Community Blog How to Minimize Security Risks of Big Data Platforms

How to Minimize Security Risks of Big Data Platforms

This article helps enterprises better understand how to minimize security risks and describes data security best practices for MaxCompute.

Enterprises' Security Concerns about Migrating Big Data to the Cloud

Security is a major problem for most businesses migrating big data to the cloud. Would data be destroyed as a result of the migration? Would data in the cloud be tampered with? Is there a risk of data leakage while using the cloud? These issues revolve around information access, honesty, and secrecy, which are all important facets of information security. Cloud migration, in particular, does not entail any additional risks in these regions. When businesses develop their own internal big data platforms, they also run into these issues. This article explores the Apsara big data platform's security mechanism in order to help companies better understand how to reduce security threats.

Security Concerns

Security issues must be addressed on three occasions in an enterprise-level big data platform. The physical and network protection of data centers is the first step, which is critical for the big data platform. Data center stability and network connectivity have a significant impact on the big data platform's availability. The big data platform's device protection, which consists of security subsystems inside the platform, is the second stage. Through collaborating together, the security subsystems protect the stability of the big data network. Data device protection is the third category. It is the most similar to consumer situations. The big data platform ensures the security of user scenarios thanks to its various data security modules.

How to Effectively Reduce the Security Risks of Big Data Platforms

This article explores the security issues that companies can have when migrating big data to the cloud, as well as the Apsara platform's security mechanism.

The Security System of the Apsara Big Data Platform

Apsara Big Data Platform

The security infrastructure of Alibaba Cloud's data centers provides the Apsara big data platform with security facilities and security control at the physical layer and network security support.

On the MaxCompute platform, the access control subsystem, application isolation subsystem, risk control and audit subsystem, and platform trusted subsystem work together to ensure the integrity of the big data platform for enterprise users. Capabilities including VPC whitelists, app endpoint identification, Permission System 2.0, and user-defined computing engines are also provided. MaxCompute supports Information Schema 1.0 metadata and the BYOK storage capability.

DataWorks data management provides protection against data leakage, data abuse, and data misuse for data application scenarios at the next layer. This layer mainly involves permission control, data protection, and risk governance modules. In addition, Alibaba Cloud has released DataWorks Security Center 2.0 and differential privacy-based services.

All the products and systems work together to ensure security throughout the data lifecycle.

Data Security Best Practices for MaxCompute

This article explains best practices focused on MaxCompute and DataWorks' native and advanced security capabilities in various scenarios.

What Is MaxCompute?

Alibaba Cloud MaxCompute is a cloud-native, high-performance enterprise-level data warehousing service based on the Software-as-a-Service (SaaS) model. It is widely used to build modern enterprise data platforms for business intelligence (BI) analysis, data-driven operations, profiling and recommendation, intelligent prediction, and other scenarios.

MaxCompute draws strength from Alibaba Cloud's large-scale computing and storage resources and provides a fully managed online data warehousing service through a serverless architecture. It breaks the limitations on resource scalability and elasticity, which are common on traditional data platforms, and minimizes investment in operations and maintenance (O&M)

MaxCompute supports a wide range of classic computing models, such as batch processing, machine learning, and interactive analytics, and offers comprehensive enterprise management functionality. MaxCompute allows you to easily integrate and manage enterprise data assets and streamlines the data platform architecture for faster mining of the value of data.

We reorganize the security capabilities of MaxCompute according to the six stages in a data lifecycle. This helps us better understand the applicable data security practices at each stage of the data lifecycle. New features released in this upgrade are highlighted in yellow in the following figure.

security capabilities of MaxCompute

As a cloud data warehouse based on the SaaS model, MaxCompute boasts leading security capabilities and has passed multiple international, European, and Chinese security compliance certifications, including the internationally recognized ISO certification, SOC 1, 2, and 3 (SOC is short for System and Organization Control), Payment Card Industry Data Security Standard (PCI DSS), the C5 certification used in Europe, and Cybersecurity Multi-Level Protection Scheme 2.0 which is dominant in China. For more information about Alibaba Cloud's security compliance certification system, see the Alibaba Cloud Trust Center - Certification of Compliance page. We welcome you to use MaxCompute to ensure enterprise-level big data security.

Related Products


MaxCompute (previously known as ODPS) is a general purpose, fully managed, multi-tenancy data processing platform for large-scale data warehousing. MaxCompute supports various data importing solutions and distributed computing models, enabling users to effectively query massive datasets, reduce production costs, and ensure data security.

Related Documentation

Storage Performance of MaxCompute

The data storage format of MaxCompute has been updated to Alibaba Optimized Row Columnar (AliORC) since February 2020. To help you better understand the data performance of MaxCompute, this topic compares AliORC with Apache Optimized Row Columnar (ORC) and Apache Parquet based on TPC Benchmark DS (TPC-DS) tests.

Security Models

This topic describes the security models of MaxCompute and DataWorks. The security model of MaxCompute can be used by MaxCompute project owners and security administrators for security purposes when they perform routine O&M and data operations. Before you configure security functions, we recommend that you read this topic to familiarize yourself with the security models.

A security model can be configured for MaxCompute and DataWorks. If you use MaxCompute in the DataWorks console but the security model of DataWorks does not meet the security requirements of your business, you must use the security models of MaxCompute and DataWorks.

MaxCompute Learning Path

Alibaba Cloud MaxCompute is a big data processing platform that processes and stores massive batch structural data to provide effective warehousing solutions. Start your MaxCompute journey here to discover infinite possibilities with Alibaba Cloud

0 0 0
Share on

Alibaba Clouder

2,600 posts | 754 followers

You may also like