Alibaba Cloud Object Storage Service (OSS) maintains multiple compliance certifications and offers various security features, including server-side encryption, client-side encryption, hotlink protection based on Referer whitelists, fine-grained access control, log audit, and retention policies based on Write Once Read Many (WORM). OSS provides comprehensive security protection for your data stored in Alibaba Cloud to meet your enterprise's security and compliance requirements.
Item | Description |
OSS provides access control lists (ACLs), authorization policies, and hotlink protection based on Referer whitelists to control and manage access to your OSS resources. | |
To manage your OSS resources more efficiently, you can use resource groups to organize your resources. Resource groups allow you to sort resources into groups by department, project, and environment, and use Resource Access Management (RAM) to isolate resources and manage resource permissions in a fine-grained manner within a single Alibaba Cloud account. | |
OSS provides server-side encryption, client-side encryption, and SSL/TLS encrypted transmission over HTTPS to protect data from potential security risks in the cloud. | |
OSS allows you to store and query access logs to meet your requirements for monitoring and auditing enterprise data. | |
OSS provides multi-level data protection capabilities for various scenarios to ensure data durability and reliability. Through multi-level erasure coding redundancy technology and cross-region replication, OSS implements disaster recovery capabilities at the device, data center, and region levels. Through versioning and scheduled backup features, OSS can effectively address data loss risks caused by accidental deletion or software bugs. OSS detects data transmission and storage errors in real-time through verification and automatically repairs them. The redundant design of multiple storage nodes ensures seamless recovery from hardware failures, reducing the risk of data corruption. | |
OSS supports WORM storage that prevents users from accidentally deleting or tampering with your data. OSS conforms to the requirements under the regulations of the U.S. Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority, Inc. (FINRA). | |
OSS helps you meet different compliance requirements based on the compliance with assurance programs such as Cohasset Associates compliance assessment, Financial Industry Regulatory Authority (FINRA) Rule 4511, Commodity Futures Trading Commission (CFTC) Regulation 1.31, ISO, BS10012, and the Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR). | |
To help developers better implement user personal information protection requirements and avoid infringing on end users' personal information rights when using third-party SDKs, OSS has developed compliance guidelines. These guidelines allow developers to self-check and properly configure when integrating Object Storage Service SDK services to meet regulatory compliance requirements. | |
If one of your buckets is attacked or used to distribute illegal content, OSS automatically moves the bucket to the sandbox to prevent your other buckets from being affected. |