Data security issues, especially the issue of personal information protection, the issue has been the focus of all enterprises and individual concern, July 10, Ali cloud officially released for enterprise cloud on a sensitive data protection products SDDP (Sensitive Data Detection and Protection) , the product DCAP reference frame (data-centric audit and protection, data-centric audit and protection) Gartner put forward, combined with years of large Ali cloud data processing technology, artificial intelligence, data analysis techniques and safe operation practices, to help customers accurately identify sensitive data storage location, a variety of combinations available to ensure data security algorithms desensitization, intelligent data access is detected abnormal behavior, the ability to achieve the double protection "external attack and keep the source, internal theft can be found" to help companies effectively prevent attacks from external and internal data theft caused by leakage.
International data leakage analysts "Data Breach Statistics" survey, data loss every day the world has discovered the leak reached 6.2 million. Cloud Data There are various types of data sources is difficult to effectively identify the data access API leads to a data outlet channel multi difficult to effectively control, application of micro service leads to data transfer complex difficult to effectively audits, etc., there is a long identification difficult, protection difficult, leak detection difficulties and other outstanding problems. Conventional security products based on the border, in the event of leakage of information or host permission to be remote-controlled, difficult to implement follow-up response to data theft attacks; and now on the market are mainly common data security products to protect against a terminal file or traditional RDS database protection can not effectively adapt to the characteristics of cloud data, the lack of native cloud data protection for.
In order to solve the above problems specifically in protection of sensitive data on the cloud, by establishing aliyun SDDP identify, protect, detecting three-cloud data protection framework, to achieve the structured data (e.g., RDS / ODPS), semi-structured data (such as tables stored), the same criteria for identifying non-structural data (e.g., object store OSS), covering the cloud calculated offline, real-time calculation data, and other products, to redefine the "outer anti internal defense in depth" data security concept , strong to create a personal cloud data protection.
Based on the three most common customer data security scene, SDDP can effectively enhance the safety management and protection capabilities:
- Sensitive data discovery and management: In many cases, data security breaches, many customers do not know the distribution of sensitive data stored in the cloud. Customers can use to identify sensitive data model SDDP built to achieve recognition and marking of sensitive data, but also to the actual need to customize their own identification rules based on business.
- Safety desensitization of sensitive data used: If a customer in a development environment / test environments / data analysis environment requires the use of sensitive data, the user can use static data SDDP achieve desensitization, the product through the combination of various different algorithms desensitization, It enables preserve formatting, leave the statistical characteristics and other business needs.
- Data leakage anomaly detection and disposal: for the border has been bypassed or data from internal theft, SDDP account through continuous learning behavior, behavioral baseline picture perfect account, once an account abnormal behavior will continue tracking and automatic alarm to do appropriate treatment, to prevent access to sensitive data should people visit.
By communicating these security capabilities, SDDP can bring value to our customers the following security:
- External attack and keep the source : by identifying / protection / detection capabilities three-stage framework, SDDP against external attacks can bypass the border has achieved near-field of protection based on the data source.
- Internal theft can be found : for theft from within, SDDP found effective internal abnormal account through anomaly detection, effective detection of theft from the inside, good bodyguard data.
Data security is a core concern of all enterprises in the latest release of the latest 2.0 standard level of protection but also protection of personal information, data classification and grading, data leak detection proposed new requirements. Ali cloud has been the protection of user data safety as the first criterion, while committed to Alibaba years of security capabilities to the cloud to all users, helping users to be manageable and controllable to meet the compliance requirements of data in the form of products, to better promote the healthy development of the business.
For product details, please visit: https://cn.aliyun.com/product/sddp