Securing Ends with Data Encryption for the Cloud

Data Encryption Service

Alibaba Cloud Data Encryption Service provides hardware security modules (HSM) over cloud-hosted hardware. Hardware security modules are hardware devices that process encrypted data (cryptographic operations) using encryption keys. Some of the primary benefits of Alibaba Cloud Data Encryption Service are listed below:

  • Supports role-based access systems for control using the Identity and Access Management system
  • Supports monitoring to maintain a healthy system
  • Supports requirement-based HSM instance scaling within your cloud deployment infrastructure. You can use the management console to adjust the configuration and specifications of your encryption and decryption keys to maintain requirements.
  • Extends support for multiple key types and secure keys storage
  • Offers a complete solution for managing encryption keys, including creation, destruction, import, and export. The complete control of the key management is assigned to the user for key creation within the HSM. The data encryption service manages the HSM hardware to maintain the performance and availability of your HSM in the cloud infrastructure.
  • Supports symmetric and asymmetric key types to facilitate data encryption and decryption
  • Supports asymmetric key verification and signing
  • Supports HMACs — Hash-based message authentication codes
  • Alibaba Cloud DES protects your private keys from the certification authority (CA) to provide the digital certificates to verify your identity. Alibaba Cloud Data Encryption Service and HSM can work with cryptographic signing operations.

Usage Scenarios

Sensitive Data Protection

The Data Encryption Service is a hosted service that works with any other Alibaba Cloud solution. Some of the Data Encryption Service usage scenarios are listed below:

  • Alibaba Cloud created the sensitive data discovery and protection product suite with the same idea of securing sensitive data. We will discuss it in more detail in the next article. Alibaba Cloud Data Encryption Service provides exception protection by encrypting your sensitive data related to high-yielding services from multiple domains, including financial services, e-commerce, public domain services, and more. Let’s take a look at an architectural model depicting the sensitive data encryption scenario on the chart below:

Financial Services

Financial services are prone to cyberattacks. Financial motives are the primary reason for cyberattacks.

SSL Offloading

Websites working with the secured HTTP/HTTPS protocol use a public-private key pair. Each session uses a public key certificate to establish a secure HTTPS session for each client. Alibaba Cloud Data Encryption Service allows your SSL offloading directly with HSM by generating private keys. Processing from a web service allows SSL offloading without consuming any web server resources, maintaining the availability and efficiency of the web server.

Wrapping Up

The Data Encryption Service is available to all Alibaba Cloud users. You can use HSM to perform multiple operations, such as SSL offloading, TLS web server processing, transparent data encryption, and sensitive and financial data encryption. Cloud data must be secured when in transit and at rest to ensure data integrity. Alibaba Cloud Data Encryption Service lets you secure the most important aspect of your organization — data.

Upcoming Articles

  1. Developing an Enterprise Cloud Strategy — Part 1
  2. Developing an Enterprise Cloud Strategy — Part 2

Original Source:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store