If you purchase Data Security Center (DSC) and you want to use DSC to detect sensitive data or monitor exceptions in Object Storage Service (OSS) buckets or detect sensitive data in Simple Log Service (SLS) projects, you must authorize DSC to access OSS and Simple Log Service.
Prerequisites
The free edition of DSC is activated or a paid edition of DSC is purchased. For more information, see Activate the free edition of DSC or Purchase DSC.
DSC is authorized to access cloud services. For more information, see Authorize DSC to access Alibaba Cloud resources.
Step 1: Authorize DSC to access OSS and Simple Log Service
Log on to the DSC console.
In the left-side navigation pane, click Asset Center.
In the left-side navigation tree of the Authorization Management tab, click the required service, such as OSS, in the Unstructured Data section.
Click Asset Authorization Management.
Optional. In the Asset Authorization Management panel, click Asset synchronization.
After you purchase DSC and complete authorization on the Welcome page, DSC automatically synchronizes data assets in the cloud. In this case, you do not need to synchronize data assets. DSC scans for newly added data assets at 00:00 every day and automatically synchronizes them to unauthorized asset lists. If you want to authorize DSC to access the assets that are created on the current day, you must manually synchronize the assets.
Click Authorization in the Actions column of the asset that you want to manage.
If you want to authorize DSC to access multiple assets, select the assets and click Batch Authorize.
Step 2: Connect assets to DCS
Go to the Authorization Management tab, find the required asset that you want to manage, and then click Connect in the Actions column. For example, you can click an OSS bucket. If Connected is displayed in the Connection Status column, the asset is connected. DSC automatically synchronizes data of the asset.
If DSC is authorized to access a Simple Log Service project, DSC synchronizes only project data generated until 23:59 on the day before the day when the project is connected to DSC.
What to do next
After you connect DSC to a database, DSC automatically creates a default data identification task.
If you click Connect on the Authorization Management page and select Immediately scan database assets and identify data., DSC immediately runs the default data identification task.
If you click Connect on the Authorization Management page and clear Immediately scan database assets and identify data., you must manually execute the default data identification task. To execute the task, choose . On the Identification Tasks tab, click Default Tasks, find the task, and then click Rescan.
The system automatically uses the main identification template to scan the connected assets. By default, the main identification template includes the Internet industry classification template and the common identification template. You can check the status of a data identification task to view the completion time of the data identification task.
You can configure the main identification template as a built-in identification template or a custom identification template. For more information, see Configure the main identification template.
If you configure the main identification template as a built-in identification template, the common identification template that conforms to the personal information security specification is used. If you configure the main identification template as a custom identification template, the common identification template is not used.
View the completion time of the default data identification task. For more information, see View default identification task.
View data identification results. For more information, see View sensitive data identification results.
References
If you want to use more identification templates to scan the data of the connected assets to identify sensitive data, you can create a custom identification task and use an identification template that is enabled to scan the assets. For more information, see Create a custom identification task.
DCS allows you to identify and classify sensitive data and build a multi-level and dynamic security and monitoring mechanism to trace the usage of sensitive data. DSC uses predefined security management policies to ensure data protection, auditing, and alerting capabilities and provides risk assessment and response, and fine-grained control capabilities of file access. This helps you detect, locate, and protect sensitive data in OSS. For more information, see OSS data security protection solution.
FAQ
For more information about answers to some frequently asked questions about asset authorization, see Data asset authorization.