Alibaba Cloud Object Storage Service (OSS) has multiple compliance certifications and provides a variety of security features, including server-side encryption, client-side encryption, hotlink protection based on Referer whitelists, fine-grained access control, log audit, and retention policies based on Write Once Read Many (WORM). OSS provides complete security protection for your data stored in Alibaba Cloud to meet your security and compliance requirements for your enterprise data.

Feature Description
Compliance certifications OSS helps you meet different compliance requirements based on the compliance with assurance programs such as Cohasset Associates compliance assessment, Financial Industry Regulatory Authority (FINRA) Rule 4511, Commodity Futures Trading Commission (CFTC) Regulation 1.31, ISO, BS10012, and the Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR).
Access control OSS provides access control lists (ACLs), Resource Access Management (RAM) and bucket policies, and hotlink protection based on Referer whitelists to control and manage access to your OSS resources.
Data encryption OSS provides server-side encryption, client-side encryption, and SSL or TLS encrypted transmission over HTTPS to protect data from potential security risks in the cloud.
Monitoring and audit OSS allows you to store and query access logs to meet your requirements for monitoring and auditing enterprise data.
Disaster recovery OSS has disaster recovery capabilities that support zone-redundant storage (ZRS) and cross-region replication (CRR) for data centers in a region or across regions.
Data retention compliance OSS supports WORM storage that prevents users from accidentally deleting or tampering with your data. OSS conforms to the requirements under the regulations of the U.S. Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority, Inc. (FINRA).
Other features OSS provides the versioning feature to prevent data from being accidentally deleted or overwritten. If one of your buckets is attacked or used to distribute illegal content, OSS automatically moves the bucket to the sandbox to prevent your other buckets from being affected.