SecOps

Implement fine-grained security control with the Alibaba Cloud Security Operations (SecOps) solution

Overview

Alibaba Cloud supports SecOps with the “minimum authorization” principle during the deployment and operation of your applications. You can store sensitive data such as passwords using the Secret Management service, set permission scopes with the “policy-as-code” approach by using code to define and manage the rules and conditions of your permissions, and achieve fine-grained service access authorization using “zero trust”.

Secret Management

Sensitive data such as passwords are usually stored in secret files. Secret Managers can read the secret files stored on the Key Management Service and copy them to your Kubernetes clusters. You can store, manage, and regularly rotate the secret files with Secret Manager to enhance the security of sensitive data.

Policy Governance

When deploying resources, you can set and enable restrictions with the rule templates from OPA and Gatekeeper to fulfill high security requirements. For example, you can specify namespaces of a cluster for resource deployment, and deployment to other namespaces will then be prohibited.

Open Policy Agent (OPA)

OPA is a unified toolset and framework with policy-based control for cloud-native environments. It embraces the “policy-as-code” approach by decoupling policy from the service code. You can release, analyze, and review policies without sacrificing availability or performance.

Gatekeeper

Gatekeeper is a policy engine for cloud-native environments hosted by Kubernetes. You can use it to manage and implement the policies executed by OPA in your Kubernetes clusters.

Zero Trust

You can control the service access through fine-grained authorization in Service Mesh to further increase your security. For example, you can restrict applications under a namespace that is running the background management, preventing them from accessing applications in other namespaces, or restrict applications under a namespace from accessing databases, or set the compliance with the mTLS rules for inter-application access.

Authorization Policy

You can control the service access through fine-grained authorization in Service Mesh to further increase your security. For example, you can restrict applications under a namespace that is running the background management, preventing them from accessing applications in other namespaces, or restrict applications under a namespace from accessing databases, or set the compliance with the mTLS rules for inter-application access.

Mutual Transport Layer Security (mTLS)

You can configure your global mTLS settings or mTLS settings for a namespace in Service Mesh, and choose strict enforcement of mTLS, or disable mTLS to flexibly configure mutual authentication based on your needs for a "zero trust" policy.

Solution Highlights

  • A Leader in Public Cloud Container Platforms

    Accelerate container-based application development and O&M for the global market based on Alibaba Cloud’s full-stack cloud-native capabilities, with proven experience recognized by The Forrester Wave™

  • Policy-Based Security Control

    Simplify policy-based security control with 30+ prebuilt OPA templates in Container Service for Kubernetes (ACK) tailored to resolve security risks in common cloud-native scenarios

  • Fine-Grained Access Management

    Implement user-based access control based on RAM Roles for Service Accounts (RRSA) resources such as databases, instances, and key files in the Key Management Service (KMS)

  • "Zero Trust" Support

    Implement a “Zero Trust” authorization policy by customizing authorization policies such as mTLS for instances, namespaces, and websites, etc. using the ASM graphical interface or YAML configuration files

Learn more about Alibaba Cloud SecOps

Contact Sales

Featured Products

Alibaba Cloud Container Service for Kubernetes (ACK)

A Kubernetes-based service that ensures high efficiency for enterprises by running containerized applications on the cloud

  • Security and Management
  • Ease of Use
  • High Efficiency and Reliability

Alibaba Cloud Service Mesh

A fully managed platform that manages the traffic of microservice applications in a unified manner

  • Unified Traffic Management
  • End-to-End Observability
  • Refined Traffic Routing

Container Registry

A secure image hosting platform providing containerized image lifecycle management

  • Multi-Region Image Repository
  • Image Security Status Scan
  • Stable Service Build Creation

Application Real-Time Monitoring Service

An end-to-end monitoring service for Application Performance Management (APM)

  • Application Performance and Anomaly Monitoring
  • Frontend Monitoring for User Experience
  • Centralized Alarm and Report Platform

Security Center

A unified security management system that identifies, analyzes, and notifies you of security threats in real time

  • Powerful Technical Architecture
  • 10 Years of Experience With Best Practices for Security
  • Simplified Asset Operation Management

Key Management Service

Secure and compliant key management and cryptography services to help you encrypt and protect sensitive data assets

  • Key Management and Cryptography Services
  • Data Encryption for Integrated Cloud Services
  • Custom Encryption and Digital Signatures

Technology Series


Learn all about the most advanced technologies and practices in the cloud computing industry.

Security and Compliance

We are committed to providing stable, reliable, secure, and compliant cloud computing infrastructure services across major jurisdictions around the world.
Learn More
  • CSA STAR
  • ISO 27001
  • SOC2 Type II Report
  • C5
  • MLPS 2.0
  • MTCS

Related Resources

Blog

Cloud-Native Operation and Maintenance Technology: Enhance Application Security in ASM with the “Zero-Trust Concept” and OPA

This article explains the zero-trust concept and how to use it to enhance application security in Service Mesh.

Whitepaper

Discover the Cloud-Native Technology Powering Alibaba's Double 11 Global Shopping Festival

Discover how Alibaba Cloud cloud-native technologies support the 2020 Double 11 Global Shopping Festival.

Webinar

Using Kubernetes to Modernize Your Applications at Scale

This webinar discusses how Alibaba Cloud helps enterprises ensure high efficiency by running containerized applications on the cloud.

Start with Alibaba Cloud Solutions

Learn and experience the power of Alibaba Cloud.

Contact Sales