When data is stored at rest on the cloud, data static storage encryption needs to be performed. Enterprises often store data in locations such as ECS cloud disks, OSS, RDS, and cloud databases. These cloud services need to have storage encryption capabilities to ensure the data security.
Best Practices
Alibaba Cloud provides disk storage encryption services and uses Key Management Service (KMS) for key management. Alibaba Cloud's storage encryption feature provides 256-bit encryption strength (AES256) to meet the requirements for encrypting sensitive data.
You can check the list of cloud services that support server-integrated static data encryption protection and the specific operation methods for executing server encryption in different cloud services.
Use the free default key provided by Alibaba Cloud for cloud product server encryption. What is a default key?
Use a custom Bring Your Own Key (BYOK) to provide data encryption for cloud product servers. Refer to Import key material into a symmetric key.