Introduction to During the development of an enterprise, if the protection of sensitive data and the construction of a data security system are not paid attention to, then once a sensitive data leakage event occurs, the reputation of the enterprise will be damaged and the business will be affected; Contact with the law and be punished and sanctioned by the competent authorities. This article will use one of the most common scenarios: consumer privacy data protection, to show how to use Dataphin's security capabilities to protect enterprise data security.
Author: Long Yi
In "Ensure Enterprise Data Security Based on Data Classification and Classification and Sensitive Data Protection" , we explained the main application scenarios and basic concepts of asset security in Dataphin, then how to use Dataphin's security capabilities to ensure enterprise data security Woolen cloth?
Let's look at one of the most common cases: consumer privacy data protection.
Scene Introduction
In recent years, with the rise of consumers' personal awareness and the emphasis on privacy, data security has become an increasingly popular topic, and the country has successively issued some relevant regulations to regulate the collection and use of data. In the development process of an enterprise, if the protection of sensitive data and the construction of a data security system are not emphasized, then once a sensitive data leakage incident occurs, the reputation of the enterprise will be damaged and the business will be affected; the more important it will be direct contact with the law. Subject to penalties and sanctions by the competent authorities.
Among the sensitive information in the corporate field, personal sensitive information is the absolute bulk, including personal identification information (name, ID number), contact information (mobile phone, email, address), personal property information, biometric information, etc. All belong to personal sensitive data. Once the data is leaked, it will cause great damage to the personal life of users and the business operation of the enterprise. Therefore, in the business operation of the enterprise, the personal privacy data of consumers must be desensitized and protected.
Picture: Alipay, desensitization protection for user names and user accounts
main process
First, let's review the main process of implementing sensitive data protection on Dataphin:
In Dataphin, the realization of sensitive data protection can be divided into the following three steps:
1. identify sensitive data : to set data classification, data classification, identification rules, etc.
2. set sensitive data protection mode : select appropriate desensitization algorithm and set desensitization rules for the identified sensitive data
3. data consumption : desensitize data consumption in scenarios such as ad hoc query, development data writing and production, etc.
detailed steps
Next, we take the most common user name in user sensitive information as an example to show how to identify and desensitize user names step by step.
1. Identify sensitive data
Assuming that we have established data classification and data classification (Dataphin will have built-in general classification and classification standards and support out-of-the-box use), we directly enter the simulation step of creating a new recognition rule:
Create a new identification rule for [user name];
Scan range selection [All];
Select [Built-in Recognition]-[Name] as the scanning method (if the user name field is called [name], you can also configure the regular rule [^name$]);
Data classification selection [personal data (C)];
Data classification selection [confidential data (L3)] (flexible adjustment and balance according to the situation of your own enterprise);
Priority selection [3] (medium priority, flexibly adjusted according to the situation of your own enterprise);
After configuring the recognition rules, we can trigger a [Manual Rule Scan], or wait until the next day, the system will automatically perform a global scan. The final result of sensitive data identification can be seen on the [Identification Record] page:
2. Set sensitive data protection mode
After identifying the sensitive data, the next step is to set up appropriate protection methods for the sensitive data to ensure that the data is not leaked.
Dataphin currently has built-in multiple masking desensitization rules (such as [Zhang San], displayed as [*三]), hash desensitization rules (such as [Zhang San], displayed as [615DB57AA314529AAA0FBE95B3E95BD3]), which can meet most business scenarios Under the data protection requirements, and support encryption and decryption algorithms and user-defined desensitization algorithms in the future.
It is recommended that you choose the appropriate algorithm according to your business needs. For example, for the user name, in most business scenarios (such as Alipay transfer), the complete name cannot be displayed, but a part of it can be displayed for identity confirmation, so that the built-in [Chinese name] desensitization algorithm can be selected
After choosing a suitable desensitization algorithm, we can configure dynamic desensitization rules, or take the user name as an example:
Create a new desensitization rule for [user name desensitization];
Binding the established sensitive data identification rule [user name];
Application scenario selection [write development table], [ad hoc query];
Select the desensitization method [masking mask-Chinese name];
Valid range selection【All】
At this point, our sensitive data identification and protection have been completely configured, and then in the process of data consumption, the data can be protected.
3. Data consumption
The following ad hoc query is taken as an example to show the effect of sensitive data identification and desensitization:
As you can see, the data we started to write into the table is [Zhang San], because the sensitive data [name] field, which is [user name], is written, so when the data is read, the system automatically proceeds Desensitization, students who operate can only see [*3], thus preventing sensitive data leakage and protecting data security.
Conclusion
The above example uses a very simple case such as the user name to talk about the entire main process of sensitive data identification and desensitization. I believe it can help you understand the entire data security protection mechanism. In addition to the main process, there are also data classification and grading. Develop, review identification records and manually modify, desensitize whitelisting and other processes. At the same time, in the actual data security protection of enterprises, there is still more systematic work to be done, such as formulating a data classification and grading system that conforms to the enterprise, establishing a complete data identification system, and so on.
To learn more about the product, you can https://dp.alibaba.com/product/dataphin
Data center is the only way for enterprises to achieve digital intelligence. Alibaba believes that data center is a combination of methodology, tools, and organization, which is "fast", "quasi", "full", "unified", and "pass". Smart big data system.
Currently by Ali cloud external output range of solutions, including common data desk solution , retail sales data desk solution , financial data desk solution , Internet data desk solution , Subdivision scenarios such as and other subdivision scenarios for government data middle-office solutions.
Among them, the Alibaba Cloud Data Center product matrix is based on Dataphin and the Quick series is used as a business scenario cut-in, including:
- -Dataphin, a one-stop, intelligent data construction and management platform ;
- -Quick BI, intelligent decision-making anytime, anywhere ;
- -Quick Audience, comprehensive insight, global marketing, intelligent growth ;
- -Quick A+, a one-stop data-based operation platform cross-multi-terminal global application experience analysis and insight;
- -Quick Stock, an intelligent goods operation platform ;
- -Quick Decision, an intelligent decision platform ;
official site:
Data Zhongtai official website https://dp.alibaba.com
Dingding Communication Group and WeChat Official Account
Copyright Statement: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright, and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。