Six Key Elements of an Off-Premises Data Security System

According to Gartner, cloud services are as secure as or even more secure than the data centers of most enterprises. Security must no longer be regarded as a major obstacle to use public cloud services. Compared to the traditional data centers, by 2020 the public cloud will provide security capabilities that help enterprises reduce security events by at least 60%.

At the 2nd Data Security Summit held on June 29, Xiao Li, General Manager of Alibaba Cloud Intelligent Security Business Unit, addressed one of the most critical questions — How can we build an advanced off-premises data security system?

According to Xiao Li, off-premises data security development is a systematic project that constitutes six key elements, including attack scope reduction, correct configuration of product security policies, central authentication and authorization, data encryption, data breach protection, and log audit.

Xiao Li, General Manager, Alibaba Cloud Intelligent Security BU

Attack Scope Reduction

You can reduce the attack scope by monitoring real-time traffic in all directions via an off-premises firewall, and safeguarding and converging the network ingress through an Intrusion Prevention System (IPS).

Correct Product Security Policies Configuration

Products and technical capabilities must ensure that all security policies are effectively implemented. Many security incidents occur when the attackers exploit the accidentally opened ports to steal data. Alibaba Cloud provides tools to help you check security configurations and policies of all products to ensure persistent security compliance and effective implementation of security policies.

Central Authentication and Authorization

Therefore, enterprises encounter a great challenge to centrally implement authentication and authorization. For instance, a common data security event such as failure to promptly delete the system permissions of former employees may result in a data breach.

Alibaba Cloud’s advanced research in permission management ensures one-click permission updates concerning employees who get transfers or who exit from the organization. Such proactive mechanism ensures that there is no data loss due to irregular internal permission management.

Comprehensive Data Encryption and Log Audit

The Alibaba DAMO Academy has left no stone unturned to advance in data encryption technologies. It facilitates encryption of user data across all cloud products, by default and allows users to manage AccessKey pairs. Moving forward, Alibaba Cloud endeavors to maximize the performance and stability of data encryption and minimize costs, to free users from data security apprehensions following cloud migration.

Data Breach Prevention

A Data Security System Supported by Cloud-native Technology

Taobao and Tmall have multiple IDCs in China. According to actual data analysis, service operations are never affected by the power failure of a single IDC. Xiao Li said, “We conduct practice tests to continuously verify the effective implementation of disaster recovery, and provide such high-security capability to help users build more robust security systems in the cloud.”

Original Source

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.