All Products
Search

This Product

    Data Security Center:Classify data

    Document Center

    Data Security Center:Classify data

    Last Updated:Jun 25, 2024

    Data Security Center (DSC) allows you to collect and analyze database information and classify data in the cloud. DSC also allows you to identify sensitive data. This topic describes how to use the DSC console to classify data in an efficient manner.

    Prerequisites

    • Databases that you want to connect to DSC are available. For more information about the database types and regions supported by DSC, see Supported database types and Supported regions.

    • If you purchase and use DSC as a Resource Access Management (RAM) user, the RAM user is granted the permissions to access other cloud services.

    Step 1: Purchase DSC and complete authorization

    1. Log on to the DSC console.

    2. Click Buy Now. Then, configure parameters and complete the payment.

    3. Go back to the DSC console. In the RAM-based Authorization dialog box, click Authorize.

      Alibaba Cloud automatically creates a service-linked role. Then, DSC can assume the role to perform related operations.

    Step 2: Connect a database to DSC

    DSC supports security management for most database assets in Alibaba Cloud. You can authorize DSC to access an asset and connect the asset to DSC in the DSC console. The following section describes how to authorize DSC to access an ApsaraDB RDS database and connect the ApsaraDB RDS database to DSC for data classification.

    1. In the left-side navigation pane, choose Asset Center > Authorization Management.

    2. On the Authorization Management page, click Asset Authorization Management.

    3. In the Asset Authorization Management panel, click Asset synchronization.

      If the ApsaraDB RDS database that you want to connect to DSC is already in the asset list, skip this step.

    4. Find the ApsaraDB RDS database and click Authorization in the Actions column.

    5. Go back to the Authorization Management page. Find the ApsaraDB RDS database and click Connect in the Actions column.

      To de-identify sensitive data, find the ApsaraDB RDS database and click Account Logon in the Actions column. Then, enter an account that has the read and write permissions. You can click Connect only for data classification.

    6. In the Connect dialog box, select Immediately scan database assets and identify data. and click OK.

      Important

      If you select Immediately scan database assets and identify data. and click OK, DSC automatically creates and immediately executes the default data identification task. In this case, make sure that the task is performed during off-peak hours. We recommend that you scan data assets during off-peak hours and monitor the operational status.

      If you do not need to immediately execute the data identification task, you can clear Immediately scan database assets and identify data. and create a custom data identification task to specify the execution time.

    7. Go back to the Authorization Management page, click the image icon, wait until data is updated, and then check whether the connection status and feature status of the database are normal. The following feature shows normal status.

      image

    Step 3: View the data identification task

    If you click Connect on the Authorization Management page and select Immediately scan database assets and identify data., DSC creates and immediately executes the default data identification task. By default, DSC uses the main template and the General Identification Template to scan the connected data assets. The main template is Internet industry classification classification Template. You can view the classification results only after the identification task is complete. To view the status of the default data identification task, perform the following steps.

    Note

    You can configure your industry template as the main template for custom scan based on your business industry.

    1. In the left-side navigation pane, choose Data Insights > Tasks.

    2. On the Identification Tasks tab, click Default Tasks.

    3. On the Identify task monitoring page, view the scan status of the default data identification task that is created for the connected database.

      The time required for a data identification task varies based on the amount of data that needs to be scanned. A long period of time is required to scan large amounts of data.

      You can view classification results only when Scan Status is Complete.

      image

    Step 4: View classification results

    1. In the left-side navigation pane, choose Data Insights > Asset Insight.

    2. On the Asset Type tab, find the database that you want to manage and click Table details in the Actions column.

    3. In the panel that appears, view statistics about sensitive information and the table list.

      image