Personal Data Protection
To ensure that your personal data, such as the username, password, and email, will not be obtained by unauthorized or unauthenticated entities or people and to prevent data leakage, SecMaster encrypts your personal data before storing it to control access to the data and records logs for operations performed on the data.
Personal Data to Be Collected
Table 1 describes the personal data generated or collected by SecMaster.
|
Type |
Collection Method |
Modifiable |
Mandatory |
|---|---|---|---|
|
Email address |
Some playbooks in SecMaster may need to send email notifications to you. So SecMaster needs to obtain the email addresses you specify while you subscribe to SMN topics. If you enable scheduled security reports, SecMaster needs to email security reports to you. To this end, SecMaster needs to obtain the recipient email addresses you enter on the console with the authorization of recipients. |
Yes |
Yes |
|
Source IP address |
If you enable WAF in SecMaster, WAF blocks or logs IP addresses of attacks against domain names it protects. SecMaster will collect those attack source IP addresses as well. |
No |
Yes |
|
URL |
If you enable WAF in SecMaster, WAF logs URLs of domain names it protects when there are attacks against the domain names. SecMaster will collect those URLs as well. |
No |
Yes |
|
HTTP/HTTPS header information (including the cookie) |
If you enable WAF in SecMaster and there are attacks hit a CC attack or precise protection rule, SecMaster will generate alerts. Those alerts may include the cookie and header information entered on the configuration page. |
No |
No If the configured cookie and header fields do not contain users' personal information, the requests recorded by SecMaster will not collect or generate such personal data. |
|
Request parameters (Get and Post) |
IF you enable WAF in SecMaster, SecMaster will collect request details that are recorded by WAF in protection events. |
No |
No If request parameters do not contain users' personal information, the requests recorded by WAF will not collect or generate such personal data. |
|
Login location |
If you enable HSS in SecMaster, HSS logs user login locations for protected cloud servers. SecMaster will collect the login locations. |
No |
Yes |
Storage
SecMaster uses encryption algorithms to encrypt users' sensitive data and stores encrypted data.
- Emails are encrypted before storage.
- Login locations are not sensitive data and stored in plaintext.
- For request source IP addresses, URLs, HTTP/HTTPS header information (including cookies), and request parameters (Get and Post) in logs, sensitive fields are anonymized, and other fields are stored in plaintext.
Access Control
User personal data is encrypted before being stored in the SecMaster database. A trustlist is used to control access to the database.
Users can view only logs related to their own services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
