×
Community Blog Six Key Elements of an Off-Premises Data Security System

Six Key Elements of an Off-Premises Data Security System

This article enumerates six elements of an off-premises data security system, highlighted by Xiao Li, General Manager of Alibaba Cloud Intelligent Security division at the 2nd Data Security Summit.

According to Gartner, cloud services are as secure as or even more secure than the data centers of most enterprises. Security must no longer be regarded as a major obstacle to use public cloud services. Compared to the traditional data centers, by 2020 the public cloud will provide security capabilities that help enterprises reduce security events by at least 60%.

At the 2nd Data Security Summit held on June 29, Xiao Li, General Manager of Alibaba Cloud Intelligent Security Business Unit, addressed one of the most critical questions - How can we build an advanced off-premises data security system?

According to Xiao Li, off-premises data security development is a systematic project that constitutes six key elements, including attack scope reduction, correct configuration of product security policies, central authentication and authorization, data encryption, data breach protection, and log audit.

1
Xiao Li, General Manager, Alibaba Cloud Intelligent Security BU

Attack Scope Reduction

Reducing the scope of enterprise-targeted attacks is the primary method to ensure cloud data security. The extensive functional experience of Alibaba Cloud proves that reducing the attack scope is crucial for the entire security system.

You can reduce the attack scope by monitoring real-time traffic in all directions via an off-premises firewall, and safeguarding and converging the network ingress through an Intrusion Prevention System (IPS).

Correct Product Security Policies Configuration

Security is a continuous process. Alibaba Cloud periodically reviews compliance systems to ensure persistent compliance and provide security policies and configurations that are compliant and effective.

Products and technical capabilities must ensure that all security policies are effectively implemented. Many security incidents occur when the attackers exploit the accidentally opened ports to steal data. Alibaba Cloud provides tools to help you check security configurations and policies of all products to ensure persistent security compliance and effective implementation of security policies.

Central Authentication and Authorization

Every enterprise needs a comprehensive authentication and authorization system. Traditionally, enterprises deploy all their application systems in on-premises data centers and ensure data security through simple authentication and authorization systems. However, with the development of the mobile Internet, cloud computing, and software as a service (SaaS), enterprises now deploy different application systems in IDCs, cloud, and online storage, which requires data flows between these deployment locations.

Therefore, enterprises encounter a great challenge to centrally implement authentication and authorization. For instance, a common data security event such as failure to promptly delete the system permissions of former employees may result in a data breach.

Alibaba Cloud's advanced research in permission management ensures one-click permission updates concerning employees who get transfers or who exit from the organization. Such proactive mechanism ensures that there is no data loss due to irregular internal permission management.

Comprehensive Data Encryption and Log Audit

The Alibaba Cloud platform is the only platform in China that supports the SGX trusted encryption environment, with end-to-end data encryption to ensure user data security. At the user layer, Alibaba Cloud Security provides Resource Access Management

The Alibaba DAMO Academy has left no stone unturned to advance in data encryption technologies. It facilitates encryption of user data across all cloud products, by default and allows users to manage AccessKey pairs. Moving forward, Alibaba Cloud endeavors to maximize the performance and stability of data encryption and minimize costs, to free users from data security apprehensions following cloud migration.

Data Breach Prevention

Alibaba Cloud provides a complete set of capabilities related to Sensitive Data Discovery and Protection, ranging from data identification and data breach prevention to abnormal behavior detection and analysis. Now, users have complete information about various security aspects such as specific data storage location in the cloud, a list of access rights to the data, and whether the data is exposed to security threats. This increases the data security level in the cloud and reduces the risk of data breaches.

A Data Security System Supported by Cloud-native Technology

The changes to the infrastructure as a service (IaaS) cloud technologies lead to different security systems. Security capabilities developed on the basis of cloud-native technology solve many thorny problems. For example, Alibaba Cloud provides a snapshot function that allows users to restore data by using a previous snapshot in the wake of a ransomware attack, without requiring any anti-attack measures or decrypting data.

Taobao and Tmall have multiple IDCs in China. According to actual data analysis, service operations are never affected by the power failure of a single IDC. Xiao Li said, "We conduct practice tests to continuously verify the effective implementation of disaster recovery, and provide such high-security capability to help users build more robust security systems in the cloud."

0 0 0
Share on

Alibaba Cloud Security

31 posts | 13 followers

You may also like

Comments

Alibaba Cloud Security

31 posts | 13 followers

Related Products

  • RAM(Resource Access Management)

    Secure your cloud resources with Resource Access Management to define fine-grained access permissions for users and groups

    Learn More
  • Security Center

    Security Center is a flagship security product that integrates both Server Guard and Threat Detection Service. It is a unified security management system that recognizes, analyzes, and alerts of security threats in real-time.

    Learn More
  • Anti-DDoS Premium

    By leveraging Anycast to redirect malicious traffic to globally distributed scrubbing centers close to the source of the internet traffic, Anti-DDos Premium protects servers against volumetric DDoS attacks.

    Learn More
  • ActionTrail

    Implement security analytics, resource change tracking, and compliance audits.

    Learn More