the masking rules to mask sensitive data in the specified database table. For details about the data masking algorithms supported by DSC, see Data Masking Algorithms.
  • Easy and quick masking rule configuration for security compliance: Easy and quick data masking rule configuration can be achieved based on data scanning results.

In addition, DSC provides APIs for dynamic data masking. For details, see Dynamic Data Masking.

DSC uses preset and customized masking algorithms to mask sensitive data stored in RDS, Elasticsearch, MRS, Hive, HBase, DLI, and OBS. For details about the masking duration, see How Long Does It Take for DSC to Identify and Mask Sensitive Data?

Configuring a Data Masking Rule

×

Data Watermarking

Provides the functions of adding and extracting watermarks for databases and documents.

  • Copyright proof: The owner information is added to the assets to specify the ownership, achieving copyright protection.
  • Automated monitoring: The user information is added to the assets for tracing data leak.

DSC provides APIs for dynamically adding data watermarks and extracting watermarks from data. For details, see DSC API Reference.

Watermark Injection

×

Policy Center

  • Policy baseline: The policy baseline is a structured set of data security policies, encompassing data security management regulations, data classification and grading requirements, cross-border data transfer management regulations, and requirements for important and core data. DSC provides preset policy templates based on Huawei Cloud's data security governance experience and supports policy addition, deletion, modification, query, structured display, filtering, and querying.
  • Log collection: DSC collects logs from applications (including DBSS) to assist in tracking data flow and promptly identifying exceptions and risks.
  • Policy management: The administrator creates policies for database audit, watermarking, and static masking on the policy management page of the policy center, and then deploys these policies to the relevant services or instances.

Policy Center

Dashboard

By default, DSC provides an integrated situational awareness dashboard that presents a thorough analysis of risky assets, identification, masking, and watermarking tasks, as well as events and alarms in the cloud. This dashboard facilitates swift recognition and response to the overall status of assets, including addressing risky assets and urgent alarms.

Large Screen

Alarms

When a system or service risk alarm is generated for DBSS, the alarm event is sent to DSC. You can view the alarm event on the DSC console.

Alarm Management

Events

DSC integrates with key security components, including Database Audit, and Cloud Bastion Host, enabling centralized event management and real-time event delivery to DSC. This allows users to promptly verify and handle events. You can also convert alarms on the Alarm Management page to events.

Event Management

OBS Usage Audit

DSC detects OBS buckets based on sensitive data identification rules and monitors identified sensitive data. After abnormal operations of the sensitive data are detected, DSC allows you to view the monitoring result and handle the abnormal events as required.

OBS Usage Audit

Data Transfer Details

  • Call chain data collection: DSC collects log data of each application.
  • Call chain data storage and query: DSC stores the massive collected data and provides quick query capabilities.
  • Call chain data generation: DSC performs data link transfer analysis on the collected and reported logs, and generates a transfer diagram.
  • Metric calculation, storage, and query: DSC calculates various metrics based on the collected log data, and stores the calculation results.

Data Transfer Details

Multi-Account Management

After the multi-account management function is enabled, the security administrator can protect the data of all member accounts without logging in to them.

Multi-Account Management

Alarm Notifications

Sends notifications through the notification method configured by users when sensitive data identification is completed or abnormal events are detected.

Alarm Notifications

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback