Interested to learn more about Alibaba Cloud? Check out our course on Securing Your Data on Alibaba Cloud and get certified today!
Hello everyone! Welcome back to Alibaba Cloud Academy blog series. In this article, we’ll be talking more about data security and discussing the strategies to secure your data on Alibaba Cloud. Now, let’s talk about the beginning of data security.
What Is Data Security?
What is data security? In the past decade, there have been many large-scale network security incidents, such as the WannaCry incident in 2017. When it came out, one of the terrible things it did was encrypt the victim’s computer data, including personal data and sensitive business data. After that, the criminals conducted “bitcoin hijack.” In this kind of attack, you have to pay the criminals in bitcoin to get your important personal data back. Now, this may come as a surprise to many, but government organizations and national security agencies are not immune to data leaks and unauthorized access.
We can categorize these attacks into different types of data security issues based on the impact it has on the user. Typically, we call the first type of attack “illegal access of data.” It means the data is not accessible by anyone except the hackers. Sometimes the hackers encrypt your data and make it inaccessible, such as WannaCry. The second type of attack is “data tampering or data loss.” Data tampering means a third party has made unauthorized changes to your data, and you may not be able to find the original data anymore. With data loss, if the database is hacked, the hackers can retrieve all your valuable user information, such as your password, but they can also delete your database to kick you out of the business.
The CIA Model and the AAA Framework
To give you a better understanding of data security, I would like to divide the big topic into different directions and introduce you to some common solutions. We have a data security model called CIA; confidentiality, integrity, and availability.
- Confidentiality — When talking about data security, we don’t want someone to illegally access your data.
- Integrity — Just like data tampering, we want to make sure the data is still original after the transmission. There are several methods to ensure data integrity, and these checks make sure that the data you sent are not tampered with.
- Data availability is about the opportunity to always be able to access data, just like the high availability (HA) architecture. It is a concept commonly used in the storage industry. When we are using the HA structure, we can make sure that when one node is down, the other node could take over the work immediately and make the business keep running.
Next, let’s talk about data protection and security. Physical security is the most fundamental one to keep your servers isolated, fully managed, and secured in security zones. Also, when we talk about security protection, we are talking about auditing and three A’s, authentication, authorization, and auditing. In Alibaba Cloud, we use the resource access management to protect your user and role and to defend the different policies to give them enough privilege to get things done.
Regarding confidentiality, we have methodologies like encryption and certification. For integrity, we need to use some algorithms to verify our data integrity. For availability, we can set up master-slave instances and keep the back-up data to the remote instances. For the data protection security, we need to make sure we have timely backup recovery. Also, we have something really interesting called data access authorization and approval. For the different management tasks, you need to assign different roles and make sure the policy assigned to the role is enough to do the job. You cannot give them too many privileges beyond the task they need to finish.
For data backup and disaster tolerance, we have the ECS snapshot, ApsaraDB master-slave instances, and disaster recovery instances to handle the backup and recovery scenario. We can also import and export your logical data to make sure the backup is functioning regularly. For OSS and all the Apsara cloud backend storage, we have multiple methodologies that give you the capability to remotely back up your data in different storage locations.
Talking about data encryption, we can encrypt data in ApsaraDB and the Object Storage Service (OSS). Additionally, we have a very personal and standard service called the key management service. It helps manage the public and private keys through its internal and uses embedded features to support other product encryption features.
Last but not least, when talking about the data transmission security, we have another stand-alone service called Alibaba Cloud Certificates service. You can buy an SSL certificate to secure your website and make it HTTPS compliant.
How to Get Started with Alibaba Cloud Security Services?
Alibaba Cloud offers services and products for every scenario possible. I hope this article helps you understand how important data security is to us and how important it is to look into it and make sure the data is kept securely on the cloud and your computer. If you’re interested to learn more, I’d strongly suggest checking out our family of products at Alibaba Cloud Security Services or take one of our Clouder courses in security.
Ready to test your knowledge? Take the Secure Your Data on Alibaba Cloud course and get certified today!