Enterprise IT Governance

Alibaba Cloud‘s Enterprise IT Governance solution helps you govern your cloud IT resources based on a unified framework that covers five key areas: users, permissions, resources, finance, and compliance. This gives you full control over your cloud resources and services and access permissions, and helps you meet compliance requirements.

Overview

This solution enables your enterprise to securely control access to your cloud services and resources, set up a clear account hierarchy (single and multiple accounts) that mirrors your organizational structure to manage your cloud resources more efficiently while tracking your spending, and keep track of your account and configuration changes to help you meet auditing and compliance requirements.

Solution Highlights

A Unified Framework

This solution provides flexible and fine-grained permissions and policies, resource management services, and over 100 predefined compliance rules available out-of-the-box.

Up to Date with Compliance Requirements

Alibaba Cloud is up to date with the requirements of China Classified Protection of Cybersecurity 2.0 and has a professional team dedicated to defining standards for building compliant systems on the cloud.

Easy Resource Management

This solution offers you an easy way to boost your resource management efficiency by enabling you to set up a clear single or multi account organizational structure based on your business needs as well as track spending by each account or project.

IT Governance Challenges

Major Challenges

Identity Management & Access Control

Enterprises require comprehensive and advanced account and resource security capabilities. This includes managing accounts, such as creating, authenticating, and grouping, defining fine-grained role-based policies for individual resource access, and ensuring that resources are isolated and only authorized access is allowed.

Multi-Account Management

When a single account cannot meet enterprises' requirements, enterprises need to create multiple accounts in a hierarchy that mirrors their organizational structure. In addition, they have to make sure that different accounts can be managed by different teams while the access for shared resources across these accounts remain intact.

Meet Auditing Compliance Requirements

Enterprises need to demonstrate compliance with the help of a well-defined auditing framework that can monitor and track all operations from all accounts and users. In addition, they must also retain historical configuration changes for compliance auditing.

Our Solutions

Resource Access Management

Resource Access Management (RAM) is an identity and access control service which enables you to centrally manage your user accounts and securely control access to your resources. You can create RAM users and RAM user groups to grant or deny access to your resources based on these entities. RAM provides you unified access control, conditional access control, easy-to-use identity federation and single sign-on, fine-grained access control, predefined authorization policies, and multiple access methods.


Resource Management

Resource Management provides a number of key features to help you manage your IT assets and resources, including resource groups and resource directory. Resource directory allows you to set up a multi-account structure to pair different accounts with different resources while resource groups lets you define how lower-level resources within a single account are organized. So you can define a hierarchy that reflects your resource management model, including object types such as directories, folders, accounts, and resource groups to organize and manage your resources more efficiently while keeping track of your spending and costs by project or account.

ActionTrail & Cloud Config

ActionTrail helps you keep track of all operations made by Alibaba Cloud accounts, whether made through the consoles, APIs, SDKs, or CLIs. You can download these tracked events or save them in cloud storage. The tracked events are important data for you to conduct behavior analysis, security analysis, resource change tracking, and auditing and compliance evaluation. Cloud Config is a configuration audit service that provides configuration history of cloud resources and audits the compliance of resource configurations. This product helps you set up self-monitoring infrastructure with continuous compliance assurance.

Learn More about Enterprise IT Governance on Alibaba Cloud

Contact Sales

How It Works

Your Challenge

This scenario is for customers who need to manage permissions and cloud resources by business attribute. Specifically, these customers need to arrange resources by groups such as project, company code, department, and product line, and then set access permissions for these groups. This way, they can ensure isolation between different types of resources and grant access when needed.

Our Solution

  • You can use user groups to manage role-based access control more easily. You can sort users into user groups, depending on the role each user takes and the tasks they need to perform. For example, you can create user groups for administrators, developers, and financial specialists. You can grant the user groups specific permissions to access resources. When you add a user to a user group, the user will automatically have the permissions of the user group.

  • You can also use resource groups to cluster resources that serve the same function together. When you grant permissions, you can allow a certain user group to access the resources in a certain resource group.

  • Problem-Oriented Products

    Resource Access Management

  • Resource Management

Your Challenge

This scenario is for customers who require a more advanced account management architecture that involves multiple Alibaba Cloud accounts affiliated with an enterprise master account.

Our Solution

  • You can create an Alibaba Cloud enterprise master account and a hierarchy of organizational units. You can create up to five levels of organizational units in the hierarchy to reflect your organizational structure. Then you can add your member accounts into each organizational unit. In this way, you can manage your account permissions, calculate and analyze costs, better meet compliance requirements, and more.

  • Problem-Oriented Products

    Resource Management

Your Challenge

This scenario is for customers who need to audit all operations occurring on the cloud and to meet relevant compliance requirements. These customers usually need to track and evaluate configuration changes according to security, compliance, and corporate policies. They also need to receive alerts if there are abnormal configurations. And for enterprises that have business operations in China, China Classified Protection of Cybersecurity 2.0 compliance auditing requirements must be met.

Our Solution

  • Alibaba Cloud provides a host of audit functionalities to support the auditing of operations and configurations on the cloud. For example, you can use ActionTrail to track, consolidate, and analyze all operations made by cloud users to meet your audit requirements. Additionally, you can use Cloud Config to define your own compliance rules to monitor and control configuration changes. When non-compliant configurations are applied, the designated responsible person will be notified and be able to take immediate action. These functionalities are the pillars of your efforts to ensure the compliance of both operations and configurations, including China Classified Protection of Cybersecurity 2.0 requirements for your China business operations.

  • Problem-Oriented Products

    ActionTrail

  • Cloud Config

Related Resources

Best Practice

Enabling Operation and Configuration Auditing on Alibaba Cloud

With a combination of multiple Alibaba Cloud services, you can achieve proactive governance based on effective auditing and automatic monitoring and alerting on all your cloud resources.

Blog

Setting up the Stage for Enterprise-Grade Deployment on Alibaba Cloud

This article shows you how you can set up an enterprise grade deployment for managing thousands of users while maintaining a centralized governance on the cloud.

Document Center

Resource Access Management

Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage user identities and resource access permissions.

Document Center

ActionTrail

ActionTrail is an Alibaba Cloud service that records the operations on your Alibaba Cloud resources.

Document Center

Cloud Config

A configuration audit service that tracks and audits configurations of your Alibaba Cloud resources, helping you achieve the compliance of resource configurations.

Document Center

Resource Management

Resource Management provides a number of key features to help you manage your IT assets and resources, including resource groups and resource directory.

View All

A Free Trial That Lets You Build Big!

Start building with 40+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free