Security on Alibaba Cloud
The security services on Alibaba Cloud reduce the heavy lifting required to tackle key security challenges in the cloud, and each of these challenges can be solved with the use of one or multiple Alibaba Cloud security services.
For improved application security, use DDoS mitigation, web application protection, the centralized security operations interface, and the application data protection services.
Web Application Protection
Centralized Security Operation
Application Data Protection
Data security is enhanced by data encryption with proper key management, data integrity, and data recovery services.
Platform security is made possible by reliable physical security in cloud datacenters, hardware security in server infrastructures, and virtualization security.
A U T H E N T I C A T I O N
A U T H O R I Z A T I O N
A C C E S S C O N T R O L
L O G G I N G & A U D I T I N G
How It Works
Application Security is the first line of defense to protect a customer’s application on the web. This all important line provides DDoS mitigation, web endpoint protection, centralized security operations, and application data protection, including data discovery, data masking and DLP, to prevent attacks and intrusions against internet-facing cloud applications and ensure the safety of sensitive application data. Alibaba Cloud specifically provides four related security products:
Anti-DDoS Premium Service
Helps customers mitigate high-volume DDoS attacks from the internet.
Web Application Firewall (WAF)
Filter out massive numbers of malicious intrusions to ensure application endpoint security.
Provides a comprehensive health check service that works to protect your cloud services from a variety of attacks.
Alibaba Cloud is committed to protecting the data security and privacy for every customer. Alibaba Cloud helps customers manage and control data security throughout the data lifecycle with comprehensive services and capabilities to manage data encryption, data recovery, and key management.
Key Management Service (KMS)
KMS is a fully managed service that help customers create, delete, and manage encryption keys to protect data in the cloud.
Build-in Data Encryption in Multiple Products
All data at rest, such as data stored in Elastic Compute Service (ECS) Cloud Disk, Object Storage Service (OSS), Relational Database Service (RDS), and MaxCompute can be encrypted with AES256 server-side encryption or with KMS with the option to Bring Your Own Key (BYOK).
Platform security is vital as the platform both directly involves physical and hardware security as well as the virtualization environment.
All Alibaba Cloud data center facilities are configured with strict access control, with visitor areas marked out separately to ensure physical security. Alibaba Cloud data centers and server rooms are also equipped with advanced surveillance systems covering all the areas and passages, and staffed with security guards for 24*7 patrol.
Alibaba Cloud offers firmware baseline scanning, high-performance GPU instance protection, secure BIOS update, BMC firmware protection, and a chip-level trusted execution environment to protect customers’ sensitive data and encryption/decryption keys.
Virtualization technology can help customers ensure isolation between multiple tenants in a cloud computing environment. Namely, we offer virtualization isolation in computing, network, storage resources.
Alibaba Cloud account authentication and authorization support two-level account credentials, namely Alibaba Cloud account and individual Resource Access Management (RAM) user account, for easy separation of duties, multi-factor authentication (MFA), fine-grained authorization control, and temporary authorization tokens.
Our access control capabilities with RAM access management are built in as standard capabilities to most cloud services.
ActionTrail help customers easily log and audit all user access to their cloud services and resources, quickly diagnose threats.
Operational records from ActionTrail can help meet customers’ compliance audit requirements.
Maintenance operations on production system can only be performed with bastion hosts. The entire operation process is recorded in logs in real time.
Alibaba Cloud adheres to domestic and international information security standards, as well as industry requirements. We also engage with independent third parties to verify the compliance of Alibaba Cloud according to various requirements. Certified by more than 10 agencies across the globe, Alibaba Cloud is a cloud service provider with the most complete range of certifications in Asia.
Learn More >
Alibaba Cloud and its customers are jointly responsible for the security of customers' applications built on Alibaba Cloud. With security responsibilities shared between Alibaba Cloud and its customers, Alibaba Cloud provides a secure infrastructure to decrease the security burden of customers of customers. As such, customers can configure and use cloud products in a secure manner, thus relieving much of the underlying security burdens while allowing customers to focus more on their core business needs.
Read More >
Alibaba Cloud Security Ecosystem
In the spirit of cooperation and providing customers with more choices, Alibaba Cloud collaborates with security partners to establish Alibaba Cloud Security Industry Ecosystem and provide customers with industry-leading security solutions that are consistent with their existing deployed security control measures.
Alibaba Cloud has partnered with Fortinet to offer advanced multi-layer protection to secure your infrastructure, data, and applications on the cloud. Fortinet security solutions enable you to reduce risks even in dynamic networks.
Customer Success Stories
As the Official Cloud Services Partner to the Olympic Games and the infrastructure powering Alibaba, we provide high-performance cloud technology to help your business perform at its best.
By implementing Alibaba Cloud’s CDN and WAF services and working with Alibaba Cloud’s security professionals, AirAsia identified 90 percent of the traffic as Bots. Now, Alibaba Cloud provides Air Asia with weekly security reports and regular updates.
Founded in 1993 and headquartered in Malaysia, AirAsia is the largest airline in Malaysia and prides its self for its low-cost, high availability and superior customer service. Internationally, AirAsia is ranked as one of the world’s best low-cost airline. AirAsia operates scheduled domestic and international flights to more than 165 destinations spanning 25 countries.
Alibaba Cloud provides a comprehensive set of product portfolios ranging from IaaS, Big Data, AI, and Security to meet various use cases and needs of Tokopedia.
Tokopedia is an Indonesian technology company with a mission to democratize commerce through technology. It is the leading marketplace platform in Indonesia, empowering millions of merchants and consumers to participate in the future of commerce. Tokopedia’s vision is to build an ecosystem where everyone can start and discover anything with ease.
Smart and Sound with Alibaba Cloud
An Alibaba Cloud Security Report | February 2019
Combatting Bots and Fraud
Protecting Your Data on the Cloud
Cybersecurity: Safeguard Your Business Data