E-MapReduce (EMR) on Elastic Compute Service (ECS) provides the data encryption feature to reduce potential security risks for data in the cloud. EMR on ECS also provides the data backup and restoration feature to prevent data loss.
Data encryption in OSS
Object Storage Service (OSS) is an efficient, secure, cost-effective, and highly reliable cloud storage service of Alibaba Cloud. OSS allows you to use AccessKey pairs and RAM roles to implement fine-grained access control on buckets, objects, and RAM policies. You can use different data encryption tools, such as customer master keys (CMKs) managed by Key Management Service (KMS) and OSS-managed keys, to protect data security on the client and server. For more information, see the topics in the Data security directory.
OSS-HDFS (JindoFS) is a cloud-native data lake storage service that is built on top of OSS. OSS-HDFS provides centralized metadata management capabilities and is fully compatible with Hadoop Distributed File System (HDFS) APIs. OSS-HDFS stores data in OSS and inherits the data protection feature of OSS.
JindoSDK is automatically deployed in EMR clusters. You can use JindoSDK to connect OSS-HDFS to specific services that are deployed in your cluster. For more information, see Connect OSS to data lake ecosystems. You need to only obtain permissions to access OSS-HDFS. For more information, see Connect EMR clusters to OSS-HDFS.
OSS-HDFS provides comprehensive data security features, such as identity authentication, access control, data encryption, and log auditing. The security and privacy of customer data can be guaranteed based on proper configurations and the security features. For more information about OSS-HDFS, see the topics in the OSS-HDFS directory.
Cloud disk encryption
The cloud disk encryption feature uses encryption algorithms to protect data stored on cloud disks from unauthorized access and data leaks. Data is encrypted when it is written to a cloud disk. This prevents unauthorized users from accessing the cloud disk and decrypting the data even if the data is leaked. When data is read by authorized users, the system automatically decrypts disk data. This ensures the confidentiality and integrity of disk data.
After a cloud disk is encrypted, both data in transit and data at rest on the disk are encrypted. You can use this feature if your business has security compliance requirements. This feature helps you protect the privacy, autonomy, and security of data without the need to build or maintain a key management infrastructure.
For more information, see Enable data disk encryption and Enable system disk encryption.