Data security is a critical part of any cloud infrastructure. Alibaba Cloud is committed to safeguarding your most valuable assets throughout the data security lifecycle. To help you easily build a robust data security framework we offer a broad spectrum of security products to fit into your security scenarios, such as data classification, data masking, data loss prevention, encryption, key management, access control, and data erasure. With these offerings, you can effectively ensure the confidentiality, integrity, and availability of your data.
Complete Data Lifecycle Protection
This solution provides comprehensive data security protection for the entire data security lifecycle that includes data gathering, data transmission, data processing, data exchange, data storage, and data destruction.
Central Management and Monitoring
Sensitive Data Discovery and Protection (SDDP) allows you to centrally manage and monitor the scattered data on the cloud, going beyond traditional different data silos.
High Accuracy and Efficiency
Alibaba Cloud SDDP, DataWorks, and Maxcompute can efficiently provide data discovery, data classify, or data labels based on a user’s application scenarios, compliance, and security requirements.
Data Loss Prevention
SDDP can help you prevent data loss with effective control over the permissions on storage and transmission products on the cloud. SDDP can generate alerts for data permission configuration and usage exceptions that do not comply with security best practices in the cloud environment.
How It Works
Alibaba Cloud has developed a comprehensive and systematic data security system by taking data management and technical measures based on the complete data security lifecycle. Data security is managed and controlled throughout the data lifecycle that covers gathering, transmission, processing, exchange, storage, and destruction. Each stage of the data security lifecycle has its associated security management requirements and technologies. Additionally, Alibaba Cloud can record the operations that users and cloud providers perform when using Alibaba Cloud resources. Prior to developing and onboarding a robust data security framework, you must complete a data asset review.
Data Asset Review
The focus of data security management may vary for different enterprises. To maximize the value of data security management efforts, you have to shift your focus to the most critical and core data assets of your enterprise in the beginning. Then, this starting point can evolve into a full-fledged data security framework. Before developing and onboarding a robust data security framework, you must plan the following key aspects: performing asset checks, defining classification standards, assessing risks, planning budgets, and acknowledging shared responsibilities.
Data Gathering Security
Data gathering security requires data identification and classification to be completed promptly once data is collected. Proper data discovery can ensure the accuracy and efficiency of security protection. During this stage, sensitive information in the data, such as Personal Identifiable Information (PII), needs to be discovered and classified based on a user’s application scenarios, compliance, and security requirements. Alibaba Cloud offers SDDP, DataWorks, and MaxCompute to discover, classify, or label your sensitive data. SDDP can automatically scan and discover different levels of sensitive data and allows users to customize sensitive data discovery policies according to their needs.
Data Transmission Security
Alibaba Cloud is committed to safeguarding your data security during the data transmission stage by encryption in transit. We also adopt SSL/TLS protocols to ensure data transmission security while users read and upload data. Alibaba Cloud provides mechanisms to ensure data transmission security: HTTPS transmission encryption, encrypted channels for network gateway, cross-region connectivity products, Cloud Firewall, and SSL Certificates Service for websites.
Data Processing Security
Data processing security is mainly implemented through the effective isolation and protection of data in use. The isolation can be implemented by using the encrypted computing environment of Intel® Software Guard Extensions (Intel® SGX) during runtime on the user side. Isolation methods, such as permission control, specific to each product can also be used. Moreover, data masking of classified sensitive data can be used to ensure the unauthorized users can not view sensitive information. In real-world scenarios, multiple features and products are often used together to meet data isolation and protection requirements.
Data Exchange Security
The value of data can be achieved through data exchange and sharing. The security requirements for data exchange can be partially implemented through the access control of cloud products and data masking of sensitive data protection products. Data exchange security also depends on data loss prevention capability. User DLP involves the complete control over permissions on data and the monitoring and detection of data in use. Alibaba Cloud SDDP provides a comprehensive DLP solution for the aforementioned control, including query, alert, monitor and analysis. The DLP function of each product (e.g. DataWorks) can also be used to prevent the leakage of sensitive data.
Data Storage Security
Data storage security is ensured by various options of encryption at rest. Alibaba Cloud allows users to encrypt data at rest in Alibaba Cloud services with integrated the Alibaba Cloud Key Management Service (KMS). Users can directly manage the lifecycle with Bring Your Own Key (BYOK). Alibaba Cloud supports the Advanced Encryption Standard with 256-bit key length (AES-256) for encrypting sensitive data at rest. Data encryption, such as EBS, OSS, RDS, Table Store, NAS, and MaxCompute, are enabled in different Alibaba Cloud services.
Data Destruction Security
Alibaba Cloud has established a security management system for the full lifecycle of devices, including reception, storage, placement, maintenance, transfer, and reuse or decommissioning. When a device is decommissioned, Alibaba Cloud takes data erasure measures for its storage media. However, before erasing relevant data, it is necessary to check whether the genuine licensed software has been overwritten, degaussed, or physically bent to ensure the relevant data cannot be restored. After that, Alibaba Cloud can physically destroy relevant data and ensure that it cannot be reconstructed for business or legal reasons or for obtaining proof of destruction from any third party data processors.
Last but not the least, Alibaba Cloud can record the operations that users and cloud providers perform when using Alibaba Cloud resources by adopting ActionTrail, Security Center, and Cloud Config. This transparent operation platform helps users perform security analysis, resource change tracking, and compliance audits. It also gives users the confidence that their data and resources are properly protected and managed within the cloud platform.
SOC2 Type II Report
Customer Success Stories
As the Official Cloud Services Partner to the Olympic Games and the infrastructure powering Alibaba, we provide high-performance cloud technology to help your business perform at its best.
By implementing Alibaba Cloud’s CDN and WAF services and working with Alibaba Cloud’s security professionals, AirAsia identified 90 percent of the traffic as Bots. Now, Alibaba Cloud provides Air Asia with weekly security reports and regular updates.
Founded in 1993 and headquartered in Malaysia, AirAsia is the largest airline in Malaysia and prides its self for its low-cost, high availability and superior customer service. Internationally, AirAsia is ranked as one of the world’s best low-cost airline. AirAsia operates scheduled domestic and international flights to more than 165 destinations spanning 25 countries.
Alibaba Cloud provides a comprehensive set of product portfolios ranging from IaaS, Big Data, AI, and Security to meet various use cases and needs of Tokopedia.
Tokopedia is an Indonesian technology company with a mission to democratize commerce through technology. It is the leading marketplace platform in Indonesia, empowering millions of merchants and consumers to participate in the future of commerce. Tokopedia’s vision is to build an ecosystem where everyone can start and discover anything with ease.
The Eight Stages of Cloud-Based Data Security
This whitepaper explains how Alibaba Cloud can help you build a robust data security framework to safeguard your data assets.
2020 Alibaba Cloud Security Whitepaper - The China Gateway Version
The whitepaper introduces the public cloud security system of Alibaba Cloud, specifically for security capabilities and offerings in Mainland China.
Alibaba Cloud Security Whitepaper - International Edition V2.0 (2020)
This whitepaper introduces the security of the Alibaba Cloud public cloud platform.
Manage and Protect Your Critical Data in the Cloud
This describes the benefits of using Alibaba Cloud's Sensitive Data Discovery and Protection (SDDP) system to manage and protect critical data.
Discover and Protect Your Sensitive Data on the Cloud
Learn how the SDDP can help you discover and protect your sensitive data on the Cloud.
Best Practices for the Safety Operation of the Host on the Cloud
Understand the conceptions of the security of the cloud host, the related products, the best practice as well as the Alibaba's technologies.