All Products
Search
Document Center

Data Management:Data Agent Security Whitepaper

Last Updated:Jun 03, 2026

DMS Data Agent uses a defense-in-depth security architecture to protect data operations and code execution across three dimensions: identity and access control, execution environment isolation, and service management security.

Security architecture

The following diagram shows the Data Agent defense-in-depth model, built on four pillars: identity authentication, access control, environment isolation, and security audit.

DMS Data Agent security architecture

First line of defense: Identity and access control

Identity verification, granular access control, and end-to-end encryption form the first line of defense.

Alibaba Cloud common security capabilities

Data Agent integrates the following Alibaba Cloud security capabilities:

  • Multi-factor authentication: Supports secondary authentication through the Alibaba Cloud app, text messages, and email to reduce single-password leak risks. Credentials are stored encrypted and cannot be used to log on even if read.

  • Resource Access Management (RAM):

    • Granular authorization: Use RAM users for fine-grained, API-level access control.

    • Single sign-on (SSO): Use RAM roles to enable enterprise identity SSO. Users assume predefined roles with fine-grained permissions to access products without sharing root account keys.

  • Encryption in transit: All communication between OpenAPI clients and Data Agent uses HTTPS to prevent eavesdropping and tampering.

  • Operation audit: All operations are recorded through ActionTrail. You can query logs for the past 90 days in the console or through the API for compliance audits, root cause analysis, and security monitoring and alerting.

DMS-specific data protection

DMS adds a dedicated security layer for data management:

  1. Unified permission control (security hosting mode): Employees do not need direct database credentials. DMS authenticates users through Alibaba Cloud accounts or enterprise domain accounts and provides five-level permission control: instance, database, table, row, and column. All permissions support expiration dates and are automatically revoked upon expiry.

  2. Sensitive data protection: A built-in detection engine identifies sensitive fields such as ID numbers and phone numbers. You can mask sensitive data in displays. Column-level and row-level access control prevents unauthorized users from viewing sensitive information.

  3. End-to-end operation audit: DMS records the operator, timestamp, source IP, and exact SQL statement for every operation. Audit logs can be exported to enterprise SIEM systems. You can configure real-time alerts for high-risk operations.

  4. Secure collaboration workflow: All database changes (DDL and DML) go through a ticket-based workflow that includes SQL review, result set approval, and sandbox dry runs to prevent accidental or malicious changes to production.

  5. Multi-environment isolation: DMS logically isolates production, staging, and testing environments. Production environments enforce ticket-based approval and security reviews by default to prevent permission abuse and unauthorized access.


Second line of defense: Strongly isolated execution environment

Data Agent runs all code in a sandbox environment that uses hardware virtualization, VPC networking, and strict security group policies for kernel-level and network-level protection.

  • Kernel-level security: Each sandbox instance runs in a hardware-virtualized VM with its own guest OS kernel. Even if code inside the sandbox triggers a kernel-level vulnerability, the impact is confined to that VM and cannot affect the host or other tenants.

  • Network isolation: Sandbox instances have no public IP addresses and no open ports. Security groups are automatically created with their workspace and allow only inbound traffic from the Agent tool protocol and block all other external traffic. This default baseline cannot be modified.

  • VPC isolation: All data remains within the domain. All tool invocations and data access paths stay within a VPC and are never exposed to the public internet.


Third line of defense: Service management security

The management platform enforces environment isolation and access control to ensure secure operations and full resource lifecycle control.

  • Ephemeral session sandboxes:
    All session sandboxes are single-use. When a session times out or is terminated, the runtime environment, memory, and temporary storage are destroyed and resources are reclaimed. No user data persists.

  • Multi-dimensional isolation:
    The platform isolates operations and resources across multiple dimensions:

    1. Tenant isolation: Each tenant has an independent management space and resource view.

    2. Resource isolation: Agents and their compute sandboxes run in isolated environments to prevent cross-user resource access.

    3. Session isolation: Each sandbox task is isolated, ensuring security when the same tenant runs multiple tasks in parallel.


References