CloudBox provides the same security and legal disclaimer as Alibaba Cloud and provides comprehensive protection in terms of infrastructure, data, communication, and compliance.
Security guarantees
CloudBox provides the following security guarantees:
Security guarantees | Description |
Access control | Follows the principle of least privilege and strictly controls user accounts. |
Data security | The device is deployed in a user-controlled data center. |
Security audit | Provides the ActionTrail function and displays the internal operations of CloudBox in the console. |
Network monitoring | If CloudBox is interconnected with Alibaba Cloud public cloud or a user, CloudBox must pass through the switch of the user. Users can configure security measures, such as whitelists, ACLs, and firewalls on the switch. |
Rack encryption | The rack of CloudBox is locked and exclusively managed in the data center and is not accessible to public users. The dynamic monitoring of the rack ensures that the user is notified at the earliest opportunity when the rack door is opened. |
Security protection | The security capabilities of Alibaba Cloud can be used to protect CloudBox. Alibaba Cloud Security Center protects basic instance information from various security risks, such as desktop vulnerabilities, viruses, attacks, and host assets. It also provides threat analysis and verification capabilities. |
Security certification and legal disclaimer
The following section describes the inclusions of Alibaba Cloud security certification and legal disclaimer:
CloudBox is an extension of Alibaba Cloud public cloud. Security O&M and data privacy comply with the standards and procedures of Alibaba Cloud public cloud to secure users' business data.
CloudBox meets the S3A3 standards of the Multi-level Protection Scheme (MLPS) 2.0.
The following certifications of data privacy protection compliance are obtained: ISO 27018, ISO 27710, ISO 29151, BS10012, HIPAA, PDPA, DPTM, and PDPO.
Alibaba Cloud complies with General Data Protection Regulation (GDPR) enacted by the EU.
ISO standards: The most recent ISO certificate issued by British Standards Institution (BSI) for CloudBox. The certificate covers items including information security and privacy, quality and service, business continuity, and cloud security.
Shared responsibility
CloudBox follows the shared responsibility model of Alibaba Cloud public cloud. Alibaba Cloud is responsible for the security of the CloudBox infrastructure, and users are responsible for the security of programs that run in CloudBox. CloudBox is deployed in the user's data center. Therefore, the user must also ensure the security of the physical environment and related infrastructure in which the CloudBox instance is located, and the availability of network connection between CloudBox and Alibaba Cloud public cloud.
The following section describes the individual and shared responsibilities of Alibaba Cloud and the user:
Alibaba Cloud
Infrastructure security of CloudBox
Data security in CloudBox
Security and stability of the cloud platform
User
Environment security of on-premises data center
Physical security of CloudBox
Physical access permissions of CloudBox
Security of programs that run in CloudBox
Network availability of CloudBox
Shared responsibility
The user must provide Alibaba Cloud site survey conditions.
The user O&M team works together with Alibaba Cloud for onsite installation and acceptance.
The user works together with Alibaba Cloud for onsite hardware replacement in the data center of the user.
The user O&M team works together with Alibaba Cloud to verify the network connectivity of the Express Connect circuit from Alibaba Cloud.