Data Security on the Cloud

This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.


Data security is a critical part of any cloud infrastructure. Alibaba Cloud is committed to safeguarding your most valuable assets throughout the data security lifecycle. To help you easily build a robust data security framework we offer a broad spectrum of security products to fit into your security scenarios, such as data classification, data masking, data loss prevention, encryption, key management, access control, and data erasure. With these offerings, you can effectively ensure the confidentiality, integrity, and availability of your data.

Solution Highlights

  • Complete Data Lifecycle Protection

    This solution provides comprehensive data security protection for the entire data security lifecycle that includes data gathering, data transmission, data processing, data exchange, data storage, and data destruction.

  • Central Management and Monitoring

    Sensitive Data Discovery and Protection (SDDP) allows you to centrally manage and monitor the scattered data on the cloud, going beyond traditional different data silos.

  • High Accuracy and Efficiency

    Alibaba Cloud SDDP, DataWorks, and Maxcompute can efficiently provide data discovery, data classify, or data labels based on a user’s application scenarios, compliance, and security requirements.

  • Data Loss Prevention

    SDDP can help you prevent data loss with effective control over the permissions on storage and transmission products on the cloud. SDDP can generate alerts for data permission configuration and usage exceptions that do not comply with security best practices in the cloud environment.

Learn more about Data Security on the Cloud

Contact Sales

How It Works

Alibaba Cloud has developed a comprehensive and systematic data security system by taking data management and technical measures based on the complete data security lifecycle. Data security is managed and controlled throughout the data lifecycle that covers gathering, transmission, processing, exchange, storage, and destruction. Each stage of the data security lifecycle has its associated security management requirements and technologies. Additionally, Alibaba Cloud can record the operations that users and cloud providers perform when using Alibaba Cloud resources. Prior to developing and onboarding a robust data security framework, you must complete a data asset review.

Learn more about Data Security on the Cloud

Contact Sales

Data Asset Review

The focus of data security management may vary for different enterprises. To maximize the value of data security management efforts, you have to shift your focus to the most critical and core data assets of your enterprise in the beginning. Then, this starting point can evolve into a full-fledged data security framework. Before developing and onboarding a robust data security framework, you must plan the following key aspects: performing asset checks, defining classification standards, assessing risks, planning budgets, and acknowledging shared responsibilities.

Data Gathering Security

Data gathering security requires data identification and classification to be completed promptly once data is collected. Proper data discovery can ensure the accuracy and efficiency of security protection. During this stage, sensitive information in the data, such as Personal Identifiable Information (PII), needs to be discovered and classified based on a user’s application scenarios, compliance, and security requirements. Alibaba Cloud offers SDDP, DataWorks, and MaxCompute to discover, classify, or label your sensitive data. SDDP can automatically scan and discover different levels of sensitive data and allows users to customize sensitive data discovery policies according to their needs.

Data Transmission Security

Alibaba Cloud is committed to safeguarding your data security during the data transmission stage by encryption in transit. We also adopt SSL/TLS protocols to ensure data transmission security while users read and upload data. Alibaba Cloud provides mechanisms to ensure data transmission security: HTTPS transmission encryption, encrypted channels for network gateway, cross-region connectivity products, Cloud Firewall, and SSL Certificates Service for websites.

Data Processing Security

Data processing security is mainly implemented through the effective isolation and protection of data in use. The isolation can be implemented by using the encrypted computing environment of Intel® Software Guard Extensions (Intel® SGX) during runtime on the user side. Isolation methods, such as permission control, specific to each product can also be used. Moreover, data masking of classified sensitive data can be used to ensure the unauthorized users can not view sensitive information. In real-world scenarios, multiple features and products are often used together to meet data isolation and protection requirements.

Data Exchange Security

The value of data can be achieved through data exchange and sharing. The security requirements for data exchange can be partially implemented through the access control of cloud products and data masking of sensitive data protection products. Data exchange security also depends on data loss prevention capability. User DLP involves the complete control over permissions on data and the monitoring and detection of data in use. Alibaba Cloud SDDP provides a comprehensive DLP solution for the aforementioned control, including query, alert, monitor and analysis. The DLP function of each product (e.g. DataWorks) can also be used to prevent the leakage of sensitive data.

Data Storage Security

Data storage security is ensured by various options of encryption at rest. Alibaba Cloud allows users to encrypt data at rest in Alibaba Cloud services with integrated the Alibaba Cloud Key Management Service (KMS). Users can directly manage the lifecycle with Bring Your Own Key (BYOK). Alibaba Cloud supports the Advanced Encryption Standard with 256-bit key length (AES-256) for encrypting sensitive data at rest. Data encryption, such as EBS, OSS, RDS, Table Store, NAS, and MaxCompute, are enabled in different Alibaba Cloud services.

Data Destruction Security

Alibaba Cloud has established a security management system for the full lifecycle of devices, including reception, storage, placement, maintenance, transfer, and reuse or decommissioning. When a device is decommissioned, Alibaba Cloud takes data erasure measures for its storage media. However, before erasing relevant data, it is necessary to check whether the genuine licensed software has been overwritten, degaussed, or physically bent to ensure the relevant data cannot be restored. After that, Alibaba Cloud can physically destroy relevant data and ensure that it cannot be reconstructed for business or legal reasons or for obtaining proof of destruction from any third party data processors.

Operational Transparency

Last but not the least, Alibaba Cloud can record the operations that users and cloud providers perform when using Alibaba Cloud resources by adopting ActionTrail, Security Center, and Cloud Config. This transparent operation platform helps users perform security analysis, resource change tracking, and compliance audits. It also gives users the confidence that their data and resources are properly protected and managed within the cloud platform.

Customer Success Stories

As the Official Cloud Services Partner to the Olympic Games and the infrastructure powering Alibaba, we provide high-performance cloud technology to help your business perform at its best.

Related Resources


The Eight Stages of Cloud-Based Data Security

This whitepaper explains how Alibaba Cloud can help you build a robust data security framework to safeguard your data assets.


2020 Alibaba Cloud Security Whitepaper - The China Gateway Version

The whitepaper introduces the public cloud security system of Alibaba Cloud, specifically for security capabilities and offerings in Mainland China.


Alibaba Cloud Security Whitepaper - International Edition V2.0 (2020)

This whitepaper introduces the security of the Alibaba Cloud public cloud platform.


Manage and Protect Your Critical Data in the Cloud

This describes the benefits of using Alibaba Cloud's Sensitive Data Discovery and Protection (SDDP) system to manage and protect critical data.


Discover and Protect Your Sensitive Data on the Cloud

Learn how the SDDP can help you discover and protect your sensitive data on the Cloud.


Best Practices for the Safety Operation of the Host on the Cloud

Understand the conceptions of the security of the cloud host, the related products, the best practice as well as the Alibaba's technologies.

View All

Start with Alibaba Cloud Solutions

Learn and experience the power of Alibaba Cloud with a free trial.

Contact Sales