Data Security Center:Identify, classify, and add tags to sensitive data

Step 1: Purchase DSC and complete authorization

DSC provides the free edition. The free edition provides resources of fixed specifications on a monthly basis. For more information, see DSC Free Edition. In this example, the free edition of DSC is used.

1. Log on to the DSC console. Click Activate Free Edition.

2. Authorize DSC to access other cloud resources as prompted. For more information, see Authorize DSC to access Alibaba Cloud resources.

Step 2: Connect a database to DSC

You can identify, classify, and add tags to sensitive data only after you connect your data assets to DSC. In this example, an ApsaraDB RDS database is used.

1. On the Authorization Management page, click Asset Authorization Management.

2. In the Asset Authorization Management panel, click RDS in the Unstructured Data section and then click Asset synchronization.

   If the ApsaraDB RDS database that you want to connect to DSC is in the asset list, skip this step.

3. On the Not authorized tab, find the ApsaraDB RDS database that you want to manage and click Authorization in the Actions column.

4. Go back to the Authorization Management page, find the ApsaraDB RDS database, and then click Connect in the Actions column.

   Note

   If you click Connect for a database on the Authorization Management tab, DSC creates a read-only account for the database and uses the account to connect to the database to run data identification tasks. In this case, DSC has the read-only permissions on the database.

5. In the Connect dialog box, select Scan assets and identify sensitive data now. and click OK. DSC creates and immediately runs the default data identification task.

   Important

   We recommend that you immediately scan data during off-peak hours and monitor your workloads to prevent data identification tasks from affecting the workloads.

6. Go back to the Authorization Management page, click the icon, wait until data is updated, and then check whether the connection status and feature status of the database are normal. The following figure shows the normal connection status and feature status.

   

Step 3: View the status of a data identification task

If you click Connect on the Authorization Management page and select Scan assets and identify sensitive data now., DSC creates and immediately runs the default data identification task. DSC automatically uses the main identification template and the common identification template to scan the connected database. By default, the main identification template is the classification template for the Internet industry. You can view the identification results only after the data identification task is complete.

1. On the Identification Tasks tab of the Tasks page, click Default Tasks.

2. On the Identify task monitoring page, view the scan status of the default data identification task that is created for the connected database.

   The amount of time required for a data identification task to complete varies based on the amount of data that needs to be scanned. An extended period of time is required to scan large amounts of data.

   You can view the identification results only when Scan Status is Complete.

   

Step 4: View identification results

1. On the Asset Type tab of the Asset Insight page, find the database instance and the database that is scanned. DSC returns the identification results shown in the following figure. The results include the sensitivity level and data tag.

   A darker color indicates a higher sensitivity level. N/A indicates that no sensitive data is identified. You can add only Personal information () and Personal sensitive information () tags.

   

2. Find the database and click Table details in the Actions column. In the panel that appears, view the statistics and sensitive columns of identified tables.